AnalysisBasedWarnings.cpp revision 90b828aa279542559f655d1af666580288cb1841 
1//=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file defines analysis_warnings::[Policy,Executor].
11// Together they are used by Sema to issue warnings based on inexpensive
12// static analysis algorithms in libAnalysis.
13//
14//===----------------------------------------------------------------------===//
15
16#include "clang/Sema/AnalysisBasedWarnings.h"
17#include "clang/Sema/SemaInternal.h"
18#include "clang/Basic/SourceManager.h"
19#include "clang/AST/DeclObjC.h"
20#include "clang/AST/DeclCXX.h"
21#include "clang/AST/ExprObjC.h"
22#include "clang/AST/ExprCXX.h"
23#include "clang/AST/StmtObjC.h"
24#include "clang/AST/StmtCXX.h"
25#include "clang/Analysis/AnalysisContext.h"
26#include "clang/Analysis/CFG.h"
27#include "clang/Analysis/Analyses/ReachableCode.h"
28#include "llvm/ADT/BitVector.h"
29#include "llvm/Support/Casting.h"
30
31using namespace clang;
32
33//===----------------------------------------------------------------------===//
34// Unreachable code analysis.
35//===----------------------------------------------------------------------===//
36
37namespace {
38  class UnreachableCodeHandler : public reachable_code::Callback {
39    Sema &S;
40  public:
41    UnreachableCodeHandler(Sema &s) : S(s) {}
42
43    void HandleUnreachable(SourceLocation L, SourceRange R1, SourceRange R2) {
44      S.Diag(L, diag::warn_unreachable) << R1 << R2;
45    }
46  };
47}
48
49/// CheckUnreachable - Check for unreachable code.
50static void CheckUnreachable(Sema &S, AnalysisContext &AC) {
51  UnreachableCodeHandler UC(S);
52  reachable_code::FindUnreachableCode(AC, UC);
53}
54
55//===----------------------------------------------------------------------===//
56// Check for missing return value.
57//===----------------------------------------------------------------------===//
58
59enum ControlFlowKind {
60  UnknownFallThrough,
61  NeverFallThrough,
62  MaybeFallThrough,
63  AlwaysFallThrough,
64  NeverFallThroughOrReturn
65};
66
67/// CheckFallThrough - Check that we don't fall off the end of a
68/// Statement that should return a value.
69///
70/// \returns AlwaysFallThrough iff we always fall off the end of the statement,
71/// MaybeFallThrough iff we might or might not fall off the end,
72/// NeverFallThroughOrReturn iff we never fall off the end of the statement or
73/// return.  We assume NeverFallThrough iff we never fall off the end of the
74/// statement but we may return.  We assume that functions not marked noreturn
75/// will return.
76static ControlFlowKind CheckFallThrough(AnalysisContext &AC) {
77  CFG *cfg = AC.getCFG();
78  if (cfg == 0) return UnknownFallThrough;
79
80  // The CFG leaves in dead things, and we don't want the dead code paths to
81  // confuse us, so we mark all live things first.
82  llvm::BitVector live(cfg->getNumBlockIDs());
83  unsigned count = reachable_code::ScanReachableFromBlock(cfg->getEntry(),
84                                                          live);
85
86  bool AddEHEdges = AC.getAddEHEdges();
87  if (!AddEHEdges && count != cfg->getNumBlockIDs())
88    // When there are things remaining dead, and we didn't add EH edges
89    // from CallExprs to the catch clauses, we have to go back and
90    // mark them as live.
91    for (CFG::iterator I = cfg->begin(), E = cfg->end(); I != E; ++I) {
92      CFGBlock &b = **I;
93      if (!live[b.getBlockID()]) {
94        if (b.pred_begin() == b.pred_end()) {
95          if (b.getTerminator() && isa<CXXTryStmt>(b.getTerminator()))
96            // When not adding EH edges from calls, catch clauses
97            // can otherwise seem dead.  Avoid noting them as dead.
98            count += reachable_code::ScanReachableFromBlock(b, live);
99          continue;
100        }
101      }
102    }
103
104  // Now we know what is live, we check the live precessors of the exit block
105  // and look for fall through paths, being careful to ignore normal returns,
106  // and exceptional paths.
