SemaAccess.cpp revision aa56a66abb61e9f42b48ae88e43328aba10c9148
1//===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file provides Sema routines for C++ access control semantics. 11// 12//===----------------------------------------------------------------------===// 13 14#include "clang/Sema/SemaInternal.h" 15#include "clang/Sema/DelayedDiagnostic.h" 16#include "clang/Sema/Initialization.h" 17#include "clang/Sema/Lookup.h" 18#include "clang/AST/ASTContext.h" 19#include "clang/AST/CXXInheritance.h" 20#include "clang/AST/DeclCXX.h" 21#include "clang/AST/DeclFriend.h" 22#include "clang/AST/DependentDiagnostic.h" 23#include "clang/AST/ExprCXX.h" 24 25using namespace clang; 26using namespace sema; 27 28/// A copy of Sema's enum without AR_delayed. 29enum AccessResult { 30 AR_accessible, 31 AR_inaccessible, 32 AR_dependent 33}; 34 35/// SetMemberAccessSpecifier - Set the access specifier of a member. 36/// Returns true on error (when the previous member decl access specifier 37/// is different from the new member decl access specifier). 38bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl, 39 NamedDecl *PrevMemberDecl, 40 AccessSpecifier LexicalAS) { 41 if (!PrevMemberDecl) { 42 // Use the lexical access specifier. 43 MemberDecl->setAccess(LexicalAS); 44 return false; 45 } 46 47 // C++ [class.access.spec]p3: When a member is redeclared its access 48 // specifier must be same as its initial declaration. 49 if (LexicalAS != AS_none && LexicalAS != PrevMemberDecl->getAccess()) { 50 Diag(MemberDecl->getLocation(), 51 diag::err_class_redeclared_with_different_access) 52 << MemberDecl << LexicalAS; 53 Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration) 54 << PrevMemberDecl << PrevMemberDecl->getAccess(); 55 56 MemberDecl->setAccess(LexicalAS); 57 return true; 58 } 59 60 MemberDecl->setAccess(PrevMemberDecl->getAccess()); 61 return false; 62} 63 64static CXXRecordDecl *FindDeclaringClass(NamedDecl *D) { 65 DeclContext *DC = D->getDeclContext(); 66 67 // This can only happen at top: enum decls only "publish" their 68 // immediate members. 69 if (isa<EnumDecl>(DC)) 70 DC = cast<EnumDecl>(DC)->getDeclContext(); 71 72 CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(DC); 73 while (DeclaringClass->isAnonymousStructOrUnion()) 74 DeclaringClass = cast<CXXRecordDecl>(DeclaringClass->getDeclContext()); 75 return DeclaringClass; 76} 77 78namespace { 79struct EffectiveContext { 80 EffectiveContext() : Inner(0), Dependent(false) {} 81 82 explicit EffectiveContext(DeclContext *DC) 83 : Inner(DC), 84 Dependent(DC->isDependentContext()) { 85 86 // C++ [class.access.nest]p1: 87 // A nested class is a member and as such has the same access 88 // rights as any other member. 89 // C++ [class.access]p2: 90 // A member of a class can also access all the names to which 91 // the class has access. A local class of a member function 92 // may access the same names that the member function itself 93 // may access. 94 // This almost implies that the privileges of nesting are transitive. 95 // Technically it says nothing about the local classes of non-member 96 // functions (which can gain privileges through friendship), but we 97 // take that as an oversight. 98 while (true) { 99 if (isa<CXXRecordDecl>(DC)) { 100 CXXRecordDecl *Record = cast<CXXRecordDecl>(DC)->getCanonicalDecl(); 101 Records.push_back(Record); 102 DC = Record->getDeclContext(); 103 } else if (isa<FunctionDecl>(DC)) { 104 FunctionDecl *Function = cast<FunctionDecl>(DC)->getCanonicalDecl(); 105 Functions.push_back(Function); 106 DC = Function->getDeclContext(); 107 } else if (DC->isFileContext()) { 108 break; 109 } else { 110 DC = DC->getParent(); 111 } 112 } 113 } 114 115 bool isDependent() const { return Dependent; } 116 117 bool includesClass(const CXXRecordDecl *R) const { 118 R = R->getCanonicalDecl(); 119 return std::find(Records.begin(), Records.end(), R) 120 != Records.end(); 121 } 122 123 /// Retrieves the innermost "useful" context. Can be null if we're 124 /// doing access-control without privileges. 125 DeclContext *getInnerContext() const { 126 return Inner; 127 } 128 129 typedef llvm::SmallVectorImpl<CXXRecordDecl*>::const_iterator record_iterator; 130 131 DeclContext *Inner; 132 llvm::SmallVector<FunctionDecl*, 4> Functions; 133 llvm::SmallVector<CXXRecordDecl*, 4> Records; 134 bool Dependent; 135}; 136 137/// Like sema:;AccessedEntity, but kindly lets us scribble all over 138/// it. 139struct AccessTarget : public AccessedEntity { 140 AccessTarget(const AccessedEntity &Entity) 141 : AccessedEntity(Entity) { 142 initialize(); 143 } 144 145 AccessTarget(ASTContext &Context, 146 MemberNonce _, 147 CXXRecordDecl *NamingClass, 148 DeclAccessPair FoundDecl, 149 QualType BaseObjectType) 150 : AccessedEntity(Context, Member, NamingClass, FoundDecl, BaseObjectType) { 151 initialize(); 152 } 153 154 AccessTarget(ASTContext &Context, 155 BaseNonce _, 156 CXXRecordDecl *BaseClass, 157 CXXRecordDecl *DerivedClass, 158 AccessSpecifier Access) 159 : AccessedEntity(Context, Base, BaseClass, DerivedClass, Access) { 160 initialize(); 161 } 162 163 bool hasInstanceContext() const { 164 return HasInstanceContext; 165 } 166 167 class SavedInstanceContext { 168 public: 169 ~SavedInstanceContext() { 170 Target.HasInstanceContext = Has; 171 } 172 173 private: 174 friend struct AccessTarget; 175 explicit SavedInstanceContext(AccessTarget &Target) 176 : Target(Target), Has(Target.HasInstanceContext) {} 177 AccessTarget &Target; 178 bool Has; 179 }; 180 181 SavedInstanceContext saveInstanceContext() { 182 return SavedInstanceContext(*this); 183 } 184 185 void suppressInstanceContext() { 186 HasInstanceContext = false; 187 } 188 189 const CXXRecordDecl *resolveInstanceContext(Sema &S) const { 190 assert(HasInstanceContext); 191 if (CalculatedInstanceContext) 192 return InstanceContext; 193 194 CalculatedInstanceContext = true; 195 DeclContext *IC = S.computeDeclContext(getBaseObjectType()); 196 InstanceContext = (IC ? cast<CXXRecordDecl>(IC)->getCanonicalDecl() : 0); 197 return InstanceContext; 198 } 199 200 const CXXRecordDecl *getDeclaringClass() const { 201 return DeclaringClass; 202 } 203 204private: 205 void initialize() { 206 HasInstanceContext = (isMemberAccess() && 207 !getBaseObjectType().isNull() && 208 getTargetDecl()->isCXXInstanceMember()); 209 CalculatedInstanceContext = false; 210 InstanceContext = 0; 211 212 if (isMemberAccess()) 213 DeclaringClass = FindDeclaringClass(getTargetDecl()); 214 else 215 DeclaringClass = getBaseClass(); 216 DeclaringClass = DeclaringClass->getCanonicalDecl(); 217 } 218 219 bool HasInstanceContext : 1; 220 mutable bool CalculatedInstanceContext : 1; 221 mutable const CXXRecordDecl *InstanceContext; 222 const CXXRecordDecl *DeclaringClass; 223}; 224 225} 226 227/// Checks whether one class might instantiate to the other. 