1 //===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file provides Sema routines for C++ access control semantics.
12 //===----------------------------------------------------------------------===//
14 #include "clang/Sema/SemaInternal.h"
15 #include "clang/Sema/DelayedDiagnostic.h"
16 #include "clang/Sema/Initialization.h"
17 #include "clang/Sema/Lookup.h"
18 #include "clang/AST/ASTContext.h"
19 #include "clang/AST/CXXInheritance.h"
20 #include "clang/AST/DeclCXX.h"
21 #include "clang/AST/DeclFriend.h"
22 #include "clang/AST/DependentDiagnostic.h"
23 #include "clang/AST/ExprCXX.h"
25 using namespace clang;
28 /// A copy of Sema's enum without AR_delayed.
35 /// SetMemberAccessSpecifier - Set the access specifier of a member.
36 /// Returns true on error (when the previous member decl access specifier
37 /// is different from the new member decl access specifier).
38 bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl,
39 NamedDecl *PrevMemberDecl,
40 AccessSpecifier LexicalAS) {
41 if (!PrevMemberDecl) {
42 // Use the lexical access specifier.
43 MemberDecl->setAccess(LexicalAS);
47 // C++ [class.access.spec]p3: When a member is redeclared its access
48 // specifier must be same as its initial declaration.
49 if (LexicalAS != AS_none && LexicalAS != PrevMemberDecl->getAccess()) {
50 Diag(MemberDecl->getLocation(),
51 diag::err_class_redeclared_with_different_access)
52 << MemberDecl << LexicalAS;
53 Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration)
54 << PrevMemberDecl << PrevMemberDecl->getAccess();
56 MemberDecl->setAccess(LexicalAS);
60 MemberDecl->setAccess(PrevMemberDecl->getAccess());
64 static CXXRecordDecl *FindDeclaringClass(NamedDecl *D) {
65 DeclContext *DC = D->getDeclContext();
67 // This can only happen at top: enum decls only "publish" their
69 if (isa<EnumDecl>(DC))
70 DC = cast<EnumDecl>(DC)->getDeclContext();
72 CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(DC);
73 while (DeclaringClass->isAnonymousStructOrUnion())
74 DeclaringClass = cast<CXXRecordDecl>(DeclaringClass->getDeclContext());
75 return DeclaringClass;
79 struct EffectiveContext {
80 EffectiveContext() : Inner(0), Dependent(false) {}
82 explicit EffectiveContext(DeclContext *DC)
84 Dependent(DC->isDependentContext()) {
86 // C++ [class.access.nest]p1:
87 // A nested class is a member and as such has the same access
88 // rights as any other member.
89 // C++ [class.access]p2:
90 // A member of a class can also access all the names to which
91 // the class has access. A local class of a member function
92 // may access the same names that the member function itself
94 // This almost implies that the privileges of nesting are transitive.
95 // Technically it says nothing about the local classes of non-member
96 // functions (which can gain privileges through friendship), but we
97 // take that as an oversight.
99 if (isa<CXXRecordDecl>(DC)) {
100 CXXRecordDecl *Record = cast<CXXRecordDecl>(DC)->getCanonicalDecl();
101 Records.push_back(Record);
102 DC = Record->getDeclContext();
103 } else if (isa<FunctionDecl>(DC)) {
104 FunctionDecl *Function = cast<FunctionDecl>(DC)->getCanonicalDecl();
105 Functions.push_back(Function);
106 DC = Function->getDeclContext();
107 } else if (DC->isFileContext()) {
110 DC = DC->getParent();
115 bool isDependent() const { return Dependent; }
117 bool includesClass(const CXXRecordDecl *R) const {
118 R = R->getCanonicalDecl();
119 return std::find(Records.begin(), Records.end(), R)
123 /// Retrieves the innermost "useful" context. Can be null if we're
124 /// doing access-control without privileges.
125 DeclContext *getInnerContext() const {
129 typedef llvm::SmallVectorImpl<CXXRecordDecl*>::const_iterator record_iterator;
132 llvm::SmallVector<FunctionDecl*, 4> Functions;
133 llvm::SmallVector<CXXRecordDecl*, 4> Records;
137 /// Like sema::AccessedEntity, but kindly lets us scribble all over
139 struct AccessTarget : public AccessedEntity {
140 AccessTarget(const AccessedEntity &Entity)
141 : AccessedEntity(Entity) {
145 AccessTarget(ASTContext &Context,
147 CXXRecordDecl *NamingClass,
148 DeclAccessPair FoundDecl,
149 QualType BaseObjectType,
150 bool IsUsingDecl = false)
151 : AccessedEntity(Context, Member, NamingClass, FoundDecl, BaseObjectType),
152 IsUsingDeclaration(IsUsingDecl) {
156 AccessTarget(ASTContext &Context,
158 CXXRecordDecl *BaseClass,
159 CXXRecordDecl *DerivedClass,
160 AccessSpecifier Access)
161 : AccessedEntity(Context, Base, BaseClass, DerivedClass, Access) {
165 bool hasInstanceContext() const {
166 return HasInstanceContext;
169 class SavedInstanceContext {
171 ~SavedInstanceContext() {
172 Target.HasInstanceContext = Has;
176 friend struct AccessTarget;
177 explicit SavedInstanceContext(AccessTarget &Target)
178 : Target(Target), Has(Target.HasInstanceContext) {}
179 AccessTarget &Target;
183 SavedInstanceContext saveInstanceContext() {
184 return SavedInstanceContext(*this);
187 void suppressInstanceContext() {
188 HasInstanceContext = false;
191 const CXXRecordDecl *resolveInstanceContext(Sema &S) const {
192 assert(HasInstanceContext);
193 if (CalculatedInstanceContext)
194 return InstanceContext;
196 CalculatedInstanceContext = true;
197 DeclContext *IC = S.computeDeclContext(getBaseObjectType());
198 InstanceContext = (IC ? cast<CXXRecordDecl>(IC)->getCanonicalDecl() : 0);
199 return InstanceContext;
202 const CXXRecordDecl *getDeclaringClass() const {
203 return DeclaringClass;
208 HasInstanceContext = (isMemberAccess() &&
209 !getBaseObjectType().isNull() &&
210 getTargetDecl()->isCXXInstanceMember());
211 CalculatedInstanceContext = false;
214 if (isMemberAccess())
215 DeclaringClass = FindDeclaringClass(getTargetDecl());
217 DeclaringClass = getBaseClass();
218 DeclaringClass = DeclaringClass->getCanonicalDecl();
221 bool IsUsingDeclaration : 1;
222 bool HasInstanceContext : 1;
223 mutable bool CalculatedInstanceContext : 1;
224 mutable const CXXRecordDecl *InstanceContext;
225 const CXXRecordDecl *DeclaringClass;
230 /// Checks whether one class might instantiate to the other.
231 static bool MightInstantiateTo(const CXXRecordDecl *From,
232 const CXXRecordDecl *To) {
233 // Declaration names are always preserved by instantiation.
