1//== BodyFarm.cpp - Factory for conjuring up fake bodies ----------*- C++ -*-//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// BodyFarm is a factory for creating faux implementations for functions/methods
10// for analysis purposes.
11//
12//===----------------------------------------------------------------------===//
13
14#include "clang/Analysis/BodyFarm.h"
15#include "clang/AST/ASTContext.h"
16#include "clang/AST/CXXInheritance.h"
17#include "clang/AST/Decl.h"
18#include "clang/AST/Expr.h"
19#include "clang/AST/ExprCXX.h"
20#include "clang/AST/ExprObjC.h"
21#include "clang/AST/NestedNameSpecifier.h"
22#include "clang/Analysis/CodeInjector.h"
23#include "clang/Basic/Builtins.h"
24#include "clang/Basic/OperatorKinds.h"
25#include "llvm/ADT/StringSwitch.h"
26#include "llvm/Support/Debug.h"
27#include <optional>
28
29#define DEBUG_TYPE "body-farm"
30
31using namespace clang;
32
33//===----------------------------------------------------------------------===//
34// Helper creation functions for constructing faux ASTs.
35//===----------------------------------------------------------------------===//
36
37static bool isDispatchBlock(QualType Ty) {
38 // Is it a block pointer?
39 const BlockPointerType *BPT = Ty->getAs<BlockPointerType>();
40 if (!BPT)
41 return false;
42
43 // Check if the block pointer type takes no arguments and
44 // returns void.
45 const FunctionProtoType *FT =
46 BPT->getPointeeType()->getAs<FunctionProtoType>();
47 return FT && FT->getReturnType()->isVoidType() && FT->getNumParams() == 0;
48}
49
50namespace {
51class ASTMaker {
52public:
53 ASTMaker(ASTContext &C) : C(C) {}
54
55 /// Create a new BinaryOperator representing a simple assignment.
56 BinaryOperator *makeAssignment(const Expr *LHS, const Expr *RHS, QualType Ty);
57
58 /// Create a new BinaryOperator representing a comparison.
59 BinaryOperator *makeComparison(const Expr *LHS, const Expr *RHS,
60 BinaryOperator::Opcode Op);
61
62 /// Create a new compound stmt using the provided statements.
63 CompoundStmt *makeCompound(ArrayRef<Stmt*>);
64
65 /// Create a new DeclRefExpr for the referenced variable.
66 DeclRefExpr *makeDeclRefExpr(const VarDecl *D,
67 bool RefersToEnclosingVariableOrCapture = false);
68
69 /// Create a new UnaryOperator representing a dereference.
70 UnaryOperator *makeDereference(const Expr *Arg, QualType Ty);
71
72 /// Create an implicit cast for an integer conversion.
73 Expr *makeIntegralCast(const Expr *Arg, QualType Ty);
74
75 /// Create an implicit cast to a builtin boolean type.
76 ImplicitCastExpr *makeIntegralCastToBoolean(const Expr *Arg);
77
78 /// Create an implicit cast for lvalue-to-rvaluate conversions.
79 ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg, QualType Ty);
80
81 /// Make RValue out of variable declaration, creating a temporary
82 /// DeclRefExpr in the process.
83 ImplicitCastExpr *
84 makeLvalueToRvalue(const VarDecl *Decl,
85 bool RefersToEnclosingVariableOrCapture = false);
86
87 /// Create an implicit cast of the given type.
88 ImplicitCastExpr *makeImplicitCast(const Expr *Arg, QualType Ty,
89 CastKind CK = CK_LValueToRValue);
90
91 /// Create a cast to reference type.
92 CastExpr *makeReferenceCast(const Expr *Arg, QualType Ty);
93
94 /// Create an Objective-C bool literal.
95 ObjCBoolLiteralExpr *makeObjCBool(bool Val);
96
97 /// Create an Objective-C ivar reference.
98 ObjCIvarRefExpr *makeObjCIvarRef(const Expr *Base, const ObjCIvarDecl *IVar);
99
100 /// Create a Return statement.
101 ReturnStmt *makeReturn(const Expr *RetVal);
102
103 /// Create an integer literal expression of the given type.
104 IntegerLiteral *makeIntegerLiteral(uint64_t Value, QualType Ty);
105
106 /// Create a member expression.