228static bool MightInstantiateTo(const CXXRecordDecl *From, 229 const CXXRecordDecl *To) { 230 // Declaration names are always preserved by instantiation. 231 if (From->getDeclName() != To->getDeclName()) 232 return false; 233 234 const DeclContext *FromDC = From->getDeclContext()->getPrimaryContext(); 235 const DeclContext *ToDC = To->getDeclContext()->getPrimaryContext(); 236 if (FromDC == ToDC) return true; 237 if (FromDC->isFileContext() || ToDC->isFileContext()) return false; 238 239 // Be conservative. 240 return true; 241} 242 243/// Checks whether one class is derived from another, inclusively. 244/// Properly indicates when it couldn't be determined due to 245/// dependence. 246/// 247/// This should probably be donated to AST or at least Sema. 248static AccessResult IsDerivedFromInclusive(const CXXRecordDecl *Derived, 249 const CXXRecordDecl *Target) { 250 assert(Derived->getCanonicalDecl() == Derived); 251 assert(Target->getCanonicalDecl() == Target); 252 253 if (Derived == Target) return AR_accessible; 254 255 bool CheckDependent = Derived->isDependentContext(); 256 if (CheckDependent && MightInstantiateTo(Derived, Target)) 257 return AR_dependent; 258 259 AccessResult OnFailure = AR_inaccessible; 260 llvm::SmallVector<const CXXRecordDecl*, 8> Queue; // actually a stack 261 262 while (true) { 263 for (CXXRecordDecl::base_class_const_iterator 264 I = Derived->bases_begin(), E = Derived->bases_end(); I != E; ++I) { 265 266 const CXXRecordDecl *RD; 267 268 QualType T = I->getType(); 269 if (const RecordType *RT = T->getAs<RecordType>()) { 270 RD = cast<CXXRecordDecl>(RT->getDecl()); 271 } else if (const InjectedClassNameType *IT 272 = T->getAs<InjectedClassNameType>()) { 273 RD = IT->getDecl(); 274 } else { 275 assert(T->isDependentType() && "non-dependent base wasn't a record?"); 276 OnFailure = AR_dependent; 277 continue; 278 } 279 280 RD = RD->getCanonicalDecl(); 281 if (RD == Target) return AR_accessible; 282 if (CheckDependent && MightInstantiateTo(RD, Target)) 283 OnFailure = AR_dependent; 284 285 Queue.push_back(RD); 286 } 287 288 if (Queue.empty()) break; 289 290 Derived = Queue.back(); 291 Queue.pop_back(); 292 } 293 294 return OnFailure; 295} 296 297 298static bool MightInstantiateTo(Sema &S, DeclContext *Context, 299 DeclContext *Friend) { 300 if (Friend == Context) 301 return true; 302 303 assert(!Friend->isDependentContext() && 304 "can't handle friends with dependent contexts here"); 305 306 if (!Context->isDependentContext()) 307 return false; 308 309 if (Friend->isFileContext()) 310 return false; 311 312 // TODO: this is very conservative 313 return true; 314} 315 316// Asks whether the type in 'context' can ever instantiate to the type 317// in 'friend'. 318static bool MightInstantiateTo(Sema &S, CanQualType Context, CanQualType Friend) { 319 if (Friend == Context) 320 return true; 321 322 if (!Friend->isDependentType() && !Context->isDependentType()) 323 return false; 324 325 // TODO: this is very conservative. 326 return true; 327} 328 329static bool MightInstantiateTo(Sema &S, 330 FunctionDecl *Context, 331 FunctionDecl *Friend) { 332 if (Context->getDeclName() != Friend->getDeclName()) 333 return false; 334 335 if (!MightInstantiateTo(S, 336 Context->getDeclContext(), 337 Friend->getDeclContext())) 338 return false; 339 340 CanQual<FunctionProtoType> FriendTy 341 = S.Context.getCanonicalType(Friend->getType()) 342 ->getAs<FunctionProtoType>(); 343 CanQual<FunctionProtoType> ContextTy 344 = S.Context.getCanonicalType(Context->getType()) 345 ->getAs<FunctionProtoType>(); 346 347 // There isn't any way that I know of to add qualifiers 348 // during instantiation. 349 if (FriendTy.getQualifiers() != ContextTy.getQualifiers()) 350 return false; 351 352 if (FriendTy->getNumArgs() != ContextTy->getNumArgs()) 353 return false; 354 355 if (!MightInstantiateTo(S, 356 ContextTy->getResultType(), 357 FriendTy->getResultType())) 358 return false; 359 360 for (unsigned I = 0, E = FriendTy->getNumArgs(); I != E; ++I) 361 if (!MightInstantiateTo(S, 362 ContextTy->getArgType(I), 363 FriendTy->getArgType(I))) 364 return false; 365 366 return true; 367} 368 369static bool MightInstantiateTo(Sema &S, 370 FunctionTemplateDecl *Context, 371 FunctionTemplateDecl *Friend) { 372 return MightInstantiateTo(S, 373 Context->getTemplatedDecl(), 374 Friend->getTemplatedDecl()); 375} 376 377static AccessResult MatchesFriend(Sema &S, 378 const EffectiveContext &EC, 379 const CXXRecordDecl *Friend) { 380 if (EC.includesClass(Friend)) 381 return AR_accessible; 382 383 if (EC.isDependent()) { 384 CanQualType FriendTy 385 = S.Context.getCanonicalType(S.Context.getTypeDeclType(Friend)); 386 387 for (EffectiveContext::record_iterator 388 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 389 CanQualType ContextTy 390 = S.Context.getCanonicalType(S.Context.getTypeDeclType(*I)); 391 if (MightInstantiateTo(S, ContextTy, FriendTy)) 392 return AR_dependent; 393 } 394 } 395 396 return AR_inaccessible; 397} 398 399static AccessResult MatchesFriend(Sema &S, 400 const EffectiveContext &EC, 401 CanQualType Friend) { 402 if (const RecordType *RT = Friend->getAs<RecordType>()) 403 return MatchesFriend(S, EC, cast<CXXRecordDecl>(RT->getDecl())); 404 405 // TODO: we can do better than this 406 if (Friend->isDependentType()) 407 return AR_dependent; 408 409 return AR_inaccessible; 410} 411 412/// Determines whether the given friend class template matches 413/// anything in the effective context. 414static AccessResult MatchesFriend(Sema &S, 415 const EffectiveContext &EC, 416 ClassTemplateDecl *Friend) { 417 AccessResult OnFailure = AR_inaccessible; 418 419 // Check whether the friend is the template of a class in the 420 // context chain. 421 for (llvm::SmallVectorImpl<CXXRecordDecl*>::const_iterator 422 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 423 CXXRecordDecl *Record = *I; 424 425 // Figure out whether the current class has a template: 426 ClassTemplateDecl *CTD; 427 428 // A specialization of the template... 429 if (isa<ClassTemplateSpecializationDecl>(Record)) { 430 CTD = cast<ClassTemplateSpecializationDecl>(Record) 431 ->getSpecializedTemplate(); 432 433 // ... or the template pattern itself. 434 } else { 435 CTD = Record->getDescribedClassTemplate(); 436 if (!CTD) continue; 437 } 438 439 // It's a match. 440 if (Friend == CTD->getCanonicalDecl()) 441 return AR_accessible; 442 443 // If the context isn't dependent, it can't be a dependent match. 444 if (!EC.isDependent()) 445 continue; 446 447 // If the template names don't match, it can't be a dependent 448 // match. This isn't true in C++0x because of template aliases. 449 if (!S.LangOpts.CPlusPlus0x && CTD->getDeclName() != Friend->getDeclName()) 450 continue; 451 452 // If the class's context can't instantiate to the friend's 453 // context, it can't be a dependent match. 