AnalysisBasedWarnings.cpp revision 2d88708cbe4e4ec5e04e4acb6bd7f5be68557379 
1//=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file defines analysis_warnings::[Policy,Executor].
11// Together they are used by Sema to issue warnings based on inexpensive
12// static analysis algorithms in libAnalysis.
13//
14//===----------------------------------------------------------------------===//
15
16#include "clang/Sema/AnalysisBasedWarnings.h"
17#include "clang/Sema/SemaInternal.h"
18#include "clang/Basic/SourceManager.h"
19#include "clang/AST/DeclObjC.h"
20#include "clang/AST/DeclCXX.h"
21#include "clang/AST/ExprObjC.h"
22#include "clang/AST/ExprCXX.h"
23#include "clang/AST/StmtObjC.h"
24#include "clang/AST/StmtCXX.h"
25#include "clang/Analysis/AnalysisContext.h"
26#include "clang/Analysis/CFG.h"
27#include "clang/Analysis/Analyses/ReachableCode.h"
28#include "llvm/ADT/BitVector.h"
29#include "llvm/Support/Casting.h"
30
31using namespace clang;
32
33//===----------------------------------------------------------------------===//
34// Unreachable code analysis.
35//===----------------------------------------------------------------------===//
36
37namespace {
38  class UnreachableCodeHandler : public reachable_code::Callback {
39    Sema &S;
40  public:
41    UnreachableCodeHandler(Sema &s) : S(s) {}
42
43    void HandleUnreachable(SourceLocation L, SourceRange R1, SourceRange R2) {
44      S.Diag(L, diag::warn_unreachable) << R1 << R2;
45    }
46  };
47}
48
49/// CheckUnreachable - Check for unreachable code.
50static void CheckUnreachable(Sema &S, AnalysisContext &AC) {
51  UnreachableCodeHandler UC(S);
52  reachable_code::FindUnreachableCode(AC, UC);
53}
54
55//===----------------------------------------------------------------------===//
56// Check for missing return value.
57//===----------------------------------------------------------------------===//
58
59enum ControlFlowKind {
60  UnknownFallThrough,
61  NeverFallThrough,
62  MaybeFallThrough,
63  AlwaysFallThrough,
64  NeverFallThroughOrReturn
65};
66
67/// CheckFallThrough - Check that we don't fall off the end of a
68/// Statement that should return a value.
69///
70/// \returns AlwaysFallThrough iff we always fall off the end of the statement,
71/// MaybeFallThrough iff we might or might not fall off the end,
72/// NeverFallThroughOrReturn iff we never fall off the end of the statement or
73/// return.  We assume NeverFallThrough iff we never fall off the end of the
74/// statement but we may return.  We assume that functions not marked noreturn
75/// will return.
76static ControlFlowKind CheckFallThrough(AnalysisContext &AC) {
77  CFG *cfg = AC.getCFG();
78  if (cfg == 0) return UnknownFallThrough;
79
80  // The CFG leaves in dead things, and we don't want the dead code paths to
81  // confuse us, so we mark all live things first.
82  llvm::BitVector live(cfg->getNumBlockIDs());
83  unsigned count = reachable_code::ScanReachableFromBlock(cfg->getEntry(),
84                                                          live);
85
86  bool AddEHEdges = AC.getAddEHEdges();
87  if (!AddEHEdges && count != cfg->getNumBlockIDs())
88    // When there are things remaining dead, and we didn't add EH edges
89    // from CallExprs to the catch clauses, we have to go back and
90    // mark them as live.
91    for (CFG::iterator I = cfg->begin(), E = cfg->end(); I != E; ++I) {
92      CFGBlock &b = **I;
93      if (!live[b.getBlockID()]) {
94        if (b.pred_begin() == b.pred_end()) {
95          if (b.getTerminator() && isa<CXXTryStmt>(b.getTerminator()))
96            // When not adding EH edges from calls, catch clauses
97            // can otherwise seem dead.  Avoid noting them as dead.