107  bool HasLiveReturn = false;
108  bool HasFakeEdge = false;
109  bool HasPlainEdge = false;
110  bool HasAbnormalEdge = false;
111
112  // Ignore default cases that aren't likely to be reachable because all
113  // enums in a switch(X) have explicit case statements.
114  CFGBlock::FilterOptions FO;
115  FO.IgnoreDefaultsWithCoveredEnums = 1;
116
117  for (CFGBlock::filtered_pred_iterator
118	 I = cfg->getExit().filtered_pred_start_end(FO); I.hasMore(); ++I) {
119    const CFGBlock& B = **I;
120    if (!live[B.getBlockID()])
121      continue;
122    if (B.size() == 0) {
123      if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) {
124        HasAbnormalEdge = true;
125        continue;
126      }
127
128      // A labeled empty statement, or the entry block...
129      HasPlainEdge = true;
130      continue;
131    }
132    Stmt *S = B[B.size()-1];
133    if (isa<ReturnStmt>(S)) {
134      HasLiveReturn = true;
135      continue;
136    }
137    if (isa<ObjCAtThrowStmt>(S)) {
138      HasFakeEdge = true;
139      continue;
140    }
141    if (isa<CXXThrowExpr>(S)) {
142      HasFakeEdge = true;
143      continue;
144    }
145    if (const AsmStmt *AS = dyn_cast<AsmStmt>(S)) {
146      if (AS->isMSAsm()) {
147        HasFakeEdge = true;
148        HasLiveReturn = true;
149        continue;
150      }
151    }
152    if (isa<CXXTryStmt>(S)) {
153      HasAbnormalEdge = true;
154      continue;
155    }
156
157    bool NoReturnEdge = false;
158    if (CallExpr *C = dyn_cast<CallExpr>(S)) {
159      if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit())
160            == B.succ_end()) {
161        HasAbnormalEdge = true;
162        continue;
163      }
164      Expr *CEE = C->getCallee()->IgnoreParenCasts();
165      if (getFunctionExtInfo(CEE->getType()).getNoReturn()) {
166        NoReturnEdge = true;
167        HasFakeEdge = true;
168      } else if (DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(CEE)) {
169        ValueDecl *VD = DRE->getDecl();
170        if (VD->hasAttr<NoReturnAttr>()) {
171          NoReturnEdge = true;
172          HasFakeEdge = true;
173        }
174      }
175    }
176    // FIXME: Remove this hack once temporaries and their destructors are
177    // modeled correctly by the CFG.
178    if (CXXExprWithTemporaries *E = dyn_cast<CXXExprWithTemporaries>(S)) {
179      for (unsigned I = 0, N = E->getNumTemporaries(); I != N; ++I) {
180        const FunctionDecl *FD = E->getTemporary(I)->getDestructor();
181        if (FD->hasAttr<NoReturnAttr>() ||
182            FD->getType()->getAs<FunctionType>()->getNoReturnAttr()) {
183          NoReturnEdge = true;
184          HasFakeEdge = true;
185          break;
186        }
187      }
188    }
189    // FIXME: Add noreturn message sends.
190    if (NoReturnEdge == false)
191      HasPlainEdge = true;
192  }
193  if (!HasPlainEdge) {
194    if (HasLiveReturn)
195      return NeverFallThrough;
196    return NeverFallThroughOrReturn;
197  }
198  if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn)
199    return MaybeFallThrough;
200  // This says AlwaysFallThrough for calls to functions that are not marked
201  // noreturn, that don't return.  If people would like this warning to be more
202  // accurate, such functions should be marked as noreturn.