454 if (!MightInstantiateTo(S, CTD->getDeclContext(), 455 Friend->getDeclContext())) 456 continue; 457 458 // Otherwise, it's a dependent match. 459 OnFailure = AR_dependent; 460 } 461 462 return OnFailure; 463} 464 465/// Determines whether the given friend function matches anything in 466/// the effective context. 467static AccessResult MatchesFriend(Sema &S, 468 const EffectiveContext &EC, 469 FunctionDecl *Friend) { 470 AccessResult OnFailure = AR_inaccessible; 471 472 for (llvm::SmallVectorImpl<FunctionDecl*>::const_iterator 473 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) { 474 if (Friend == *I) 475 return AR_accessible; 476 477 if (EC.isDependent() && MightInstantiateTo(S, *I, Friend)) 478 OnFailure = AR_dependent; 479 } 480 481 return OnFailure; 482} 483 484/// Determines whether the given friend function template matches 485/// anything in the effective context. 486static AccessResult MatchesFriend(Sema &S, 487 const EffectiveContext &EC, 488 FunctionTemplateDecl *Friend) { 489 if (EC.Functions.empty()) return AR_inaccessible; 490 491 AccessResult OnFailure = AR_inaccessible; 492 493 for (llvm::SmallVectorImpl<FunctionDecl*>::const_iterator 494 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) { 495 496 FunctionTemplateDecl *FTD = (*I)->getPrimaryTemplate(); 497 if (!FTD) 498 FTD = (*I)->getDescribedFunctionTemplate(); 499 if (!FTD) 500 continue; 501 502 FTD = FTD->getCanonicalDecl(); 503 504 if (Friend == FTD) 505 return AR_accessible; 506 507 if (EC.isDependent() && MightInstantiateTo(S, FTD, Friend)) 508 OnFailure = AR_dependent; 509 } 510 511 return OnFailure; 512} 513 514/// Determines whether the given friend declaration matches anything 515/// in the effective context. 516static AccessResult MatchesFriend(Sema &S, 517 const EffectiveContext &EC, 518 FriendDecl *FriendD) { 519 // Whitelist accesses if there's an invalid or unsupported friend 520 // declaration. 521 if (FriendD->isInvalidDecl() || FriendD->isUnsupportedFriend()) 522 return AR_accessible; 523 524 if (TypeSourceInfo *T = FriendD->getFriendType()) 525 return MatchesFriend(S, EC, T->getType()->getCanonicalTypeUnqualified()); 526 527 NamedDecl *Friend 528 = cast<NamedDecl>(FriendD->getFriendDecl()->getCanonicalDecl()); 529 530 // FIXME: declarations with dependent or templated scope. 531 532 if (isa<ClassTemplateDecl>(Friend)) 533 return MatchesFriend(S, EC, cast<ClassTemplateDecl>(Friend)); 534 535 if (isa<FunctionTemplateDecl>(Friend)) 536 return MatchesFriend(S, EC, cast<FunctionTemplateDecl>(Friend)); 537 538 if (isa<CXXRecordDecl>(Friend)) 539 return MatchesFriend(S, EC, cast<CXXRecordDecl>(Friend)); 540 541 assert(isa<FunctionDecl>(Friend) && "unknown friend decl kind"); 542 return MatchesFriend(S, EC, cast<FunctionDecl>(Friend)); 543} 544 545static AccessResult GetFriendKind(Sema &S, 546 const EffectiveContext &EC, 547 const CXXRecordDecl *Class) { 548 AccessResult OnFailure = AR_inaccessible; 549 550 // Okay, check friends. 551 for (CXXRecordDecl::friend_iterator I = Class->friend_begin(), 552 E = Class->friend_end(); I != E; ++I) { 553 FriendDecl *Friend = *I; 554 555 switch (MatchesFriend(S, EC, Friend)) { 556 case AR_accessible: 557 return AR_accessible; 558 559 case AR_inaccessible: 560 continue; 561 562 case AR_dependent: 563 OnFailure = AR_dependent; 564 break; 565 } 566 } 567 568 // That's it, give up. 569 return OnFailure; 570} 571 572namespace { 573 574/// A helper class for checking for a friend which will grant access 575/// to a protected instance member. 576struct ProtectedFriendContext { 577 Sema &S; 578 const EffectiveContext &EC; 579 const CXXRecordDecl *NamingClass; 580 bool CheckDependent; 581 bool EverDependent; 582 583 /// The path down to the current base class. 584 llvm::SmallVector<const CXXRecordDecl*, 20> CurPath; 585 586 ProtectedFriendContext(Sema &S, const EffectiveContext &EC, 587 const CXXRecordDecl *InstanceContext, 588 const CXXRecordDecl *NamingClass) 589 : S(S), EC(EC), NamingClass(NamingClass), 590 CheckDependent(InstanceContext->isDependentContext() || 591 NamingClass->isDependentContext()), 592 EverDependent(false) {} 593 594 /// Check classes in the current path for friendship, starting at 595 /// the given index. 596 bool checkFriendshipAlongPath(unsigned I) { 597 assert(I < CurPath.size()); 598 for (unsigned E = CurPath.size(); I != E; ++I) { 599 switch (GetFriendKind(S, EC, CurPath[I])) { 600 case AR_accessible: return true; 601 case AR_inaccessible: continue; 602 case AR_dependent: EverDependent = true; continue; 603 } 604 } 605 return false; 606 } 607 608 /// Perform a search starting at the given class. 609 /// 610 /// PrivateDepth is the index of the last (least derived) class 611 /// along the current path such that a notional public member of 612 /// the final class in the path would have access in that class. 613 bool findFriendship(const CXXRecordDecl *Cur, unsigned PrivateDepth) { 614 // If we ever reach the naming class, check the current path for 615 // friendship. We can also stop recursing because we obviously 616 // won't find the naming class there again. 617 if (Cur == NamingClass) 618 return checkFriendshipAlongPath(PrivateDepth); 619 620 if (CheckDependent && MightInstantiateTo(Cur, NamingClass)) 621 EverDependent = true; 622 623 // Recurse into the base classes. 624 for (CXXRecordDecl::base_class_const_iterator 625 I = Cur->bases_begin(), E = Cur->bases_end(); I != E; ++I) { 626 627 // If this is private inheritance, then a public member of the 628 // base will not have any access in classes derived from Cur. 629 unsigned BasePrivateDepth = PrivateDepth; 630 if (I->getAccessSpecifier() == AS_private) 631 BasePrivateDepth = CurPath.size() - 1; 632 633 const CXXRecordDecl *RD; 634 635 QualType T = I->getType(); 636 if (const RecordType *RT = T->getAs<RecordType>()) { 637 RD = cast<CXXRecordDecl>(RT->getDecl()); 638 } else if (const InjectedClassNameType *IT 639 = T->getAs<InjectedClassNameType>()) { 640 RD = IT->getDecl(); 641 } else { 642 assert(T->isDependentType() && "non-dependent base wasn't a record?"); 643 EverDependent = true; 644 continue; 645 } 646 647 // Recurse. We don't need to clean up if this returns true. 648 CurPath.push_back(RD); 649 if (findFriendship(RD->getCanonicalDecl(), BasePrivateDepth)) 650 return true; 651 CurPath.pop_back(); 652 } 653 654 return false; 655 } 656 657 bool findFriendship(const CXXRecordDecl *Cur) { 658 assert(CurPath.empty()); 659 CurPath.push_back(Cur); 660 return findFriendship(Cur, 0); 661 } 662}; 663} 664 665/// Search for a class P that EC is a friend of, under the constraint 666/// InstanceContext <= P <= NamingClass 667/// and with the additional restriction that a protected member of 668/// NamingClass would have some natural access in P. 669/// 670/// That second condition isn't actually quite right: the condition in 671/// the standard is whether the target would have some natural access 672/// in P. The difference is that the target might be more accessible 673/// along some path not passing through NamingClass. Allowing that 674/// introduces two problems: 675/// - It breaks encapsulation because you can suddenly access a 676/// forbidden base class's members by subclassing it elsewhere. 