234 if (From->getDeclName() != To->getDeclName())
237 const DeclContext *FromDC = From->getDeclContext()->getPrimaryContext();
238 const DeclContext *ToDC = To->getDeclContext()->getPrimaryContext();
239 if (FromDC == ToDC) return true;
240 if (FromDC->isFileContext() || ToDC->isFileContext()) return false;
246 /// Checks whether one class is derived from another, inclusively.
247 /// Properly indicates when it couldn't be determined due to
250 /// This should probably be donated to AST or at least Sema.
251 static AccessResult IsDerivedFromInclusive(const CXXRecordDecl *Derived,
252 const CXXRecordDecl *Target) {
253 assert(Derived->getCanonicalDecl() == Derived);
254 assert(Target->getCanonicalDecl() == Target);
256 if (Derived == Target) return AR_accessible;
258 bool CheckDependent = Derived->isDependentContext();
259 if (CheckDependent && MightInstantiateTo(Derived, Target))
262 AccessResult OnFailure = AR_inaccessible;
263 llvm::SmallVector<const CXXRecordDecl*, 8> Queue; // actually a stack
266 for (CXXRecordDecl::base_class_const_iterator
267 I = Derived->bases_begin(), E = Derived->bases_end(); I != E; ++I) {
269 const CXXRecordDecl *RD;
271 QualType T = I->getType();
272 if (const RecordType *RT = T->getAs<RecordType>()) {
273 RD = cast<CXXRecordDecl>(RT->getDecl());
274 } else if (const InjectedClassNameType *IT
275 = T->getAs<InjectedClassNameType>()) {
278 assert(T->isDependentType() && "non-dependent base wasn't a record?");
279 OnFailure = AR_dependent;
283 RD = RD->getCanonicalDecl();
284 if (RD == Target) return AR_accessible;
285 if (CheckDependent && MightInstantiateTo(RD, Target))
286 OnFailure = AR_dependent;
291 if (Queue.empty()) break;
293 Derived = Queue.back();
301 static bool MightInstantiateTo(Sema &S, DeclContext *Context,
302 DeclContext *Friend) {
303 if (Friend == Context)
306 assert(!Friend->isDependentContext() &&
307 "can't handle friends with dependent contexts here");
309 if (!Context->isDependentContext())
312 if (Friend->isFileContext())
315 // TODO: this is very conservative
319 // Asks whether the type in 'context' can ever instantiate to the type
321 static bool MightInstantiateTo(Sema &S, CanQualType Context, CanQualType Friend) {
322 if (Friend == Context)
325 if (!Friend->isDependentType() && !Context->isDependentType())
328 // TODO: this is very conservative.
332 static bool MightInstantiateTo(Sema &S,
333 FunctionDecl *Context,
334 FunctionDecl *Friend) {
335 if (Context->getDeclName() != Friend->getDeclName())
338 if (!MightInstantiateTo(S,
339 Context->getDeclContext(),
340 Friend->getDeclContext()))
343 CanQual<FunctionProtoType> FriendTy
344 = S.Context.getCanonicalType(Friend->getType())
345 ->getAs<FunctionProtoType>();
346 CanQual<FunctionProtoType> ContextTy
347 = S.Context.getCanonicalType(Context->getType())
348 ->getAs<FunctionProtoType>();
350 // There isn't any way that I know of to add qualifiers
351 // during instantiation.
352 if (FriendTy.getQualifiers() != ContextTy.getQualifiers())
355 if (FriendTy->getNumArgs() != ContextTy->getNumArgs())
358 if (!MightInstantiateTo(S,
359 ContextTy->getResultType(),
360 FriendTy->getResultType()))
363 for (unsigned I = 0, E = FriendTy->getNumArgs(); I != E; ++I)
364 if (!MightInstantiateTo(S,
365 ContextTy->getArgType(I),
366 FriendTy->getArgType(I)))
372 static bool MightInstantiateTo(Sema &S,
373 FunctionTemplateDecl *Context,
374 FunctionTemplateDecl *Friend) {
375 return MightInstantiateTo(S,
376 Context->getTemplatedDecl(),
377 Friend->getTemplatedDecl());
380 static AccessResult MatchesFriend(Sema &S,
381 const EffectiveContext &EC,
382 const CXXRecordDecl *Friend) {
383 if (EC.includesClass(Friend))
384 return AR_accessible;
386 if (EC.isDependent()) {
388 = S.Context.getCanonicalType(S.Context.getTypeDeclType(Friend));
390 for (EffectiveContext::record_iterator
391 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
392 CanQualType ContextTy
393 = S.Context.getCanonicalType(S.Context.getTypeDeclType(*I));
394 if (MightInstantiateTo(S, ContextTy, FriendTy))
399 return AR_inaccessible;
402 static AccessResult MatchesFriend(Sema &S,
403 const EffectiveContext &EC,
404 CanQualType Friend) {
405 if (const RecordType *RT = Friend->getAs<RecordType>())
406 return MatchesFriend(S, EC, cast<CXXRecordDecl>(RT->getDecl()));
408 // TODO: we can do better than this
409 if (Friend->isDependentType())
412 return AR_inaccessible;
415 /// Determines whether the given friend class template matches
416 /// anything in the effective context.
417 static AccessResult MatchesFriend(Sema &S,
418 const EffectiveContext &EC,
419 ClassTemplateDecl *Friend) {
420 AccessResult OnFailure = AR_inaccessible;
422 // Check whether the friend is the template of a class in the
424 for (llvm::SmallVectorImpl<CXXRecordDecl*>::const_iterator
425 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
426 CXXRecordDecl *Record = *I;
428 // Figure out whether the current class has a template:
429 ClassTemplateDecl *CTD;
431 // A specialization of the template...
432 if (isa<ClassTemplateSpecializationDecl>(Record)) {
433 CTD = cast<ClassTemplateSpecializationDecl>(Record)
434 ->getSpecializedTemplate();
436 // ... or the template pattern itself.
438 CTD = Record->getDescribedClassTemplate();
443 if (Friend == CTD->getCanonicalDecl())
444 return AR_accessible;
446 // If the context isn't dependent, it can't be a dependent match.
447 if (!EC.isDependent())
450 // If the template names don't match, it can't be a dependent
452 if (CTD->getDeclName() != Friend->getDeclName())
455 // If the class's context can't instantiate to the friend's
456 // context, it can't be a dependent match.
457 if (!MightInstantiateTo(S, CTD->getDeclContext(),
458 Friend->getDeclContext()))
461 // Otherwise, it's a dependent match.
462 OnFailure = AR_dependent;
468 /// Determines whether the given friend function matches anything in
469 /// the effective context.