203  return AlwaysFallThrough;
204}
205
206namespace {
207
208struct CheckFallThroughDiagnostics {
209  unsigned diag_MaybeFallThrough_HasNoReturn;
210  unsigned diag_MaybeFallThrough_ReturnsNonVoid;
211  unsigned diag_AlwaysFallThrough_HasNoReturn;
212  unsigned diag_AlwaysFallThrough_ReturnsNonVoid;
213  unsigned diag_NeverFallThroughOrReturn;
214  bool funMode;
215
216  static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) {
217    CheckFallThroughDiagnostics D;
218    D.diag_MaybeFallThrough_HasNoReturn =
219      diag::warn_falloff_noreturn_function;
220    D.diag_MaybeFallThrough_ReturnsNonVoid =
221      diag::warn_maybe_falloff_nonvoid_function;
222    D.diag_AlwaysFallThrough_HasNoReturn =
223      diag::warn_falloff_noreturn_function;
224    D.diag_AlwaysFallThrough_ReturnsNonVoid =
225      diag::warn_falloff_nonvoid_function;
226
227    // Don't suggest that virtual functions be marked "noreturn", since they
228    // might be overridden by non-noreturn functions.
229    bool isVirtualMethod = false;
230    if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func))
231      isVirtualMethod = Method->isVirtual();
232
233    if (!isVirtualMethod)
234      D.diag_NeverFallThroughOrReturn =
235        diag::warn_suggest_noreturn_function;
236    else
237      D.diag_NeverFallThroughOrReturn = 0;
238
239    D.funMode = true;
240    return D;
241  }
242
243  static CheckFallThroughDiagnostics MakeForBlock() {
244    CheckFallThroughDiagnostics D;
245    D.diag_MaybeFallThrough_HasNoReturn =
246      diag::err_noreturn_block_has_return_expr;
247    D.diag_MaybeFallThrough_ReturnsNonVoid =
248      diag::err_maybe_falloff_nonvoid_block;
249    D.diag_AlwaysFallThrough_HasNoReturn =
250      diag::err_noreturn_block_has_return_expr;
251    D.diag_AlwaysFallThrough_ReturnsNonVoid =
252      diag::err_falloff_nonvoid_block;
253    D.diag_NeverFallThroughOrReturn =
254      diag::warn_suggest_noreturn_block;
255    D.funMode = false;
256    return D;
257  }
258
259  bool checkDiagnostics(Diagnostic &D, bool ReturnsVoid,
260                        bool HasNoReturn) const {
261    if (funMode) {
262      return (D.getDiagnosticLevel(diag::warn_maybe_falloff_nonvoid_function)
263              == Diagnostic::Ignored || ReturnsVoid)
264        && (D.getDiagnosticLevel(diag::warn_noreturn_function_has_return_expr)
265              == Diagnostic::Ignored || !HasNoReturn)
266        && (D.getDiagnosticLevel(diag::warn_suggest_noreturn_block)
267              == Diagnostic::Ignored || !ReturnsVoid);
268    }
269
270    // For blocks.
271    return  ReturnsVoid && !HasNoReturn
272            && (D.getDiagnosticLevel(diag::warn_suggest_noreturn_block)
273                == Diagnostic::Ignored || !ReturnsVoid);
274  }
275};
276
277}
278
279/// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a
280/// function that should return a value.  Check that we don't fall off the end
281/// of a noreturn function.  We assume that functions and blocks not marked
282/// noreturn will return.
283static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body,
284                                    QualType BlockTy,
285                                    const CheckFallThroughDiagnostics& CD,
286                                    AnalysisContext &AC) {
287
288  bool ReturnsVoid = false;
289  bool HasNoReturn = false;
290
291  if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
292    ReturnsVoid = FD->getResultType()->isVoidType();
293    HasNoReturn = FD->hasAttr<NoReturnAttr>() ||
294       FD->getType()->getAs<FunctionType>()->getNoReturnAttr();
295  }
296  else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
297    ReturnsVoid = MD->getResultType()->isVoidType();
298    HasNoReturn = MD->hasAttr<NoReturnAttr>();
299  }
300  else if (isa<BlockDecl>(D)) {
301    if (const FunctionType *FT =
302          BlockTy->getPointeeType()->getAs<FunctionType>()) {
303      if (FT->getResultType()->isVoidType())
304        ReturnsVoid = true;
305      if (FT->getNoReturnAttr())
306        HasNoReturn = true;
307    }
308  }
309
310  Diagnostic &Diags = S.getDiagnostics();
311
312  // Short circuit for compilation speed.