677/// - It makes access substantially harder to compute because it 678/// breaks the hill-climbing algorithm: knowing that the target is 679/// accessible in some base class would no longer let you change 680/// the question solely to whether the base class is accessible, 681/// because the original target might have been more accessible 682/// because of crazy subclassing. 683/// So we don't implement that. 684static AccessResult GetProtectedFriendKind(Sema &S, const EffectiveContext &EC, 685 const CXXRecordDecl *InstanceContext, 686 const CXXRecordDecl *NamingClass) { 687 assert(InstanceContext->getCanonicalDecl() == InstanceContext); 688 assert(NamingClass->getCanonicalDecl() == NamingClass); 689 690 ProtectedFriendContext PRC(S, EC, InstanceContext, NamingClass); 691 if (PRC.findFriendship(InstanceContext)) return AR_accessible; 692 if (PRC.EverDependent) return AR_dependent; 693 return AR_inaccessible; 694} 695 696static AccessResult HasAccess(Sema &S, 697 const EffectiveContext &EC, 698 const CXXRecordDecl *NamingClass, 699 AccessSpecifier Access, 700 const AccessTarget &Target) { 701 assert(NamingClass->getCanonicalDecl() == NamingClass && 702 "declaration should be canonicalized before being passed here"); 703 704 if (Access == AS_public) return AR_accessible; 705 assert(Access == AS_private || Access == AS_protected); 706 707 AccessResult OnFailure = AR_inaccessible; 708 709 for (EffectiveContext::record_iterator 710 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 711 // All the declarations in EC have been canonicalized, so pointer 712 // equality from this point on will work fine. 713 const CXXRecordDecl *ECRecord = *I; 714 715 // [B2] and [M2] 716 if (Access == AS_private) { 717 if (ECRecord == NamingClass) 718 return AR_accessible; 719 720 if (EC.isDependent() && MightInstantiateTo(ECRecord, NamingClass)) 721 OnFailure = AR_dependent; 722 723 // [B3] and [M3] 724 } else { 725 assert(Access == AS_protected); 726 switch (IsDerivedFromInclusive(ECRecord, NamingClass)) { 727 case AR_accessible: break; 728 case AR_inaccessible: continue; 729 case AR_dependent: OnFailure = AR_dependent; continue; 730 } 731 732 if (!Target.hasInstanceContext()) 733 return AR_accessible; 734 735 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S); 736 if (!InstanceContext) { 737 OnFailure = AR_dependent; 738 continue; 739 } 740 741 // C++ [class.protected]p1: 742 // An additional access check beyond those described earlier in 743 // [class.access] is applied when a non-static data member or 744 // non-static member function is a protected member of its naming 745 // class. As described earlier, access to a protected member is 746 // granted because the reference occurs in a friend or member of 747 // some class C. If the access is to form a pointer to member, 748 // the nested-name-specifier shall name C or a class derived from 749 // C. All other accesses involve a (possibly implicit) object 750 // expression. In this case, the class of the object expression 751 // shall be C or a class derived from C. 752 // 753 // We interpret this as a restriction on [M3]. Most of the 754 // conditions are encoded by not having any instance context. 755 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) { 756 case AR_accessible: return AR_accessible; 757 case AR_inaccessible: continue; 758 case AR_dependent: OnFailure = AR_dependent; continue; 759 } 760 } 761 } 762 763 // [M3] and [B3] say that, if the target is protected in N, we grant 764 // access if the access occurs in a friend or member of some class P 765 // that's a subclass of N and where the target has some natural 766 // access in P. The 'member' aspect is easy to handle because P 767 // would necessarily be one of the effective-context records, and we 768 // address that above. The 'friend' aspect is completely ridiculous 769 // to implement because there are no restrictions at all on P 770 // *unless* the [class.protected] restriction applies. If it does, 771 // however, we should ignore whether the naming class is a friend, 772 // and instead rely on whether any potential P is a friend. 773 if (Access == AS_protected && Target.hasInstanceContext()) { 774 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S); 775 if (!InstanceContext) return AR_dependent; 776 switch (GetProtectedFriendKind(S, EC, InstanceContext, NamingClass)) { 777 case AR_accessible: return AR_accessible; 778 case AR_inaccessible: return OnFailure; 779 case AR_dependent: return AR_dependent; 780 } 781 llvm_unreachable("impossible friendship kind"); 782 } 783 784 switch (GetFriendKind(S, EC, NamingClass)) { 785 case AR_accessible: return AR_accessible; 786 case AR_inaccessible: return OnFailure; 787 case AR_dependent: return AR_dependent; 788 } 789 790 // Silence bogus warnings 791 llvm_unreachable("impossible friendship kind"); 792 return OnFailure; 793} 794 795/// Finds the best path from the naming class to the declaring class, 796/// taking friend declarations into account. 797/// 798/// C++0x [class.access.base]p5: 799/// A member m is accessible at the point R when named in class N if 800/// [M1] m as a member of N is public, or 801/// [M2] m as a member of N is private, and R occurs in a member or 802/// friend of class N, or 803/// [M3] m as a member of N is protected, and R occurs in a member or 804/// friend of class N, or in a member or friend of a class P 805/// derived from N, where m as a member of P is public, private, 806/// or protected, or 807/// [M4] there exists a base class B of N that is accessible at R, and 808/// m is accessible at R when named in class B. 809/// 810/// C++0x [class.access.base]p4: 811/// A base class B of N is accessible at R, if 812/// [B1] an invented public member of B would be a public member of N, or 813/// [B2] R occurs in a member or friend of class N, and an invented public 814/// member of B would be a private or protected member of N, or 815/// [B3] R occurs in a member or friend of a class P derived from N, and an 816/// invented public member of B would be a private or protected member 817/// of P, or 818/// [B4] there exists a class S such that B is a base class of S accessible 819/// at R and S is a base class of N accessible at R. 820/// 821/// Along a single inheritance path we can restate