107 MemberExpr *makeMemberExpression(Expr *base, ValueDecl *MemberDecl,
108 bool IsArrow = false,
109 ExprValueKind ValueKind = VK_LValue);
110
111 /// Returns a *first* member field of a record declaration with a given name.
112 /// \return an nullptr if no member with such a name exists.
113 ValueDecl *findMemberField(const RecordDecl *RD, StringRef Name);
114
115private:
116 ASTContext &C;
117};
118}
119
120BinaryOperator *ASTMaker::makeAssignment(const Expr *LHS, const Expr *RHS,
121 QualType Ty) {
122 return BinaryOperator::Create(
123 C, lhs: const_cast<Expr *>(LHS), rhs: const_cast<Expr *>(RHS), opc: BO_Assign, ResTy: Ty,
124 VK: VK_PRValue, OK: OK_Ordinary, opLoc: SourceLocation(), FPFeatures: FPOptionsOverride());
125}
126
127BinaryOperator *ASTMaker::makeComparison(const Expr *LHS, const Expr *RHS,
128 BinaryOperator::Opcode Op) {
129 assert(BinaryOperator::isLogicalOp(Op) ||
130 BinaryOperator::isComparisonOp(Op));
131 return BinaryOperator::Create(
132 C, lhs: const_cast<Expr *>(LHS), rhs: const_cast<Expr *>(RHS), opc: Op,
133 ResTy: C.getLogicalOperationType(), VK: VK_PRValue, OK: OK_Ordinary, opLoc: SourceLocation(),
134 FPFeatures: FPOptionsOverride());
135}
136
137CompoundStmt *ASTMaker::makeCompound(ArrayRef<Stmt *> Stmts) {
138 return CompoundStmt::Create(C, Stmts, FPFeatures: FPOptionsOverride(), LB: SourceLocation(),
139 RB: SourceLocation());
140}
141
142DeclRefExpr *ASTMaker::makeDeclRefExpr(
143 const VarDecl *D,
144 bool RefersToEnclosingVariableOrCapture) {
145 QualType Type = D->getType().getNonReferenceType();
146
147 DeclRefExpr *DR = DeclRefExpr::Create(
148 C, NestedNameSpecifierLoc(), SourceLocation(), const_cast<VarDecl *>(D),
149 RefersToEnclosingVariableOrCapture, SourceLocation(), Type, VK_LValue);
150 return DR;
151}
152
153UnaryOperator *ASTMaker::makeDereference(const Expr *Arg, QualType Ty) {
154 return UnaryOperator::Create(C, input: const_cast<Expr *>(Arg), opc: UO_Deref, type: Ty,
155 VK: VK_LValue, OK: OK_Ordinary, l: SourceLocation(),
156 /*CanOverflow*/ false, FPFeatures: FPOptionsOverride());
157}
158
159ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg, QualType Ty) {
160 return makeImplicitCast(Arg, Ty, CK: CK_LValueToRValue);
161}
162
163ImplicitCastExpr *
164ASTMaker::makeLvalueToRvalue(const VarDecl *Arg,
165 bool RefersToEnclosingVariableOrCapture) {
166 QualType Type = Arg->getType().getNonReferenceType();
167 return makeLvalueToRvalue(makeDeclRefExpr(D: Arg,
168 RefersToEnclosingVariableOrCapture),
169 Type);
170}
171
172ImplicitCastExpr *ASTMaker::makeImplicitCast(const Expr *Arg, QualType Ty,
173 CastKind CK) {
174 return ImplicitCastExpr::Create(Context: C, T: Ty,
175 /* CastKind=*/Kind: CK,
176 /* Expr=*/Operand: const_cast<Expr *>(Arg),
177 /* CXXCastPath=*/BasePath: nullptr,
178 /* ExprValueKind=*/Cat: VK_PRValue,
179 /* FPFeatures */ FPO: FPOptionsOverride());
180}
181
182CastExpr *ASTMaker::makeReferenceCast(const Expr *Arg, QualType Ty) {
183 assert(Ty->isReferenceType());