313  if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn))
314      return;
315
316  // FIXME: Function try block
317  if (const CompoundStmt *Compound = dyn_cast<CompoundStmt>(Body)) {
318    switch (CheckFallThrough(AC)) {
319      case UnknownFallThrough:
320        break;
321
322      case MaybeFallThrough:
323        if (HasNoReturn)
324          S.Diag(Compound->getRBracLoc(),
325                 CD.diag_MaybeFallThrough_HasNoReturn);
326        else if (!ReturnsVoid)
327          S.Diag(Compound->getRBracLoc(),
328                 CD.diag_MaybeFallThrough_ReturnsNonVoid);
329        break;
330      case AlwaysFallThrough:
331        if (HasNoReturn)
332          S.Diag(Compound->getRBracLoc(),
333                 CD.diag_AlwaysFallThrough_HasNoReturn);
334        else if (!ReturnsVoid)
335          S.Diag(Compound->getRBracLoc(),
336                 CD.diag_AlwaysFallThrough_ReturnsNonVoid);
337        break;
338      case NeverFallThroughOrReturn:
339        if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn)
340          S.Diag(Compound->getLBracLoc(),
341                 CD.diag_NeverFallThroughOrReturn);
342        break;
343      case NeverFallThrough:
344        break;
345    }
346  }
347}
348
349//===----------------------------------------------------------------------===//
350// AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based
351//  warnings on a function, method, or block.
352//===----------------------------------------------------------------------===//
353
354clang::sema::AnalysisBasedWarnings::Policy::Policy() {
355  enableCheckFallThrough = 1;
356  enableCheckUnreachable = 0;
357}
358
359clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) : S(s) {
360  Diagnostic &D = S.getDiagnostics();
361  DefaultPolicy.enableCheckUnreachable = (unsigned)
362    (D.getDiagnosticLevel(diag::warn_unreachable) != Diagnostic::Ignored);
363}
364
365void clang::sema::
366AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
367                                     const Decl *D, QualType BlockTy) {
368
369  assert(BlockTy.isNull() || isa<BlockDecl>(D));
370
371  // We avoid doing analysis-based warnings when there are errors for
372  // two reasons:
373  // (1) The CFGs often can't be constructed (if the body is invalid), so
374  //     don't bother trying.
375  // (2) The code already has problems; running the analysis just takes more
376  //     time.
377  Diagnostic &Diags = S.getDiagnostics();
378
379  if (Diags.hasErrorOccurred() || Diags.hasFatalErrorOccurred())
380    return;
381
382  // Do not do any analysis for declarations in system headers if we are
383  // going to just ignore them.
384  if (Diags.getSuppressSystemWarnings() &&
385      S.SourceMgr.isInSystemHeader(D->getLocation()))
386    return;
387
388  // For code in dependent contexts, we'll do this at instantiation time.
389  if (cast<DeclContext>(D)->isDependentContext())
390    return;
391
392  const Stmt *Body = D->getBody();
393  assert(Body);
394
395  // Don't generate EH edges for CallExprs as we'd like to avoid the n^2
396  // explosion for destrutors that can result and the compile time hit.
397  AnalysisContext AC(D, 0, false);
398
399  // Warning: check missing 'return'
400  if (P.enableCheckFallThrough) {
401    const CheckFallThroughDiagnostics &CD =
402      (isa<BlockDecl>(D) ? CheckFallThroughDiagnostics::MakeForBlock()
403                         : CheckFallThroughDiagnostics::MakeForFunction(D));
404    CheckFallThroughForBody(S, D, Body, BlockTy, CD, AC);
405  }
406
407  // Warning: check for unreachable code
408  if (P.enableCheckUnreachable)
409    CheckUnreachable(S, AC);
410}
411
412void clang::sema::
413AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
414                                     const BlockExpr *E) {
415  return IssueWarnings(P, E->getBlockDecl(), E->getType());
416}
417
418void clang::sema::
419AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
420                                     const ObjCMethodDecl *D) {
421  return IssueWarnings(P, D, QualType());
422}
423
424void clang::sema::
425AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
426                                     const FunctionDecl *D) {
427  return IssueWarnings(P, D, QualType());
428}
429