both of these 822/// iteratively: 823/// 824/// First, we note that M1-4 are equivalent to B1-4 if the member is 825/// treated as a notional base of its declaring class with inheritance 826/// access equivalent to the member's access. Therefore we need only 827/// ask whether a class B is accessible from a class N in context R. 828/// 829/// Let B_1 .. B_n be the inheritance path in question (i.e. where 830/// B_1 = N, B_n = B, and for all i, B_{i+1} is a direct base class of 831/// B_i). For i in 1..n, we will calculate ACAB(i), the access to the 832/// closest accessible base in the path: 833/// Access(a, b) = (* access on the base specifier from a to b *) 834/// Merge(a, forbidden) = forbidden 835/// Merge(a, private) = forbidden 836/// Merge(a, b) = min(a,b) 837/// Accessible(c, forbidden) = false 838/// Accessible(c, private) = (R is c) || IsFriend(c, R) 839/// Accessible(c, protected) = (R derived from c) || IsFriend(c, R) 840/// Accessible(c, public) = true 841/// ACAB(n) = public 842/// ACAB(i) = 843/// let AccessToBase = Merge(Access(B_i, B_{i+1}), ACAB(i+1)) in 844/// if Accessible(B_i, AccessToBase) then public else AccessToBase 845/// 846/// B is an accessible base of N at R iff ACAB(1) = public. 847/// 848/// \param FinalAccess the access of the "final step", or AS_public if 849/// there is no final step. 850/// \return null if friendship is dependent 851static CXXBasePath *FindBestPath(Sema &S, 852 const EffectiveContext &EC, 853 AccessTarget &Target, 854 AccessSpecifier FinalAccess, 855 CXXBasePaths &Paths) { 856 // Derive the paths to the desired base. 857 const CXXRecordDecl *Derived = Target.getNamingClass(); 858 const CXXRecordDecl *Base = Target.getDeclaringClass(); 859 860 // FIXME: fail correctly when there are dependent paths. 861 bool isDerived = Derived->isDerivedFrom(const_cast<CXXRecordDecl*>(Base), 862 Paths); 863 assert(isDerived && "derived class not actually derived from base"); 864 (void) isDerived; 865 866 CXXBasePath *BestPath = 0; 867 868 assert(FinalAccess != AS_none && "forbidden access after declaring class"); 869 870 bool AnyDependent = false; 871 872 // Derive the friend-modified access along each path. 873 for (CXXBasePaths::paths_iterator PI = Paths.begin(), PE = Paths.end(); 874 PI != PE; ++PI) { 875 AccessTarget::SavedInstanceContext _ = Target.saveInstanceContext(); 876 877 // Walk through the path backwards. 878 AccessSpecifier PathAccess = FinalAccess; 879 CXXBasePath::iterator I = PI->end(), E = PI->begin(); 880 while (I != E) { 881 --I; 882 883 assert(PathAccess != AS_none); 884 885 // If the declaration is a private member of a base class, there 886 // is no level of friendship in derived classes that can make it 887 // accessible. 888 if (PathAccess == AS_private) { 889 PathAccess = AS_none; 890 break; 891 } 892 893 const CXXRecordDecl *NC = I->Class->getCanonicalDecl(); 894 895 AccessSpecifier BaseAccess = I->Base->getAccessSpecifier(); 896 PathAccess = std::max(PathAccess, BaseAccess); 897 898 switch (HasAccess(S, EC, NC, PathAccess, Target)) { 899 case AR_inaccessible: break; 900 case AR_accessible: 901 PathAccess = AS_public; 902 903 // Future tests are not against members and so do not have 904 // instance context. 905 Target.suppressInstanceContext(); 906 break; 907 case AR_dependent: 908 AnyDependent = true; 909 goto Next; 910 } 911 } 912 913 // Note that we modify the path's Access field to the 914 // friend-modified access. 915 if (BestPath == 0 || PathAccess < BestPath->Access) { 916 BestPath = &*PI; 917 BestPath->Access = PathAccess; 918 919 // Short-circuit if we found a public path. 920 if (BestPath->Access == AS_public) 921 return BestPath; 922 } 923 924 Next: ; 925 } 926 927 assert((!BestPath || BestPath->Access != AS_public) && 928 "fell out of loop with public path"); 929 930 // We didn't find a public path, but at least one path was subject 931 // to dependent friendship, so delay the check. 932 if (AnyDependent) 933 return 0; 934 935 return BestPath; 936} 937 938/// Given that an entity has protected natural access, check whether 939/// access might be denied because of the protected member access 940/// restriction. 941/// 942/// \return true if a note was emitted 943static bool TryDiagnoseProtectedAccess(Sema &S, const EffectiveContext &EC, 944 AccessTarget &Target) { 945 // Only applies to instance accesses. 946 if (!Target.hasInstanceContext()) 947 return false; 948 assert(Target.isMemberAccess()); 949 NamedDecl *D = Target.getTargetDecl(); 950 951 const CXXRecordDecl *DeclaringClass = Target.getDeclaringClass(); 952 DeclaringClass = DeclaringClass->getCanonicalDecl(); 953 954 for (EffectiveContext::record_iterator 955 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 956 const CXXRecordDecl *ECRecord = *I; 957 switch (IsDerivedFromInclusive(ECRecord, DeclaringClass)) { 958 case AR_accessible: break; 959 case AR_inaccessible: continue; 960 case AR_dependent: continue; 961 } 962 963 // The effective context is a subclass of the declaring class. 964 // If that class isn't a superclass of the instance context, 965 // then the [class.protected] restriction applies. 966 967 // To get this exactly right, this might need to be checked more 968 // holistically; it's not necessarily the case that gaining 969 // access here would grant us access overall. 970 971 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S); 972 assert(InstanceContext && "diagnosing dependent access"); 973 974 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) { 975 case AR_accessible: continue; 976 case AR_dependent: continue; 977 case AR_inaccessible: 978 S.Diag(D->getLocation(), diag::note_access_protected_restricted) 979 << (InstanceContext != Target.getNamingClass()->getCanonicalDecl()) 980 << S.Context.getTypeDeclType(InstanceContext) 981 << S.Context.getTypeDeclType(ECRecord); 982 return true; 983 } 984 } 985 986 return false; 987} 988 989/// Diagnose the path which caused the given declaration or base class 990/// to become inaccessible. 991static void DiagnoseAccessPath(Sema &S, 992 const EffectiveContext &EC, 993 AccessTarget &Entity) { 994 AccessSpecifier Access = Entity.getAccess(); 995 const CXXRecordDecl *NamingClass = Entity.getNamingClass(); 996 NamingClass = NamingClass->getCanonicalDecl(); 997 998 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0); 999 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass(); 1000 1001 // Easy case: the decl's natural access determined its path access. 1002 // We have to check against AS_private here in case Access is AS_none, 1003 // indicating a non-public member of a private base class. 1004 if (D && (Access == D->getAccess() || D->getAccess() == AS_private)) { 1005 switch (HasAccess(S, EC, DeclaringClass, D->getAccess(), Entity)) { 1006 case AR_inaccessible: { 1007 if (Access == AS_protected && 1008 TryDiagnoseProtectedAccess(S, EC, Entity)) 1009 return; 1010 1011 // Find an original declaration. 