98            count += reachable_code::ScanReachableFromBlock(b, live);
99          continue;
100        }
101      }
102    }
103
104  // Now we know what is live, we check the live precessors of the exit block
105  // and look for fall through paths, being careful to ignore normal returns,
106  // and exceptional paths.
107  bool HasLiveReturn = false;
108  bool HasFakeEdge = false;
109  bool HasPlainEdge = false;
110  bool HasAbnormalEdge = false;
111  for (CFGBlock::pred_iterator I=cfg->getExit().pred_begin(),
112       E = cfg->getExit().pred_end();
113       I != E;
114       ++I) {
115    CFGBlock& B = **I;
116    if (!live[B.getBlockID()])
117      continue;
118    if (B.size() == 0) {
119      if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) {
120        HasAbnormalEdge = true;
121        continue;
122      }
123
124      // A labeled empty statement, or the entry block...
125      HasPlainEdge = true;
126      continue;
127    }
128    Stmt *S = B[B.size()-1];
129    if (isa<ReturnStmt>(S)) {
130      HasLiveReturn = true;
131      continue;
132    }
133    if (isa<ObjCAtThrowStmt>(S)) {
134      HasFakeEdge = true;
135      continue;
136    }
137    if (isa<CXXThrowExpr>(S)) {
138      HasFakeEdge = true;
139      continue;
140    }
141    if (const AsmStmt *AS = dyn_cast<AsmStmt>(S)) {
142      if (AS->isMSAsm()) {
143        HasFakeEdge = true;
144        HasLiveReturn = true;
145        continue;
146      }
147    }
148    if (isa<CXXTryStmt>(S)) {
149      HasAbnormalEdge = true;
150      continue;
151    }
152
153    bool NoReturnEdge = false;
154    if (CallExpr *C = dyn_cast<CallExpr>(S)) {
155      if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit())
156            == B.succ_end()) {
157        HasAbnormalEdge = true;
158        continue;
159      }
160      Expr *CEE = C->getCallee()->IgnoreParenCasts();
161      if (getFunctionExtInfo(CEE->getType()).getNoReturn()) {
162        NoReturnEdge = true;
163        HasFakeEdge = true;
164      } else if (DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(CEE)) {
165        ValueDecl *VD = DRE->getDecl();
166        if (VD->hasAttr<NoReturnAttr>()) {
167          NoReturnEdge = true;
168          HasFakeEdge = true;
169        }
170      }
171    }
172    // FIXME: Remove this hack once temporaries and their destructors are
173    // modeled correctly by the CFG.
174    if (CXXExprWithTemporaries *E = dyn_cast<CXXExprWithTemporaries>(S)) {
175      for (unsigned I = 0, N = E->getNumTemporaries(); I != N; ++I) {
176        const FunctionDecl *FD = E->getTemporary(I)->getDestructor();
177        if (FD->hasAttr<NoReturnAttr>() ||
178            FD->getType()->getAs<FunctionType>()->getNoReturnAttr()) {
179          NoReturnEdge = true;
180          HasFakeEdge = true;
181          break;
182        }
183      }
184    }
185    // FIXME: Add noreturn message sends.
186    if (NoReturnEdge == false)
187      HasPlainEdge = true;
188  }
189  if (!HasPlainEdge) {
190    if (HasLiveReturn)
191      return NeverFallThrough;
192    return NeverFallThroughOrReturn;
193  }
194  if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn)
195    return MaybeFallThrough;
196  // This says AlwaysFallThrough for calls to functions that are not marked
197  // noreturn, that don't return.  If people would like this warning to be more
198  // accurate, such functions should be marked as noreturn.