470 static AccessResult MatchesFriend(Sema &S,
471 const EffectiveContext &EC,
472 FunctionDecl *Friend) {
473 AccessResult OnFailure = AR_inaccessible;
475 for (llvm::SmallVectorImpl<FunctionDecl*>::const_iterator
476 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
478 return AR_accessible;
480 if (EC.isDependent() && MightInstantiateTo(S, *I, Friend))
481 OnFailure = AR_dependent;
487 /// Determines whether the given friend function template matches
488 /// anything in the effective context.
489 static AccessResult MatchesFriend(Sema &S,
490 const EffectiveContext &EC,
491 FunctionTemplateDecl *Friend) {
492 if (EC.Functions.empty()) return AR_inaccessible;
494 AccessResult OnFailure = AR_inaccessible;
496 for (llvm::SmallVectorImpl<FunctionDecl*>::const_iterator
497 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
499 FunctionTemplateDecl *FTD = (*I)->getPrimaryTemplate();
501 FTD = (*I)->getDescribedFunctionTemplate();
505 FTD = FTD->getCanonicalDecl();
508 return AR_accessible;
510 if (EC.isDependent() && MightInstantiateTo(S, FTD, Friend))
511 OnFailure = AR_dependent;
517 /// Determines whether the given friend declaration matches anything
518 /// in the effective context.
519 static AccessResult MatchesFriend(Sema &S,
520 const EffectiveContext &EC,
521 FriendDecl *FriendD) {
522 // Whitelist accesses if there's an invalid or unsupported friend
524 if (FriendD->isInvalidDecl() || FriendD->isUnsupportedFriend())
525 return AR_accessible;
527 if (TypeSourceInfo *T = FriendD->getFriendType())
528 return MatchesFriend(S, EC, T->getType()->getCanonicalTypeUnqualified());
531 = cast<NamedDecl>(FriendD->getFriendDecl()->getCanonicalDecl());
533 // FIXME: declarations with dependent or templated scope.
535 if (isa<ClassTemplateDecl>(Friend))
536 return MatchesFriend(S, EC, cast<ClassTemplateDecl>(Friend));
538 if (isa<FunctionTemplateDecl>(Friend))
539 return MatchesFriend(S, EC, cast<FunctionTemplateDecl>(Friend));
541 if (isa<CXXRecordDecl>(Friend))
542 return MatchesFriend(S, EC, cast<CXXRecordDecl>(Friend));
544 assert(isa<FunctionDecl>(Friend) && "unknown friend decl kind");
545 return MatchesFriend(S, EC, cast<FunctionDecl>(Friend));
548 static AccessResult GetFriendKind(Sema &S,
549 const EffectiveContext &EC,
550 const CXXRecordDecl *Class) {
551 AccessResult OnFailure = AR_inaccessible;
553 // Okay, check friends.
554 for (CXXRecordDecl::friend_iterator I = Class->friend_begin(),
555 E = Class->friend_end(); I != E; ++I) {
556 FriendDecl *Friend = *I;
558 switch (MatchesFriend(S, EC, Friend)) {
560 return AR_accessible;
562 case AR_inaccessible:
566 OnFailure = AR_dependent;
571 // That's it, give up.
577 /// A helper class for checking for a friend which will grant access
578 /// to a protected instance member.
579 struct ProtectedFriendContext {
581 const EffectiveContext &EC;
582 const CXXRecordDecl *NamingClass;
586 /// The path down to the current base class.
587 llvm::SmallVector<const CXXRecordDecl*, 20> CurPath;
589 ProtectedFriendContext(Sema &S, const EffectiveContext &EC,
590 const CXXRecordDecl *InstanceContext,
591 const CXXRecordDecl *NamingClass)
592 : S(S), EC(EC), NamingClass(NamingClass),
593 CheckDependent(InstanceContext->isDependentContext() ||
594 NamingClass->isDependentContext()),
595 EverDependent(false) {}
597 /// Check classes in the current path for friendship, starting at
599 bool checkFriendshipAlongPath(unsigned I) {
600 assert(I < CurPath.size());
601 for (unsigned E = CurPath.size(); I != E; ++I) {
602 switch (GetFriendKind(S, EC, CurPath[I])) {
603 case AR_accessible: return true;
604 case AR_inaccessible: continue;
605 case AR_dependent: EverDependent = true; continue;
611 /// Perform a search starting at the given class.
613 /// PrivateDepth is the index of the last (least derived) class
614 /// along the current path such that a notional public member of
615 /// the final class in the path would have access in that class.
616 bool findFriendship(const CXXRecordDecl *Cur, unsigned PrivateDepth) {
617 // If we ever reach the naming class, check the current path for
618 // friendship. We can also stop recursing because we obviously
619 // won't find the naming class there again.
620 if (Cur == NamingClass)
621 return checkFriendshipAlongPath(PrivateDepth);
623 if (CheckDependent && MightInstantiateTo(Cur, NamingClass))
624 EverDependent = true;
626 // Recurse into the base classes.
627 for (CXXRecordDecl::base_class_const_iterator
628 I = Cur->bases_begin(), E = Cur->bases_end(); I != E; ++I) {
630 // If this is private inheritance, then a public member of the
631 // base will not have any access in classes derived from Cur.
632 unsigned BasePrivateDepth = PrivateDepth;
633 if (I->getAccessSpecifier() == AS_private)
634 BasePrivateDepth = CurPath.size() - 1;
636 const CXXRecordDecl *RD;
638 QualType T = I->getType();
639 if (const RecordType *RT = T->getAs<RecordType>()) {
640 RD = cast<CXXRecordDecl>(RT->getDecl());
641 } else if (const InjectedClassNameType *IT
642 = T->getAs<InjectedClassNameType>()) {
645 assert(T->isDependentType() && "non-dependent base wasn't a record?");
646 EverDependent = true;
650 // Recurse. We don't need to clean up if this returns true.
651 CurPath.push_back(RD);
652 if (findFriendship(RD->getCanonicalDecl(), BasePrivateDepth))
660 bool findFriendship(const CXXRecordDecl *Cur) {
661 assert(CurPath.empty());
662 CurPath.push_back(Cur);
663 return findFriendship(Cur, 0);
668 /// Search for a class P that EC is a friend of, under the constraint
669 /// InstanceContext <= P <= NamingClass
670 /// and with the additional restriction that a protected member of
671 /// NamingClass would have some natural access in P.
673 /// That second condition isn't actually quite right: the condition in
674 /// the standard is whether the target would have some natural access
675 /// in P. The difference is that the target might be more accessible
676 /// along some path not passing through NamingClass. Allowing that
677 /// introduces two problems:
678 /// - It breaks encapsulation because you can suddenly access a
679 /// forbidden base class's members by subclassing it elsewhere.
680 /// - It makes access substantially harder to compute because it
681 /// breaks the hill-climbing algorithm: knowing that the target is
682 /// accessible in some base class would no longer let you change
683 /// the question solely to whether the base class is accessible,
684 /// because the original target might have been more accessible
685 /// because of crazy subclassing.
686 /// So we don't implement that.