1012 while (D->isOutOfLine()) { 1013 NamedDecl *PrevDecl = 0; 1014 if (isa<VarDecl>(D)) 1015 PrevDecl = cast<VarDecl>(D)->getPreviousDeclaration(); 1016 else if (isa<FunctionDecl>(D)) 1017 PrevDecl = cast<FunctionDecl>(D)->getPreviousDeclaration(); 1018 else if (isa<TypedefDecl>(D)) 1019 PrevDecl = cast<TypedefDecl>(D)->getPreviousDeclaration(); 1020 else if (isa<TagDecl>(D)) { 1021 if (isa<RecordDecl>(D) && cast<RecordDecl>(D)->isInjectedClassName()) 1022 break; 1023 PrevDecl = cast<TagDecl>(D)->getPreviousDeclaration(); 1024 } 1025 if (!PrevDecl) break; 1026 D = PrevDecl; 1027 } 1028 1029 CXXRecordDecl *DeclaringClass = FindDeclaringClass(D); 1030 Decl *ImmediateChild; 1031 if (D->getDeclContext() == DeclaringClass) 1032 ImmediateChild = D; 1033 else { 1034 DeclContext *DC = D->getDeclContext(); 1035 while (DC->getParent() != DeclaringClass) 1036 DC = DC->getParent(); 1037 ImmediateChild = cast<Decl>(DC); 1038 } 1039 1040 // Check whether there's an AccessSpecDecl preceding this in the 1041 // chain of the DeclContext. 1042 bool Implicit = true; 1043 for (CXXRecordDecl::decl_iterator 1044 I = DeclaringClass->decls_begin(), E = DeclaringClass->decls_end(); 1045 I != E; ++I) { 1046 if (*I == ImmediateChild) break; 1047 if (isa<AccessSpecDecl>(*I)) { 1048 Implicit = false; 1049 break; 1050 } 1051 } 1052 1053 S.Diag(D->getLocation(), diag::note_access_natural) 1054 << (unsigned) (Access == AS_protected) 1055 << Implicit; 1056 return; 1057 } 1058 1059 case AR_accessible: break; 1060 1061 case AR_dependent: 1062 llvm_unreachable("can't diagnose dependent access failures"); 1063 return; 1064 } 1065 } 1066 1067 CXXBasePaths Paths; 1068 CXXBasePath &Path = *FindBestPath(S, EC, Entity, AS_public, Paths); 1069 1070 CXXBasePath::iterator I = Path.end(), E = Path.begin(); 1071 while (I != E) { 1072 --I; 1073 1074 const CXXBaseSpecifier *BS = I->Base; 1075 AccessSpecifier BaseAccess = BS->getAccessSpecifier(); 1076 1077 // If this is public inheritance, or the derived class is a friend, 1078 // skip this step. 1079 if (BaseAccess == AS_public) 1080 continue; 1081 1082 switch (GetFriendKind(S, EC, I->Class)) { 1083 case AR_accessible: continue; 1084 case AR_inaccessible: break; 1085 case AR_dependent: 1086 llvm_unreachable("can't diagnose dependent access failures"); 1087 } 1088 1089 // Check whether this base specifier is the tighest point 1090 // constraining access. We have to check against AS_private for 1091 // the same reasons as above. 1092 if (BaseAccess == AS_private || BaseAccess >= Access) { 1093 1094 // We're constrained by inheritance, but we want to say 1095 // "declared private here" if we're diagnosing a hierarchy 1096 // conversion and this is the final step. 1097 unsigned diagnostic; 1098 if (D) diagnostic = diag::note_access_constrained_by_path; 1099 else if (I + 1 == Path.end()) diagnostic = diag::note_access_natural; 1100 else diagnostic = diag::note_access_constrained_by_path; 1101 1102 S.Diag(BS->getSourceRange().getBegin(), diagnostic) 1103 << BS->getSourceRange() 1104 << (BaseAccess == AS_protected) 1105 << (BS->getAccessSpecifierAsWritten() == AS_none); 1106 1107 if (D) 1108 S.Diag(D->getLocation(), diag::note_field_decl); 1109 1110 return; 1111 } 1112 } 1113 1114 llvm_unreachable("access not apparently constrained by path"); 1115} 1116 1117static void DiagnoseBadAccess(Sema &S, SourceLocation Loc, 1118 const EffectiveContext &EC, 1119 AccessTarget &Entity) { 1120 const CXXRecordDecl *NamingClass = Entity.getNamingClass(); 1121 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass(); 1122 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0); 1123 1124 S.Diag(Loc, Entity.getDiag()) 1125 << (Entity.getAccess() == AS_protected) 1126 << (D ? D->getDeclName() : DeclarationName()) 1127 << S.Context.getTypeDeclType(NamingClass) 1128 << S.Context.getTypeDeclType(DeclaringClass); 1129 DiagnoseAccessPath(S, EC, Entity); 1130} 1131 1132/// Determines whether the accessed entity is accessible. Public members 1133/// have been weeded out by this point. 1134static AccessResult IsAccessible(Sema &S, 1135 const EffectiveContext &EC, 1136 AccessTarget &Entity) { 1137 // Determine the actual naming class. 1138 CXXRecordDecl *NamingClass = Entity.getNamingClass(); 1139 while (NamingClass->isAnonymousStructOrUnion()) 1140 NamingClass = cast<CXXRecordDecl>(NamingClass->getParent()); 1141 NamingClass = NamingClass->getCanonicalDecl(); 1142 1143 AccessSpecifier UnprivilegedAccess = Entity.getAccess(); 1144 assert(UnprivilegedAccess != AS_public && "public access not weeded out"); 1145 1146 // Before we try to recalculate access paths, try to white-list 1147 // accesses which just trade in on the final step, i.e. accesses 1148 // which don't require [M4] or [B4]. These are by far the most 1149 // common forms of privileged access. 1150 if (UnprivilegedAccess != AS_none) { 1151 switch (HasAccess(S, EC, NamingClass, UnprivilegedAccess, Entity)) { 1152 case AR_dependent: 1153 // This is actually an interesting policy decision. We don't 1154 // *have* to delay immediately here: we can do the full access 1155 // calculation in the hope that friendship on some intermediate 1156 // class will make the declaration accessible non-dependently. 1157 // But that's not cheap, and odds are very good (note: assertion 1158 // made without data) that the friend declaration will determine 1159 // access. 1160 return AR_dependent; 1161 1162 case AR_accessible: return AR_accessible; 1163 case AR_inaccessible: break; 1164 } 1165 } 1166 1167 AccessTarget::SavedInstanceContext _ = Entity.saveInstanceContext(); 1168 1169 // We lower member accesses to base accesses by pretending that the 1170 // member is a base class of its declaring class. 1171 AccessSpecifier FinalAccess; 1172 1173 if (Entity.isMemberAccess()) { 1174 // Determine if the declaration is accessible from EC when named 1175 // in its declaring class. 1176 NamedDecl *Target = Entity.getTargetDecl(); 1177 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass(); 1178 1179 FinalAccess = Target->getAccess(); 1180 switch (HasAccess(S, EC, DeclaringClass, FinalAccess, Entity)) { 1181 case AR_accessible: 1182 FinalAccess = AS_public; 1183 break; 1184 case AR_inaccessible: break; 1185 case AR_dependent: return AR_dependent; // see above 1186 } 1187 1188 if (DeclaringClass == NamingClass) 1189 return (FinalAccess == AS_public ? AR_accessible : AR_inaccessible); 1190 1191 Entity.suppressInstanceContext(); 1192 } else { 1193 FinalAccess = AS_public; 1194 } 1195 1196 assert(Entity.getDeclaringClass() != NamingClass); 1197 1198 // Append the declaration's access if applicable. 