199  return AlwaysFallThrough;
200}
201
202namespace {
203
204struct CheckFallThroughDiagnostics {
205  unsigned diag_MaybeFallThrough_HasNoReturn;
206  unsigned diag_MaybeFallThrough_ReturnsNonVoid;
207  unsigned diag_AlwaysFallThrough_HasNoReturn;
208  unsigned diag_AlwaysFallThrough_ReturnsNonVoid;
209  unsigned diag_NeverFallThroughOrReturn;
210  bool funMode;
211
212  static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) {
213    CheckFallThroughDiagnostics D;
214    D.diag_MaybeFallThrough_HasNoReturn =
215      diag::warn_falloff_noreturn_function;
216    D.diag_MaybeFallThrough_ReturnsNonVoid =
217      diag::warn_maybe_falloff_nonvoid_function;
218    D.diag_AlwaysFallThrough_HasNoReturn =
219      diag::warn_falloff_noreturn_function;
220    D.diag_AlwaysFallThrough_ReturnsNonVoid =
221      diag::warn_falloff_nonvoid_function;
222
223    // Don't suggest that virtual functions be marked "noreturn", since they
224    // might be overridden by non-noreturn functions.
225    bool isVirtualMethod = false;
226    if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func))
227      isVirtualMethod = Method->isVirtual();
228
229    if (!isVirtualMethod)
230      D.diag_NeverFallThroughOrReturn =
231        diag::warn_suggest_noreturn_function;
232    else
233      D.diag_NeverFallThroughOrReturn = 0;
234
235    D.funMode = true;
236    return D;
237  }
238
239  static CheckFallThroughDiagnostics MakeForBlock() {
240    CheckFallThroughDiagnostics D;
241    D.diag_MaybeFallThrough_HasNoReturn =
242      diag::err_noreturn_block_has_return_expr;
243    D.diag_MaybeFallThrough_ReturnsNonVoid =
244      diag::err_maybe_falloff_nonvoid_block;
245    D.diag_AlwaysFallThrough_HasNoReturn =
246      diag::err_noreturn_block_has_return_expr;
247    D.diag_AlwaysFallThrough_ReturnsNonVoid =
248      diag::err_falloff_nonvoid_block;
249    D.diag_NeverFallThroughOrReturn =
250      diag::warn_suggest_noreturn_block;
251    D.funMode = false;
252    return D;
253  }
254
255  bool checkDiagnostics(Diagnostic &D, bool ReturnsVoid,
256                        bool HasNoReturn) const {
257    if (funMode) {
258      return (D.getDiagnosticLevel(diag::warn_maybe_falloff_nonvoid_function)
259              == Diagnostic::Ignored || ReturnsVoid)
260        && (D.getDiagnosticLevel(diag::warn_noreturn_function_has_return_expr)
261              == Diagnostic::Ignored || !HasNoReturn)
262        && (D.getDiagnosticLevel(diag::warn_suggest_noreturn_block)
263              == Diagnostic::Ignored || !ReturnsVoid);
264    }
265
266    // For blocks.
267    return  ReturnsVoid && !HasNoReturn
268            && (D.getDiagnosticLevel(diag::warn_suggest_noreturn_block)
269                == Diagnostic::Ignored || !ReturnsVoid);
270  }
271};
272
273}
274
275/// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a
276/// function that should return a value.  Check that we don't fall off the end
277/// of a noreturn function.  We assume that functions and blocks not marked
278/// noreturn will return.
279static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body,
280                                    QualType BlockTy,
281                                    const CheckFallThroughDiagnostics& CD,
282                                    AnalysisContext &AC) {
283
284  bool ReturnsVoid = false;
285  bool HasNoReturn = false;
286
287  if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
288    ReturnsVoid = FD->getResultType()->isVoidType();
289    HasNoReturn = FD->hasAttr<NoReturnAttr>() ||
290       FD->getType()->getAs<FunctionType>()->getNoReturnAttr();
291  }
292  else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
293    ReturnsVoid = MD->getResultType()->isVoidType();
294    HasNoReturn = MD->hasAttr<NoReturnAttr>();
295  }
296  else if (isa<BlockDecl>(D)) {
297    if (const FunctionType *FT =
298          BlockTy->getPointeeType()->getAs<FunctionType>()) {
299      if (FT->getResultType()->isVoidType())
300        ReturnsVoid = true;
301      if (FT->getNoReturnAttr())
302        HasNoReturn = true;
303    }
304  }
305
306  Diagnostic &Diags = S.getDiagnostics();
307
308  // Short circuit for compilation speed.