687 static AccessResult GetProtectedFriendKind(Sema &S, const EffectiveContext &EC,
688 const CXXRecordDecl *InstanceContext,
689 const CXXRecordDecl *NamingClass) {
690 assert(InstanceContext->getCanonicalDecl() == InstanceContext);
691 assert(NamingClass->getCanonicalDecl() == NamingClass);
693 ProtectedFriendContext PRC(S, EC, InstanceContext, NamingClass);
694 if (PRC.findFriendship(InstanceContext)) return AR_accessible;
695 if (PRC.EverDependent) return AR_dependent;
696 return AR_inaccessible;
699 static AccessResult HasAccess(Sema &S,
700 const EffectiveContext &EC,
701 const CXXRecordDecl *NamingClass,
702 AccessSpecifier Access,
703 const AccessTarget &Target) {
704 assert(NamingClass->getCanonicalDecl() == NamingClass &&
705 "declaration should be canonicalized before being passed here");
707 if (Access == AS_public) return AR_accessible;
708 assert(Access == AS_private || Access == AS_protected);
710 AccessResult OnFailure = AR_inaccessible;
712 for (EffectiveContext::record_iterator
713 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
714 // All the declarations in EC have been canonicalized, so pointer
715 // equality from this point on will work fine.
716 const CXXRecordDecl *ECRecord = *I;
719 if (Access == AS_private) {
720 if (ECRecord == NamingClass)
721 return AR_accessible;
723 if (EC.isDependent() && MightInstantiateTo(ECRecord, NamingClass))
724 OnFailure = AR_dependent;
728 assert(Access == AS_protected);
729 switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
730 case AR_accessible: break;
731 case AR_inaccessible: continue;
732 case AR_dependent: OnFailure = AR_dependent; continue;
735 if (!Target.hasInstanceContext())
736 return AR_accessible;
738 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
739 if (!InstanceContext) {
740 OnFailure = AR_dependent;
744 // C++ [class.protected]p1:
745 // An additional access check beyond those described earlier in
746 // [class.access] is applied when a non-static data member or
747 // non-static member function is a protected member of its naming
748 // class. As described earlier, access to a protected member is
749 // granted because the reference occurs in a friend or member of
750 // some class C. If the access is to form a pointer to member,
751 // the nested-name-specifier shall name C or a class derived from
752 // C. All other accesses involve a (possibly implicit) object
753 // expression. In this case, the class of the object expression
754 // shall be C or a class derived from C.
756 // We interpret this as a restriction on [M3]. Most of the
757 // conditions are encoded by not having any instance context.
758 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
759 case AR_accessible: return AR_accessible;
760 case AR_inaccessible: continue;
761 case AR_dependent: OnFailure = AR_dependent; continue;
766 // [M3] and [B3] say that, if the target is protected in N, we grant
767 // access if the access occurs in a friend or member of some class P
768 // that's a subclass of N and where the target has some natural
769 // access in P. The 'member' aspect is easy to handle because P
770 // would necessarily be one of the effective-context records, and we
771 // address that above. The 'friend' aspect is completely ridiculous
772 // to implement because there are no restrictions at all on P
773 // *unless* the [class.protected] restriction applies. If it does,
774 // however, we should ignore whether the naming class is a friend,
775 // and instead rely on whether any potential P is a friend.
776 if (Access == AS_protected && Target.hasInstanceContext()) {
777 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
778 if (!InstanceContext) return AR_dependent;
779 switch (GetProtectedFriendKind(S, EC, InstanceContext, NamingClass)) {
780 case AR_accessible: return AR_accessible;
781 case AR_inaccessible: return OnFailure;
782 case AR_dependent: return AR_dependent;
784 llvm_unreachable("impossible friendship kind");
787 switch (GetFriendKind(S, EC, NamingClass)) {
788 case AR_accessible: return AR_accessible;
789 case AR_inaccessible: return OnFailure;
790 case AR_dependent: return AR_dependent;
793 // Silence bogus warnings
794 llvm_unreachable("impossible friendship kind");
798 /// Finds the best path from the naming class to the declaring class,
799 /// taking friend declarations into account.
801 /// C++0x [class.access.base]p5:
802 /// A member m is accessible at the point R when named in class N if
803 /// [M1] m as a member of N is public, or
804 /// [M2] m as a member of N is private, and R occurs in a member or
805 /// friend of class N, or
806 /// [M3] m as a member of N is protected, and R occurs in a member or
807 /// friend of class N, or in a member or friend of a class P
808 /// derived from N, where m as a member of P is public, private,
810 /// [M4] there exists a base class B of N that is accessible at R, and
811 /// m is accessible at R when named in class B.
813 /// C++0x [class.access.base]p4:
814 /// A base class B of N is accessible at R, if
815 /// [B1] an invented public member of B would be a public member of N, or
816 /// [B2] R occurs in a member or friend of class N, and an invented public
817 /// member of B would be a private or protected member of N, or
818 /// [B3] R occurs in a member or friend of a class P derived from N, and an
819 /// invented public member of B would be a private or protected member
821 /// [B4] there exists a class S such that B is a base class of S accessible
822 /// at R and S is a base class of N accessible at R.
824 /// Along a single inheritance path we can restate both of these
827 /// First, we note that M1-4 are equivalent to B1-4 if the member is
828 /// treated as a notional base of its declaring class with inheritance
829 /// access equivalent to the member's access. Therefore we need only
830 /// ask whether a class B is accessible from a class N in context R.
832 /// Let B_1 .. B_n be the inheritance path in question (i.e. where
833 /// B_1 = N, B_n = B, and for all i, B_{i+1} is a direct base class of
834 /// B_i). For i in 1..n, we will calculate ACAB(i), the access to the
835 /// closest accessible base in the path:
836 /// Access(a, b) = (* access on the base specifier from a to b *)
837 /// Merge(a, forbidden) = forbidden
838 /// Merge(a, private) = forbidden
839 /// Merge(a, b) = min(a,b)
840 /// Accessible(c, forbidden) = false
841 /// Accessible(c, private) = (R is c) || IsFriend(c, R)
842 /// Accessible(c, protected) = (R derived from c) || IsFriend(c, R)
843 /// Accessible(c, public) = true
846 /// let AccessToBase = Merge(Access(B_i, B_{i+1}), ACAB(i+1)) in
847 /// if Accessible(B_i, AccessToBase) then public else AccessToBase
849 /// B is an accessible base of N at R iff ACAB(1) = public.
851 /// \param FinalAccess the access of the "final step", or AS_public if
852 /// there is no final step.
853 /// \return null if friendship is dependent
854 static CXXBasePath *FindBestPath(Sema &S,
855 const EffectiveContext &EC,
856 AccessTarget &Target,
857 AccessSpecifier FinalAccess,
858 CXXBasePaths &Paths) {
859 // Derive the paths to the desired base.