1199 CXXBasePaths Paths; 1200 CXXBasePath *Path = FindBestPath(S, EC, Entity, FinalAccess, Paths); 1201 if (!Path) 1202 return AR_dependent; 1203 1204 assert(Path->Access <= UnprivilegedAccess && 1205 "access along best path worse than direct?"); 1206 if (Path->Access == AS_public) 1207 return AR_accessible; 1208 return AR_inaccessible; 1209} 1210 1211static void DelayDependentAccess(Sema &S, 1212 const EffectiveContext &EC, 1213 SourceLocation Loc, 1214 const AccessTarget &Entity) { 1215 assert(EC.isDependent() && "delaying non-dependent access"); 1216 DeclContext *DC = EC.getInnerContext(); 1217 assert(DC->isDependentContext() && "delaying non-dependent access"); 1218 DependentDiagnostic::Create(S.Context, DC, DependentDiagnostic::Access, 1219 Loc, 1220 Entity.isMemberAccess(), 1221 Entity.getAccess(), 1222 Entity.getTargetDecl(), 1223 Entity.getNamingClass(), 1224 Entity.getBaseObjectType(), 1225 Entity.getDiag()); 1226} 1227 1228/// Checks access to an entity from the given effective context. 1229static AccessResult CheckEffectiveAccess(Sema &S, 1230 const EffectiveContext &EC, 1231 SourceLocation Loc, 1232 AccessTarget &Entity) { 1233 assert(Entity.getAccess() != AS_public && "called for public access!"); 1234 1235 switch (IsAccessible(S, EC, Entity)) { 1236 case AR_dependent: 1237 DelayDependentAccess(S, EC, Loc, Entity); 1238 return AR_dependent; 1239 1240 case AR_inaccessible: 1241 if (!Entity.isQuiet()) 1242 DiagnoseBadAccess(S, Loc, EC, Entity); 1243 return AR_inaccessible; 1244 1245 case AR_accessible: 1246 return AR_accessible; 1247 } 1248 1249 // silence unnecessary warning 1250 llvm_unreachable("invalid access result"); 1251 return AR_accessible; 1252} 1253 1254static Sema::AccessResult CheckAccess(Sema &S, SourceLocation Loc, 1255 AccessTarget &Entity) { 1256 // If the access path is public, it's accessible everywhere. 1257 if (Entity.getAccess() == AS_public) 1258 return Sema::AR_accessible; 1259 1260 if (S.SuppressAccessChecking) 1261 return Sema::AR_accessible; 1262 1263 // If we're currently parsing a top-level declaration, delay 1264 // diagnostics. This is the only case where parsing a declaration 1265 // can actually change our effective context for the purposes of 1266 // access control. 1267 if (S.CurContext->isFileContext() && S.ParsingDeclDepth) { 1268 S.DelayedDiagnostics.push_back( 1269 DelayedDiagnostic::makeAccess(Loc, Entity)); 1270 return Sema::AR_delayed; 1271 } 1272 1273 EffectiveContext EC(S.CurContext); 1274 switch (CheckEffectiveAccess(S, EC, Loc, Entity)) { 1275 case AR_accessible: return Sema::AR_accessible; 1276 case AR_inaccessible: return Sema::AR_inaccessible; 1277 case AR_dependent: return Sema::AR_dependent; 1278 } 1279 llvm_unreachable("falling off end"); 1280 return Sema::AR_accessible; 1281} 1282 1283void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *Ctx) { 1284 // Pretend we did this from the context of the newly-parsed 1285 // declaration. If that declaration itself forms a declaration context, 1286 // include it in the effective context so that parameters and return types of 1287 // befriended functions have that function's access priveledges. 1288 DeclContext *DC = Ctx->getDeclContext(); 1289 if (isa<FunctionDecl>(Ctx)) 1290 DC = cast<DeclContext>(Ctx); 1291 else if (FunctionTemplateDecl *FnTpl = dyn_cast<FunctionTemplateDecl>(Ctx)) 1292 DC = cast<DeclContext>(FnTpl->getTemplatedDecl()); 1293 EffectiveContext EC(DC); 1294 1295 AccessTarget Target(DD.getAccessData()); 1296 1297 if (CheckEffectiveAccess(*this, EC, DD.Loc, Target) == ::AR_inaccessible) 1298 DD.Triggered = true; 1299} 1300 1301void Sema::HandleDependentAccessCheck(const DependentDiagnostic &DD, 1302 const MultiLevelTemplateArgumentList &TemplateArgs) { 1303 SourceLocation Loc = DD.getAccessLoc(); 1304 AccessSpecifier Access = DD.getAccess(); 1305 1306 Decl *NamingD = FindInstantiatedDecl(Loc, DD.getAccessNamingClass(), 1307 TemplateArgs); 1308 if (!NamingD) return; 1309 Decl *TargetD = FindInstantiatedDecl(Loc, DD.getAccessTarget(), 1310 TemplateArgs); 1311 if (!TargetD) return; 1312 1313 if (DD.isAccessToMember()) { 1314 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(NamingD); 1315 NamedDecl *TargetDecl = cast<NamedDecl>(TargetD); 1316 QualType BaseObjectType = DD.getAccessBaseObjectType(); 1317 if (!BaseObjectType.isNull()) { 1318 BaseObjectType = SubstType(BaseObjectType, TemplateArgs, Loc, 1319 DeclarationName()); 1320 if (BaseObjectType.isNull()) return; 1321 } 1322 1323 AccessTarget Entity(Context, 1324 AccessTarget::Member, 1325 NamingClass, 1326 DeclAccessPair::make(TargetDecl, Access), 1327 BaseObjectType); 1328 Entity.setDiag(DD.getDiagnostic()); 1329 CheckAccess(*this, Loc, Entity); 1330 } else { 1331 AccessTarget Entity(Context, 1332 AccessTarget::Base, 1333 cast<CXXRecordDecl>(TargetD), 1334 cast<CXXRecordDecl>(NamingD), 1335 Access); 1336 Entity.setDiag(DD.getDiagnostic()); 1337 CheckAccess(*this, Loc, Entity); 1338 } 1339} 1340 1341Sema::AccessResult Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E, 1342 DeclAccessPair Found) { 1343 if (!getLangOptions().AccessControl || 1344 !E->getNamingClass() || 1345 Found.getAccess() == AS_public) 1346 return AR_accessible; 1347 1348 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(), 1349 Found, QualType()); 1350 Entity.setDiag(diag::err_access) << E->getSourceRange(); 1351 1352 return CheckAccess(*this, E->getNameLoc(), Entity); 1353} 1354 1355/// Perform access-control checking on a previously-unresolved member 1356/// access which has now been resolved to a member. 1357Sema::AccessResult Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E, 1358 DeclAccessPair Found) { 1359 if (!getLangOptions().AccessControl || 1360 Found.getAccess() == AS_public) 1361 return AR_accessible; 1362 1363 QualType BaseType = E->getBaseType(); 1364 if (E->isArrow()) 1365 BaseType = BaseType->getAs<PointerType>()->getPointeeType(); 1366 1367 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(), 1368 Found, BaseType); 1369 Entity.setDiag(diag::err_access) << E->getSourceRange(); 1370 1371 return CheckAccess(*this, E->getMemberLoc(), Entity); 1372} 1373 1374Sema::AccessResult Sema::CheckDestructorAccess(SourceLocation Loc, 1375 CXXDestructorDecl *Dtor, 1376 const PartialDiagnostic &PDiag) { 1377 if (!getLangOptions().AccessControl) 1378 return AR_accessible; 1379 1380 // There's never a path involved when checking implicit destructor access. 1381 AccessSpecifier Access = Dtor->getAccess(); 1382 if (Access == AS_public) 1383 return AR_accessible; 1384 1385 CXXRecordDecl *NamingClass = Dtor->getParent(); 1386 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, 1387 DeclAccessPair::make(Dtor, Access), 1388 QualType()); 1389 Entity.setDiag(PDiag); // TODO: avoid copy 1390 1391 return CheckAccess(*this, Loc, Entity); 1392} 1393 1394/// Checks access to a constructor. 