309  if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn))
310      return;
311
312  // FIXME: Function try block
313  if (const CompoundStmt *Compound = dyn_cast<CompoundStmt>(Body)) {
314    switch (CheckFallThrough(AC)) {
315      case UnknownFallThrough:
316        break;
317
318      case MaybeFallThrough:
319        if (HasNoReturn)
320          S.Diag(Compound->getRBracLoc(),
321                 CD.diag_MaybeFallThrough_HasNoReturn);
322        else if (!ReturnsVoid)
323          S.Diag(Compound->getRBracLoc(),
324                 CD.diag_MaybeFallThrough_ReturnsNonVoid);
325        break;
326      case AlwaysFallThrough:
327        if (HasNoReturn)
328          S.Diag(Compound->getRBracLoc(),
329                 CD.diag_AlwaysFallThrough_HasNoReturn);
330        else if (!ReturnsVoid)
331          S.Diag(Compound->getRBracLoc(),
332                 CD.diag_AlwaysFallThrough_ReturnsNonVoid);
333        break;
334      case NeverFallThroughOrReturn:
335        if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn)
336          S.Diag(Compound->getLBracLoc(),
337                 CD.diag_NeverFallThroughOrReturn);
338        break;
339      case NeverFallThrough:
340        break;
341    }
342  }
343}
344
345//===----------------------------------------------------------------------===//
346// AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based
347//  warnings on a function, method, or block.
348//===----------------------------------------------------------------------===//
349
350clang::sema::AnalysisBasedWarnings::Policy::Policy() {
351  enableCheckFallThrough = 1;
352  enableCheckUnreachable = 0;
353}
354
355clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) : S(s) {
356  Diagnostic &D = S.getDiagnostics();
357  DefaultPolicy.enableCheckUnreachable = (unsigned)
358    (D.getDiagnosticLevel(diag::warn_unreachable) != Diagnostic::Ignored);
359}
360
361void clang::sema::
362AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
363                                     const Decl *D, QualType BlockTy) {
364
365  assert(BlockTy.isNull() || isa<BlockDecl>(D));
366
367  // We avoid doing analysis-based warnings when there are errors for
368  // two reasons:
369  // (1) The CFGs often can't be constructed (if the body is invalid), so
370  //     don't bother trying.
371  // (2) The code already has problems; running the analysis just takes more
372  //     time.
373  Diagnostic &Diags = S.getDiagnostics();
374
375  if (Diags.hasErrorOccurred() || Diags.hasFatalErrorOccurred())
376    return;
377
378  // Do not do any analysis for declarations in system headers if we are
379  // going to just ignore them.
380  if (Diags.getSuppressSystemWarnings() &&
381      S.SourceMgr.isInSystemHeader(D->getLocation()))
382    return;
383
384  // For code in dependent contexts, we'll do this at instantiation time.
385  if (cast<DeclContext>(D)->isDependentContext())
386    return;
387
388  const Stmt *Body = D->getBody();
389  assert(Body);
390
391  // Don't generate EH edges for CallExprs as we'd like to avoid the n^2
392  // explosion for destrutors that can result and the compile time hit.
393  AnalysisContext AC(D, 0, false);
394
395  // Warning: check missing 'return'
396  if (P.enableCheckFallThrough) {
397    const CheckFallThroughDiagnostics &CD =
398      (isa<BlockDecl>(D) ? CheckFallThroughDiagnostics::MakeForBlock()
399                         : CheckFallThroughDiagnostics::MakeForFunction(D));
400    CheckFallThroughForBody(S, D, Body, BlockTy, CD, AC);
401  }
402
403  // Warning: check for unreachable code
404  if (P.enableCheckUnreachable)
405    CheckUnreachable(S, AC);
406}
407
408void clang::sema::
409AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
410                                     const BlockExpr *E) {
411  return IssueWarnings(P, E->getBlockDecl(), E->getType());
412}
413
414void clang::sema::
415AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
416                                     const ObjCMethodDecl *D) {
417  return IssueWarnings(P, D, QualType());
418}
419
420void clang::sema::
421AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
422                                     const FunctionDecl *D) {
423  return IssueWarnings(P, D, QualType());
424}
425