860 const CXXRecordDecl *Derived = Target.getNamingClass();
861 const CXXRecordDecl *Base = Target.getDeclaringClass();
863 // FIXME: fail correctly when there are dependent paths.
864 bool isDerived = Derived->isDerivedFrom(const_cast<CXXRecordDecl*>(Base),
866 assert(isDerived && "derived class not actually derived from base");
869 CXXBasePath *BestPath = 0;
871 assert(FinalAccess != AS_none && "forbidden access after declaring class");
873 bool AnyDependent = false;
875 // Derive the friend-modified access along each path.
876 for (CXXBasePaths::paths_iterator PI = Paths.begin(), PE = Paths.end();
878 AccessTarget::SavedInstanceContext _ = Target.saveInstanceContext();
880 // Walk through the path backwards.
881 AccessSpecifier PathAccess = FinalAccess;
882 CXXBasePath::iterator I = PI->end(), E = PI->begin();
886 assert(PathAccess != AS_none);
888 // If the declaration is a private member of a base class, there
889 // is no level of friendship in derived classes that can make it
891 if (PathAccess == AS_private) {
892 PathAccess = AS_none;
896 const CXXRecordDecl *NC = I->Class->getCanonicalDecl();
898 AccessSpecifier BaseAccess = I->Base->getAccessSpecifier();
899 PathAccess = std::max(PathAccess, BaseAccess);
901 switch (HasAccess(S, EC, NC, PathAccess, Target)) {
902 case AR_inaccessible: break;
904 PathAccess = AS_public;
906 // Future tests are not against members and so do not have
908 Target.suppressInstanceContext();
916 // Note that we modify the path's Access field to the
917 // friend-modified access.
918 if (BestPath == 0 || PathAccess < BestPath->Access) {
920 BestPath->Access = PathAccess;
922 // Short-circuit if we found a public path.
923 if (BestPath->Access == AS_public)
930 assert((!BestPath || BestPath->Access != AS_public) &&
931 "fell out of loop with public path");
933 // We didn't find a public path, but at least one path was subject
934 // to dependent friendship, so delay the check.
941 /// Given that an entity has protected natural access, check whether
942 /// access might be denied because of the protected member access
945 /// \return true if a note was emitted
946 static bool TryDiagnoseProtectedAccess(Sema &S, const EffectiveContext &EC,
947 AccessTarget &Target) {
948 // Only applies to instance accesses.
949 if (!Target.hasInstanceContext())
951 assert(Target.isMemberAccess());
952 NamedDecl *D = Target.getTargetDecl();
954 const CXXRecordDecl *DeclaringClass = Target.getDeclaringClass();
955 DeclaringClass = DeclaringClass->getCanonicalDecl();
957 for (EffectiveContext::record_iterator
958 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
959 const CXXRecordDecl *ECRecord = *I;
960 switch (IsDerivedFromInclusive(ECRecord, DeclaringClass)) {
961 case AR_accessible: break;
962 case AR_inaccessible: continue;
963 case AR_dependent: continue;
966 // The effective context is a subclass of the declaring class.
967 // If that class isn't a superclass of the instance context,
968 // then the [class.protected] restriction applies.
970 // To get this exactly right, this might need to be checked more
971 // holistically; it's not necessarily the case that gaining
972 // access here would grant us access overall.
974 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
975 assert(InstanceContext && "diagnosing dependent access");
977 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
978 case AR_accessible: continue;
979 case AR_dependent: continue;
980 case AR_inaccessible:
981 S.Diag(D->getLocation(), diag::note_access_protected_restricted)
982 << (InstanceContext != Target.getNamingClass()->getCanonicalDecl())
983 << S.Context.getTypeDeclType(InstanceContext)
984 << S.Context.getTypeDeclType(ECRecord);
992 /// Diagnose the path which caused the given declaration or base class
993 /// to become inaccessible.
994 static void DiagnoseAccessPath(Sema &S,
995 const EffectiveContext &EC,
996 AccessTarget &Entity) {
997 AccessSpecifier Access = Entity.getAccess();
998 const CXXRecordDecl *NamingClass = Entity.getNamingClass();
999 NamingClass = NamingClass->getCanonicalDecl();
1001 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0);
1002 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1004 // Easy case: the decl's natural access determined its path access.
1005 // We have to check against AS_private here in case Access is AS_none,
1006 // indicating a non-public member of a private base class.
1007 if (D && (Access == D->getAccess() || D->getAccess() == AS_private)) {
1008 switch (HasAccess(S, EC, DeclaringClass, D->getAccess(), Entity)) {
1009 case AR_inaccessible: {
1010 if (Access == AS_protected &&
1011 TryDiagnoseProtectedAccess(S, EC, Entity))
1014 // Find an original declaration.
1015 while (D->isOutOfLine()) {
1016 NamedDecl *PrevDecl = 0;
1017 if (VarDecl *VD = dyn_cast<VarDecl>(D))
1018 PrevDecl = VD->getPreviousDeclaration();
1019 else if (FunctionDecl *FD = dyn_cast<FunctionDecl>(D))
1020 PrevDecl = FD->getPreviousDeclaration();
1021 else if (TypedefNameDecl *TND = dyn_cast<TypedefNameDecl>(D))
1022 PrevDecl = TND->getPreviousDeclaration();
1023 else if (TagDecl *TD = dyn_cast<TagDecl>(D)) {
1024 if (isa<RecordDecl>(D) && cast<RecordDecl>(D)->isInjectedClassName())
1026 PrevDecl = TD->getPreviousDeclaration();
1028 if (!PrevDecl) break;
1032 CXXRecordDecl *DeclaringClass = FindDeclaringClass(D);
1033 Decl *ImmediateChild;
1034 if (D->getDeclContext() == DeclaringClass)
1037 DeclContext *DC = D->getDeclContext();
1038 while (DC->getParent() != DeclaringClass)
1039 DC = DC->getParent();
1040 ImmediateChild = cast<Decl>(DC);
1043 // Check whether there's an AccessSpecDecl preceding this in the
1044 // chain of the DeclContext.
1045 bool Implicit = true;
1046 for (CXXRecordDecl::decl_iterator
1047 I = DeclaringClass->decls_begin(), E = DeclaringClass->decls_end();
1049 if (*I == ImmediateChild) break;
1050 if (isa<AccessSpecDecl>(*I)) {
1056 S.Diag(D->getLocation(), diag::note_access_natural)
1057 << (unsigned) (Access == AS_protected)
1062 case AR_accessible: break;
1065 llvm_unreachable("can't diagnose dependent access failures");
1071 CXXBasePath &Path = *FindBestPath(S, EC, Entity, AS_public, Paths);
1073 CXXBasePath::iterator I = Path.end(), E = Path.begin();
1077 const CXXBaseSpecifier *BS = I->Base;
1078 AccessSpecifier BaseAccess = BS->getAccessSpecifier();
1080 // If this is public inheritance, or the derived class is a friend,
1082 if (BaseAccess == AS_public)
1085 switch (GetFriendKind(S, EC, I->Class)) {
1086 case AR_accessible: continue;
1087 case AR_inaccessible: break;
1089 llvm_unreachable("can't diagnose dependent access failures");
1092 // Check whether this base specifier is the tighest point
1093 // constraining access. We have to check against AS_private for
1094 // the same reasons as above.