184 return CXXStaticCastExpr::Create(
185 Context: C, T: Ty.getNonReferenceType(),
186 VK: Ty->isLValueReferenceType() ? VK_LValue : VK_XValue, K: CK_NoOp,
187 Op: const_cast<Expr *>(Arg), /*CXXCastPath=*/Path: nullptr,
188 /*Written=*/C.getTrivialTypeSourceInfo(T: Ty), FPO: FPOptionsOverride(),
189 L: SourceLocation(), RParenLoc: SourceLocation(), AngleBrackets: SourceRange());
190}
191
192Expr *ASTMaker::makeIntegralCast(const Expr *Arg, QualType Ty) {
193 if (Arg->getType() == Ty)
194 return const_cast<Expr*>(Arg);
195 return makeImplicitCast(Arg, Ty, CK: CK_IntegralCast);
196}
197
198ImplicitCastExpr *ASTMaker::makeIntegralCastToBoolean(const Expr *Arg) {
199 return makeImplicitCast(Arg, Ty: C.BoolTy, CK: CK_IntegralToBoolean);
200}
201
202ObjCBoolLiteralExpr *ASTMaker::makeObjCBool(bool Val) {
203 QualType Ty = C.getBOOLDecl() ? C.getBOOLType() : C.ObjCBuiltinBoolTy;
204 return new (C) ObjCBoolLiteralExpr(Val, Ty, SourceLocation());
205}
206
207ObjCIvarRefExpr *ASTMaker::makeObjCIvarRef(const Expr *Base,
208 const ObjCIvarDecl *IVar) {
209 return new (C) ObjCIvarRefExpr(const_cast<ObjCIvarDecl*>(IVar),
210 IVar->getType(), SourceLocation(),
211 SourceLocation(), const_cast<Expr*>(Base),
212 /*arrow=*/true, /*free=*/false);
213}
214
215ReturnStmt *ASTMaker::makeReturn(const Expr *RetVal) {
216 return ReturnStmt::Create(Ctx: C, RL: SourceLocation(), E: const_cast<Expr *>(RetVal),
217 /* NRVOCandidate=*/nullptr);
218}
219
220IntegerLiteral *ASTMaker::makeIntegerLiteral(uint64_t Value, QualType Ty) {
221 llvm::APInt APValue = llvm::APInt(C.getTypeSize(T: Ty), Value);
222 return IntegerLiteral::Create(C, V: APValue, type: Ty, l: SourceLocation());
223}
224
225MemberExpr *ASTMaker::makeMemberExpression(Expr *base, ValueDecl *MemberDecl,
226 bool IsArrow,
227 ExprValueKind ValueKind) {
228
229 DeclAccessPair FoundDecl = DeclAccessPair::make(MemberDecl, AS_public);
230 return MemberExpr::Create(
231 C, Base: base, IsArrow, OperatorLoc: SourceLocation(), QualifierLoc: NestedNameSpecifierLoc(),
232 TemplateKWLoc: SourceLocation(), MemberDecl, FoundDecl,
233 MemberNameInfo: DeclarationNameInfo(MemberDecl->getDeclName(), SourceLocation()),
234 /* TemplateArgumentListInfo=*/ TemplateArgs: nullptr, T: MemberDecl->getType(), VK: ValueKind,
235 OK: OK_Ordinary, NOUR: NOUR_None);
236}
237
238ValueDecl *ASTMaker::findMemberField(const RecordDecl *RD, StringRef Name) {
239
240 CXXBasePaths Paths(
241 /* FindAmbiguities=*/false,
242 /* RecordPaths=*/false,
243 /* DetectVirtual=*/ false);
244 const IdentifierInfo &II = C.Idents.get(Name);
245 DeclarationName DeclName = C.DeclarationNames.getIdentifier(ID: &II);
246
247 DeclContextLookupResult Decls = RD->lookup(DeclName);
248 for (NamedDecl *FoundDecl : Decls)
249 if (!FoundDecl->getDeclContext()->isFunctionOrMethod())
250 return cast<ValueDecl>(FoundDecl);
251
252 return nullptr;
253}
254
255//===----------------------------------------------------------------------===//
256// Creation functions for faux ASTs.