1395Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc, 1396 CXXConstructorDecl *Constructor, 1397 const InitializedEntity &Entity, 1398 AccessSpecifier Access, 1399 bool IsCopyBindingRefToTemp) { 1400 if (!getLangOptions().AccessControl || 1401 Access == AS_public) 1402 return AR_accessible; 1403 1404 CXXRecordDecl *NamingClass = Constructor->getParent(); 1405 AccessTarget AccessEntity(Context, AccessTarget::Member, NamingClass, 1406 DeclAccessPair::make(Constructor, Access), 1407 QualType()); 1408 switch (Entity.getKind()) { 1409 default: 1410 AccessEntity.setDiag(IsCopyBindingRefToTemp 1411 ? diag::ext_rvalue_to_reference_access_ctor 1412 : diag::err_access_ctor); 1413 break; 1414 1415 case InitializedEntity::EK_Base: 1416 AccessEntity.setDiag(PDiag(diag::err_access_base) 1417 << Entity.isInheritedVirtualBase() 1418 << Entity.getBaseSpecifier()->getType() 1419 << getSpecialMember(Constructor)); 1420 break; 1421 1422 case InitializedEntity::EK_Member: { 1423 const FieldDecl *Field = cast<FieldDecl>(Entity.getDecl()); 1424 AccessEntity.setDiag(PDiag(diag::err_access_field) 1425 << Field->getType() 1426 << getSpecialMember(Constructor)); 1427 break; 1428 } 1429 1430 } 1431 1432 return CheckAccess(*this, UseLoc, AccessEntity); 1433} 1434 1435/// Checks direct (i.e. non-inherited) access to an arbitrary class 1436/// member. 1437Sema::AccessResult Sema::CheckDirectMemberAccess(SourceLocation UseLoc, 1438 NamedDecl *Target, 1439 const PartialDiagnostic &Diag) { 1440 AccessSpecifier Access = Target->getAccess(); 1441 if (!getLangOptions().AccessControl || 1442 Access == AS_public) 1443 return AR_accessible; 1444 1445 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(Target->getDeclContext()); 1446 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, 1447 DeclAccessPair::make(Target, Access), 1448 QualType()); 1449 Entity.setDiag(Diag); 1450 return CheckAccess(*this, UseLoc, Entity); 1451} 1452 1453 1454/// Checks access to an overloaded operator new or delete. 1455Sema::AccessResult Sema::CheckAllocationAccess(SourceLocation OpLoc, 1456 SourceRange PlacementRange, 1457 CXXRecordDecl *NamingClass, 1458 DeclAccessPair Found) { 1459 if (!getLangOptions().AccessControl || 1460 !NamingClass || 1461 Found.getAccess() == AS_public) 1462 return AR_accessible; 1463 1464 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found, 1465 QualType()); 1466 Entity.setDiag(diag::err_access) 1467 << PlacementRange; 1468 1469 return CheckAccess(*this, OpLoc, Entity); 1470} 1471 1472/// Checks access to an overloaded member operator, including 1473/// conversion operators. 1474Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc, 1475 Expr *ObjectExpr, 1476 Expr *ArgExpr, 1477 DeclAccessPair Found) { 1478 if (!getLangOptions().AccessControl || 1479 Found.getAccess() == AS_public) 1480 return AR_accessible; 1481 1482 const RecordType *RT = ObjectExpr->getType()->getAs<RecordType>(); 1483 assert(RT && "found member operator but object expr not of record type"); 1484 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(RT->getDecl()); 1485 1486 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found, 1487 ObjectExpr->getType()); 1488 Entity.setDiag(diag::err_access) 1489 << ObjectExpr->getSourceRange() 1490 << (ArgExpr ? ArgExpr->getSourceRange() : SourceRange()); 1491 1492 return CheckAccess(*this, OpLoc, Entity); 1493} 1494 1495Sema::AccessResult Sema::CheckAddressOfMemberAccess(Expr *OvlExpr, 1496 DeclAccessPair Found) { 1497 if (!getLangOptions().AccessControl || 1498 Found.getAccess() == AS_none || 1499 Found.getAccess() == AS_public) 1500 return AR_accessible; 1501 1502 OverloadExpr *Ovl = OverloadExpr::find(OvlExpr).Expression; 1503 CXXRecordDecl *NamingClass = Ovl->getNamingClass(); 1504 1505 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found, 1506 Context.getTypeDeclType(NamingClass)); 1507 Entity.setDiag(diag::err_access) 1508 << Ovl->getSourceRange(); 1509 1510 return CheckAccess(*this, Ovl->getNameLoc(), Entity); 1511} 1512 1513/// Checks access for a hierarchy conversion. 1514/// 1515/// \param IsBaseToDerived whether this is a base-to-derived conversion (true) 1516/// or a derived-to-base conversion (false) 1517/// \param ForceCheck true if this check should be performed even if access 1518/// control is disabled; some things rely on this for semantics 1519/// \param ForceUnprivileged true if this check should proceed as if the 1520/// context had no special privileges 1521/// \param ADK controls the kind of diagnostics that are used 1522Sema::AccessResult Sema::CheckBaseClassAccess(SourceLocation AccessLoc, 1523 QualType Base, 1524 QualType Derived, 1525 const CXXBasePath &Path, 1526 unsigned DiagID, 1527 bool ForceCheck, 1528 bool ForceUnprivileged) { 1529 if (!ForceCheck && !getLangOptions().AccessControl) 1530 return AR_accessible; 1531 1532 if (Path.Access == AS_public) 1533 return AR_accessible; 1534 1535 CXXRecordDecl *BaseD, *DerivedD; 1536 BaseD = cast<CXXRecordDecl>(Base->getAs<RecordType>()->getDecl()); 1537 DerivedD = cast<CXXRecordDecl>(Derived->getAs<RecordType>()->getDecl()); 1538 1539 AccessTarget Entity(Context, AccessTarget::Base, BaseD, DerivedD, 1540 Path.Access); 1541 if (DiagID) 1542 Entity.setDiag(DiagID) << Derived << Base; 1543 1544 if (ForceUnprivileged) { 1545 switch (CheckEffectiveAccess(*this, EffectiveContext(), 1546 AccessLoc, Entity)) { 1547 case ::AR_accessible: return Sema::AR_accessible; 1548 case ::AR_inaccessible: return Sema::AR_inaccessible; 1549 case ::AR_dependent: return Sema::AR_dependent; 1550 } 1551 llvm_unreachable("unexpected result from CheckEffectiveAccess"); 1552 } 1553 return CheckAccess(*this, AccessLoc, Entity); 1554} 1555 1556/// Checks access to all the declarations in the given result set. 1557void Sema::CheckLookupAccess(const LookupResult &R) { 1558 assert(getLangOptions().AccessControl 1559 && "performing access check without access control"); 1560 assert(R.getNamingClass() && "performing access check without naming class"); 1561 1562 for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) { 1563 if (I.getAccess() != AS_public) { 1564 AccessTarget Entity(Context, AccessedEntity::Member, 1565 R.getNamingClass(), I.getPair(), 1566 R.getBaseObjectType()); 1567 Entity.setDiag(diag::err_access); 1568 1569 CheckAccess(*this, R.getNameLoc(), Entity); 1570 } 1571 } 1572} 1573 1574void Sema::ActOnStartSuppressingAccessChecks() { 1575 assert(!SuppressAccessChecking && 1576 "Tried to start access check suppression when already started."); 1577 SuppressAccessChecking = true; 1578} 1579 1580void Sema::ActOnStopSuppressingAccessChecks() { 1581 assert(SuppressAccessChecking && 1582 "Tried to stop access check suprression when already stopped."); 1583 SuppressAccessChecking = false; 1584} 1585