1095 if (BaseAccess == AS_private || BaseAccess >= Access) {
1097 // We're constrained by inheritance, but we want to say
1098 // "declared private here" if we're diagnosing a hierarchy
1099 // conversion and this is the final step.
1100 unsigned diagnostic;
1101 if (D) diagnostic = diag::note_access_constrained_by_path;
1102 else if (I + 1 == Path.end()) diagnostic = diag::note_access_natural;
1103 else diagnostic = diag::note_access_constrained_by_path;
1105 S.Diag(BS->getSourceRange().getBegin(), diagnostic)
1106 << BS->getSourceRange()
1107 << (BaseAccess == AS_protected)
1108 << (BS->getAccessSpecifierAsWritten() == AS_none);
1111 S.Diag(D->getLocation(), diag::note_field_decl);
1117 llvm_unreachable("access not apparently constrained by path");
1120 static void DiagnoseBadAccess(Sema &S, SourceLocation Loc,
1121 const EffectiveContext &EC,
1122 AccessTarget &Entity) {
1123 const CXXRecordDecl *NamingClass = Entity.getNamingClass();
1124 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1125 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0);
1127 S.Diag(Loc, Entity.getDiag())
1128 << (Entity.getAccess() == AS_protected)
1129 << (D ? D->getDeclName() : DeclarationName())
1130 << S.Context.getTypeDeclType(NamingClass)
1131 << S.Context.getTypeDeclType(DeclaringClass);
1132 DiagnoseAccessPath(S, EC, Entity);
1135 /// MSVC has a bug where if during an using declaration name lookup,
1136 /// the declaration found is unaccessible (private) and that declaration
1137 /// was bring into scope via another using declaration whose target
1138 /// declaration is accessible (public) then no error is generated.
1144 /// class B : public A {
1148 /// class C : public B {
1153 /// Here, B::f is private so this should fail in Standard C++, but
1154 /// because B::f refers to A::f which is public MSVC accepts it.
1155 static bool IsMicrosoftUsingDeclarationAccessBug(Sema& S,
1156 SourceLocation AccessLoc,
1157 AccessTarget &Entity) {
1158 if (UsingShadowDecl *Shadow =
1159 dyn_cast<UsingShadowDecl>(Entity.getTargetDecl())) {
1160 const NamedDecl *OrigDecl = Entity.getTargetDecl()->getUnderlyingDecl();
1161 if (Entity.getTargetDecl()->getAccess() == AS_private &&
1162 (OrigDecl->getAccess() == AS_public ||
1163 OrigDecl->getAccess() == AS_protected)) {
1164 S.Diag(AccessLoc, diag::war_ms_using_declaration_inaccessible)
1165 << Shadow->getUsingDecl()->getQualifiedNameAsString()
1166 << OrigDecl->getQualifiedNameAsString();
1173 /// Determines whether the accessed entity is accessible. Public members
1174 /// have been weeded out by this point.
1175 static AccessResult IsAccessible(Sema &S,
1176 const EffectiveContext &EC,
1177 AccessTarget &Entity) {
1178 // Determine the actual naming class.
1179 CXXRecordDecl *NamingClass = Entity.getNamingClass();
1180 while (NamingClass->isAnonymousStructOrUnion())
1181 NamingClass = cast<CXXRecordDecl>(NamingClass->getParent());
1182 NamingClass = NamingClass->getCanonicalDecl();
1184 AccessSpecifier UnprivilegedAccess = Entity.getAccess();
1185 assert(UnprivilegedAccess != AS_public && "public access not weeded out");
1187 // Before we try to recalculate access paths, try to white-list
1188 // accesses which just trade in on the final step, i.e. accesses
1189 // which don't require [M4] or [B4]. These are by far the most
1190 // common forms of privileged access.
1191 if (UnprivilegedAccess != AS_none) {
1192 switch (HasAccess(S, EC, NamingClass, UnprivilegedAccess, Entity)) {
1194 // This is actually an interesting policy decision. We don't
1195 // *have* to delay immediately here: we can do the full access
1196 // calculation in the hope that friendship on some intermediate
1197 // class will make the declaration accessible non-dependently.
1198 // But that's not cheap, and odds are very good (note: assertion
1199 // made without data) that the friend declaration will determine
1201 return AR_dependent;
1203 case AR_accessible: return AR_accessible;
1204 case AR_inaccessible: break;
1208 AccessTarget::SavedInstanceContext _ = Entity.saveInstanceContext();
1210 // We lower member accesses to base accesses by pretending that the
1211 // member is a base class of its declaring class.
1212 AccessSpecifier FinalAccess;
1214 if (Entity.isMemberAccess()) {
1215 // Determine if the declaration is accessible from EC when named
1216 // in its declaring class.
1217 NamedDecl *Target = Entity.getTargetDecl();
1218 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1220 FinalAccess = Target->getAccess();
1221 switch (HasAccess(S, EC, DeclaringClass, FinalAccess, Entity)) {
1223 FinalAccess = AS_public;
1225 case AR_inaccessible: break;
1226 case AR_dependent: return AR_dependent; // see above
1229 if (DeclaringClass == NamingClass)
1230 return (FinalAccess == AS_public ? AR_accessible : AR_inaccessible);
1232 Entity.suppressInstanceContext();
1234 FinalAccess = AS_public;
1237 assert(Entity.getDeclaringClass() != NamingClass);
1239 // Append the declaration's access if applicable.
1241 CXXBasePath *Path = FindBestPath(S, EC, Entity, FinalAccess, Paths);
1243 return AR_dependent;
1245 assert(Path->Access <= UnprivilegedAccess &&
1246 "access along best path worse than direct?");
1247 if (Path->Access == AS_public)
1248 return AR_accessible;
1249 return AR_inaccessible;
1252 static void DelayDependentAccess(Sema &S,
1253 const EffectiveContext &EC,
1255 const AccessTarget &Entity) {
1256 assert(EC.isDependent() && "delaying non-dependent access");
1257 DeclContext *DC = EC.getInnerContext();
1258 assert(DC->isDependentContext() && "delaying non-dependent access");
1259 DependentDiagnostic::Create(S.Context, DC, DependentDiagnostic::Access,
1261 Entity.isMemberAccess(),
1263 Entity.getTargetDecl(),
1264 Entity.getNamingClass(),
1265 Entity.getBaseObjectType(),
1269 /// Checks access to an entity from the given effective context.