257//===----------------------------------------------------------------------===//
258
259typedef Stmt *(*FunctionFarmer)(ASTContext &C, const FunctionDecl *D);
260
261static CallExpr *create_call_once_funcptr_call(ASTContext &C, ASTMaker M,
262 const ParmVarDecl *Callback,
263 ArrayRef<Expr *> CallArgs) {
264
265 QualType Ty = Callback->getType();
266 DeclRefExpr *Call = M.makeDeclRefExpr(Callback);
267 Expr *SubExpr;
268 if (Ty->isRValueReferenceType()) {
269 SubExpr = M.makeImplicitCast(
270 Call, Ty.getNonReferenceType(), CK_LValueToRValue);
271 } else if (Ty->isLValueReferenceType() &&
272 Call->getType()->isFunctionType()) {
273 Ty = C.getPointerType(T: Ty.getNonReferenceType());
274 SubExpr = M.makeImplicitCast(Call, Ty, CK_FunctionToPointerDecay);
275 } else if (Ty->isLValueReferenceType()
276 && Call->getType()->isPointerType()
277 && Call->getType()->getPointeeType()->isFunctionType()){
278 SubExpr = Call;
279 } else {
280 llvm_unreachable("Unexpected state");
281 }
282
283 return CallExpr::Create(Ctx: C, Fn: SubExpr, Args: CallArgs, Ty: C.VoidTy, VK: VK_PRValue,
284 RParenLoc: SourceLocation(), FPFeatures: FPOptionsOverride());
285}
286
287static CallExpr *create_call_once_lambda_call(ASTContext &C, ASTMaker M,
288 const ParmVarDecl *Callback,
289 CXXRecordDecl *CallbackDecl,
290 ArrayRef<Expr *> CallArgs) {
291 assert(CallbackDecl != nullptr);
292 assert(CallbackDecl->isLambda());
293 FunctionDecl *callOperatorDecl = CallbackDecl->getLambdaCallOperator();
294 assert(callOperatorDecl != nullptr);
295
296 DeclRefExpr *callOperatorDeclRef =
297 DeclRefExpr::Create(/* Ctx =*/ C,
298 /* QualifierLoc =*/ NestedNameSpecifierLoc(),
299 /* TemplateKWLoc =*/ SourceLocation(),
300 const_cast<FunctionDecl *>(callOperatorDecl),
301 /* RefersToEnclosingVariableOrCapture=*/ false,
302 /* NameLoc =*/ SourceLocation(),
303 /* T =*/ callOperatorDecl->getType(),
304 /* VK =*/ VK_LValue);
305
306 return CXXOperatorCallExpr::Create(
307 /*AstContext=*/Ctx: C, OpKind: OO_Call, Fn: callOperatorDeclRef,
308 /*Args=*/CallArgs,
309 /*QualType=*/Ty: C.VoidTy,
310 /*ExprValueType=*/VK: VK_PRValue,
311 /*SourceLocation=*/OperatorLoc: SourceLocation(),
312 /*FPFeatures=*/FPOptionsOverride());
313}
314
315/// Create a fake body for 'std::move' or 'std::forward'. This is just:
316///
317/// \code
318/// return static_cast<return_type>(param);
319/// \endcode
320static Stmt *create_std_move_forward(ASTContext &C, const FunctionDecl *D) {
321 LLVM_DEBUG(llvm::dbgs() << "Generating body for std::move / std::forward\n");
322
323 ASTMaker M(C);
324
325 QualType ReturnType = D->getType()->castAs<FunctionType>()->getReturnType();
326 Expr *Param = M.makeDeclRefExpr(D->getParamDecl(i: 0));
327 Expr *Cast = M.makeReferenceCast(Arg: Param, Ty: ReturnType);
328 return M.makeReturn(RetVal: Cast);
329}
330
331/// Create a fake body for std::call_once.
332/// Emulates the following function body:
333///
334/// \code
335/// typedef struct once_flag_s {
336/// unsigned long __state = 0;
337/// } once_flag;
338/// template<class Callable>
339/// void call_once(once_flag& o, Callable func) {
340/// if (!o.__state) {
341/// func();
342/// }
343/// o.__state = 1;
344/// }
345/// \endcode
346static Stmt *create_call_once(ASTContext &C, const FunctionDecl *D) {
347 LLVM_DEBUG(llvm::dbgs() << "Generating body for call_once\n");
348
349 // We need at least two parameters.
350 if (D->param_size() < 2)
351 return nullptr;
352
353 ASTMaker M(C);
354
355 const ParmVarDecl *Flag = D->getParamDecl(i: 0);
356 const ParmVarDecl *Callback = D->getParamDecl(i: 1);
357
358 if (!Callback->getType()->isReferenceType()) {
359 llvm::dbgs() << "libcxx03 std::call_once implementation, skipping.\n";
360 return nullptr;
361 }
362 if (!Flag->getType()->isReferenceType()) {
363 llvm::dbgs() << "unknown std::call_once implementation, skipping.\n";
364 return nullptr;
365 }
366
367 QualType CallbackType = Callback->getType().getNonReferenceType();
368
369 // Nullable pointer, non-null iff function is a CXXRecordDecl.