1270 static AccessResult CheckEffectiveAccess(Sema &S,
1271 const EffectiveContext &EC,
1273 AccessTarget &Entity) {
1274 assert(Entity.getAccess() != AS_public && "called for public access!");
1276 if (S.getLangOptions().Microsoft &&
1277 IsMicrosoftUsingDeclarationAccessBug(S, Loc, Entity))
1278 return AR_accessible;
1280 switch (IsAccessible(S, EC, Entity)) {
1282 DelayDependentAccess(S, EC, Loc, Entity);
1283 return AR_dependent;
1285 case AR_inaccessible:
1286 if (!Entity.isQuiet())
1287 DiagnoseBadAccess(S, Loc, EC, Entity);
1288 return AR_inaccessible;
1291 return AR_accessible;
1294 // silence unnecessary warning
1295 llvm_unreachable("invalid access result");
1296 return AR_accessible;
1299 static Sema::AccessResult CheckAccess(Sema &S, SourceLocation Loc,
1300 AccessTarget &Entity) {
1301 // If the access path is public, it's accessible everywhere.
1302 if (Entity.getAccess() == AS_public)
1303 return Sema::AR_accessible;
1305 if (S.SuppressAccessChecking)
1306 return Sema::AR_accessible;
1308 // If we're currently parsing a declaration, we may need to delay
1309 // access control checking, because our effective context might be
1310 // different based on what the declaration comes out as.
1312 // For example, we might be parsing a declaration with a scope
1313 // specifier, like this:
1314 // A::private_type A::foo() { ... }
1316 // Or we might be parsing something that will turn out to be a friend:
1317 // void foo(A::private_type);
1318 // void B::foo(A::private_type);
1319 if (S.DelayedDiagnostics.shouldDelayDiagnostics()) {
1320 S.DelayedDiagnostics.add(DelayedDiagnostic::makeAccess(Loc, Entity));
1321 return Sema::AR_delayed;
1324 EffectiveContext EC(S.CurContext);
1325 switch (CheckEffectiveAccess(S, EC, Loc, Entity)) {
1326 case AR_accessible: return Sema::AR_accessible;
1327 case AR_inaccessible: return Sema::AR_inaccessible;
1328 case AR_dependent: return Sema::AR_dependent;
1330 llvm_unreachable("falling off end");
1331 return Sema::AR_accessible;
1334 void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *decl) {
1335 // Access control for names used in the declarations of functions
1336 // and function templates should normally be evaluated in the context
1337 // of the declaration, just in case it's a friend of something.
1338 // However, this does not apply to local extern declarations.
1340 DeclContext *DC = decl->getDeclContext();
1341 if (FunctionDecl *fn = dyn_cast<FunctionDecl>(decl)) {
1342 if (!DC->isFunctionOrMethod()) DC = fn;
1343 } else if (FunctionTemplateDecl *fnt = dyn_cast<FunctionTemplateDecl>(decl)) {
1344 // Never a local declaration.
1345 DC = fnt->getTemplatedDecl();
1348 EffectiveContext EC(DC);
1350 AccessTarget Target(DD.getAccessData());
1352 if (CheckEffectiveAccess(*this, EC, DD.Loc, Target) == ::AR_inaccessible)
1353 DD.Triggered = true;
1356 void Sema::HandleDependentAccessCheck(const DependentDiagnostic &DD,
1357 const MultiLevelTemplateArgumentList &TemplateArgs) {
1358 SourceLocation Loc = DD.getAccessLoc();
1359 AccessSpecifier Access = DD.getAccess();
1361 Decl *NamingD = FindInstantiatedDecl(Loc, DD.getAccessNamingClass(),
1363 if (!NamingD) return;
1364 Decl *TargetD = FindInstantiatedDecl(Loc, DD.getAccessTarget(),
1366 if (!TargetD) return;
1368 if (DD.isAccessToMember()) {
1369 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(NamingD);
1370 NamedDecl *TargetDecl = cast<NamedDecl>(TargetD);
1371 QualType BaseObjectType = DD.getAccessBaseObjectType();
1372 if (!BaseObjectType.isNull()) {
1373 BaseObjectType = SubstType(BaseObjectType, TemplateArgs, Loc,
1375 if (BaseObjectType.isNull()) return;
1378 AccessTarget Entity(Context,
1379 AccessTarget::Member,
1381 DeclAccessPair::make(TargetDecl, Access),
1383 Entity.setDiag(DD.getDiagnostic());
1384 CheckAccess(*this, Loc, Entity);
1386 AccessTarget Entity(Context,
1388 cast<CXXRecordDecl>(TargetD),
1389 cast<CXXRecordDecl>(NamingD),
1391 Entity.setDiag(DD.getDiagnostic());
1392 CheckAccess(*this, Loc, Entity);
1396 Sema::AccessResult Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E,
1397 DeclAccessPair Found) {
1398 if (!getLangOptions().AccessControl ||
1399 !E->getNamingClass() ||
1400 Found.getAccess() == AS_public)
1401 return AR_accessible;
1403 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1405 Entity.setDiag(diag::err_access) << E->getSourceRange();
1407 return CheckAccess(*this, E->getNameLoc(), Entity);
1410 /// Perform access-control checking on a previously-unresolved member
1411 /// access which has now been resolved to a member.
1412 Sema::AccessResult Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E,
1413 DeclAccessPair Found) {
1414 if (!getLangOptions().AccessControl ||
1415 Found.getAccess() == AS_public)
1416 return AR_accessible;
1418 QualType BaseType = E->getBaseType();
1420 BaseType = BaseType->getAs<PointerType>()->getPointeeType();
1422 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1424 Entity.setDiag(diag::err_access) << E->getSourceRange();
1426 return CheckAccess(*this, E->getMemberLoc(), Entity);
1429 Sema::AccessResult Sema::CheckDestructorAccess(SourceLocation Loc,
1430 CXXDestructorDecl *Dtor,
1431 const PartialDiagnostic &PDiag) {
1432 if (!getLangOptions().AccessControl)
1433 return AR_accessible;
1435 // There's never a path involved when checking implicit destructor access.
1436 AccessSpecifier Access = Dtor->getAccess();
1437 if (Access == AS_public)
1438 return AR_accessible;
1440 CXXRecordDecl *NamingClass = Dtor->getParent();
1441 AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1442 DeclAccessPair::make(Dtor, Access),
1444 Entity.setDiag(PDiag); // TODO: avoid copy
1446 return CheckAccess(*this, Loc, Entity);
1449 /// Checks access to a constructor.
1450 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1451 CXXConstructorDecl *Constructor,
1452 const InitializedEntity &Entity,
1453 AccessSpecifier Access,
1454 bool IsCopyBindingRefToTemp) {
1455 if (!getLangOptions().AccessControl ||
1456 Access == AS_public)
1457 return AR_accessible;
1459 CXXRecordDecl *NamingClass = Constructor->getParent();
1460 AccessTarget AccessEntity(Context, AccessTarget::Member, NamingClass,
1461 DeclAccessPair::make(Constructor, Access),
1463 PartialDiagnostic PD(PDiag());
1464 switch (Entity.getKind()) {
1466 PD = PDiag(IsCopyBindingRefToTemp
1467 ? diag::ext_rvalue_to_reference_access_ctor
1468 : diag::err_access_ctor);
1472 case InitializedEntity::EK_Base:
1473 PD = PDiag(diag::err_access_base_ctor);
1474 PD << Entity.isInheritedVirtualBase()
1475 << Entity.getBaseSpecifier()->getType() << getSpecialMember(Constructor);
1478 case InitializedEntity::EK_Member: {
1479 const FieldDecl *Field = cast<FieldDecl>(Entity.getDecl());
1480 PD = PDiag(diag::err_access_field_ctor);
1481 PD << Field->getType() << getSpecialMember(Constructor);
1487 return CheckConstructorAccess(UseLoc, Constructor, Access, PD);
1490 /// Checks access to a constructor.
1491 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1492 CXXConstructorDecl *Constructor,
1493 AccessSpecifier Access,
1494 PartialDiagnostic PD) {
1495 if (!getLangOptions().AccessControl ||
1496 Access == AS_public)
1497 return AR_accessible;
1499 CXXRecordDecl *NamingClass = Constructor->getParent();
1500 AccessTarget AccessEntity(Context, AccessTarget::Member, NamingClass,
1501 DeclAccessPair::make(Constructor, Access),
1503 AccessEntity.setDiag(PD);
1505 return CheckAccess(*this, UseLoc, AccessEntity);
1508 /// Checks direct (i.e. non-inherited) access to an arbitrary class
1510 Sema::AccessResult Sema::CheckDirectMemberAccess(SourceLocation UseLoc,
1512 const PartialDiagnostic &Diag) {
1513 AccessSpecifier Access = Target->getAccess();
1514 if (!getLangOptions().AccessControl ||
1515 Access == AS_public)
1516 return AR_accessible;
1518 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(Target->getDeclContext());
1519 AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1520 DeclAccessPair::make(Target, Access),
1522 Entity.setDiag(Diag);
1523 return CheckAccess(*this, UseLoc, Entity);
1527 /// Checks access to an overloaded operator new or delete.
1528 Sema::AccessResult Sema::CheckAllocationAccess(SourceLocation OpLoc,
1529 SourceRange PlacementRange,
1530 CXXRecordDecl *NamingClass,
1531 DeclAccessPair Found,
1533 if (!getLangOptions().AccessControl ||
1535 Found.getAccess() == AS_public)
1536 return AR_accessible;
1538 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1541 Entity.setDiag(diag::err_access)
1544 return CheckAccess(*this, OpLoc, Entity);
1547 /// Checks access to an overloaded member operator, including
1548 /// conversion operators.
1549 Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc,
1552 DeclAccessPair Found) {
1553 if (!getLangOptions().AccessControl ||
1554 Found.getAccess() == AS_public)
1555 return AR_accessible;
1557 const RecordType *RT = ObjectExpr->getType()->getAs<RecordType>();
1558 assert(RT && "found member operator but object expr not of record type");
1559 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(RT->getDecl());
1561 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1562 ObjectExpr->getType());
1563 Entity.setDiag(diag::err_access)
1564 << ObjectExpr->getSourceRange()
1565 << (ArgExpr ? ArgExpr->getSourceRange() : SourceRange());
1567 return CheckAccess(*this, OpLoc, Entity);
1570 Sema::AccessResult Sema::CheckAddressOfMemberAccess(Expr *OvlExpr,
1571 DeclAccessPair Found) {
1572 if (!getLangOptions().AccessControl ||
1573 Found.getAccess() == AS_none ||
1574 Found.getAccess() == AS_public)
1575 return AR_accessible;
1577 OverloadExpr *Ovl = OverloadExpr::find(OvlExpr).Expression;
1578 CXXRecordDecl *NamingClass = Ovl->getNamingClass();
1580 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1581 Context.getTypeDeclType(NamingClass));
1582 Entity.setDiag(diag::err_access)
1583 << Ovl->getSourceRange();
1585 return CheckAccess(*this, Ovl->getNameLoc(), Entity);
1588 /// Checks access for a hierarchy conversion.
1590 /// \param IsBaseToDerived whether this is a base-to-derived conversion (true)
1591 /// or a derived-to-base conversion (false)
1592 /// \param ForceCheck true if this check should be performed even if access
1593 /// control is disabled; some things rely on this for semantics
1594 /// \param ForceUnprivileged true if this check should proceed as if the
1595 /// context had no special privileges
1596 /// \param ADK controls the kind of diagnostics that are used
1597 Sema::AccessResult Sema::CheckBaseClassAccess(SourceLocation AccessLoc,
1600 const CXXBasePath &Path,
1603 bool ForceUnprivileged) {
1604 if (!ForceCheck && !getLangOptions().AccessControl)
1605 return AR_accessible;
1607 if (Path.Access == AS_public)
1608 return AR_accessible;
1610 CXXRecordDecl *BaseD, *DerivedD;
1611 BaseD = cast<CXXRecordDecl>(Base->getAs<RecordType>()->getDecl());
1612 DerivedD = cast<CXXRecordDecl>(Derived->getAs<RecordType>()->getDecl());
1614 AccessTarget Entity(Context, AccessTarget::Base, BaseD, DerivedD,
1617 Entity.setDiag(DiagID) << Derived << Base;
1619 if (ForceUnprivileged) {
1620 switch (CheckEffectiveAccess(*this, EffectiveContext(),
1621 AccessLoc, Entity)) {
1622 case ::AR_accessible: return Sema::AR_accessible;
1623 case ::AR_inaccessible: return Sema::AR_inaccessible;
1624 case ::AR_dependent: return Sema::AR_dependent;
1626 llvm_unreachable("unexpected result from CheckEffectiveAccess");
1628 return CheckAccess(*this, AccessLoc, Entity);
1631 /// Checks access to all the declarations in the given result set.
1632 void Sema::CheckLookupAccess(const LookupResult &R) {
1633 assert(getLangOptions().AccessControl
1634 && "performing access check without access control");
1635 assert(R.getNamingClass() && "performing access check without naming class");
1637 for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) {
1638 if (I.getAccess() != AS_public) {
1639 AccessTarget Entity(Context, AccessedEntity::Member,
1640 R.getNamingClass(), I.getPair(),
1641 R.getBaseObjectType(), R.isUsingDeclaration());
1642 Entity.setDiag(diag::err_access);
1643 CheckAccess(*this, R.getNameLoc(), Entity);
1648 void Sema::ActOnStartSuppressingAccessChecks() {
1649 assert(!SuppressAccessChecking &&
1650 "Tried to start access check suppression when already started.");
1651 SuppressAccessChecking = true;
1654 void Sema::ActOnStopSuppressingAccessChecks() {
1655 assert(SuppressAccessChecking &&
1656 "Tried to stop access check suprression when already stopped.");
1657 SuppressAccessChecking = false;