370 CXXRecordDecl *CallbackRecordDecl = CallbackType->getAsCXXRecordDecl();
371 QualType FlagType = Flag->getType().getNonReferenceType();
372 auto *FlagRecordDecl = FlagType->getAsRecordDecl();
373
374 if (!FlagRecordDecl) {
375 LLVM_DEBUG(llvm::dbgs() << "Flag field is not a record: "
376 << "unknown std::call_once implementation, "
377 << "ignoring the call.\n");
378 return nullptr;
379 }
380
381 // We initially assume libc++ implementation of call_once,
382 // where the once_flag struct has a field `__state_`.
383 ValueDecl *FlagFieldDecl = M.findMemberField(RD: FlagRecordDecl, Name: "__state_");
384
385 // Otherwise, try libstdc++ implementation, with a field
386 // `_M_once`
387 if (!FlagFieldDecl) {
388 FlagFieldDecl = M.findMemberField(RD: FlagRecordDecl, Name: "_M_once");
389 }
390
391 if (!FlagFieldDecl) {
392 LLVM_DEBUG(llvm::dbgs() << "No field _M_once or __state_ found on "
393 << "std::once_flag struct: unknown std::call_once "
394 << "implementation, ignoring the call.");
395 return nullptr;
396 }
397
398 bool isLambdaCall = CallbackRecordDecl && CallbackRecordDecl->isLambda();
399 if (CallbackRecordDecl && !isLambdaCall) {
400 LLVM_DEBUG(llvm::dbgs()
401 << "Not supported: synthesizing body for functors when "
402 << "body farming std::call_once, ignoring the call.");
403 return nullptr;
404 }
405
406 SmallVector<Expr *, 5> CallArgs;
407 const FunctionProtoType *CallbackFunctionType;
408 if (isLambdaCall) {
409
410 // Lambda requires callback itself inserted as a first parameter.
411 CallArgs.push_back(
412 M.makeDeclRefExpr(Callback,
413 /* RefersToEnclosingVariableOrCapture=*/ true));
414 CallbackFunctionType = CallbackRecordDecl->getLambdaCallOperator()
415 ->getType()
416 ->getAs<FunctionProtoType>();
417 } else if (!CallbackType->getPointeeType().isNull()) {
418 CallbackFunctionType =
419 CallbackType->getPointeeType()->getAs<FunctionProtoType>();
420 } else {
421 CallbackFunctionType = CallbackType->getAs<FunctionProtoType>();
422 }
423
424 if (!CallbackFunctionType)
425 return nullptr;
426
427 // First two arguments are used for the flag and for the callback.
428 if (D->getNumParams() != CallbackFunctionType->getNumParams() + 2) {
429 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match "
430 << "params passed to std::call_once, "
431 << "ignoring the call\n");
432 return nullptr;
433 }
434
435 // All arguments past first two ones are passed to the callback,
436 // and we turn lvalues into rvalues if the argument is not passed by
437 // reference.
438 for (unsigned int ParamIdx = 2; ParamIdx < D->getNumParams(); ParamIdx++) {
439 const ParmVarDecl *PDecl = D->getParamDecl(i: ParamIdx);
440 assert(PDecl);
441 if (CallbackFunctionType->getParamType(i: ParamIdx - 2)
442 .getNonReferenceType()
443 .getCanonicalType() !=
444 PDecl->getType().getNonReferenceType().getCanonicalType()) {
445 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match "
446 << "params passed to std::call_once, "
447 << "ignoring the call\n");
448 return nullptr;
449 }
450 Expr *ParamExpr = M.makeDeclRefExpr(PDecl);
451 if (!CallbackFunctionType->getParamType(i: ParamIdx - 2)->isReferenceType()) {
452 QualType PTy = PDecl->getType().getNonReferenceType();
453 ParamExpr = M.makeLvalueToRvalue(Arg: ParamExpr, Ty: PTy);
454 }
455 CallArgs.push_back(Elt: ParamExpr);
456 }
457
458 CallExpr *CallbackCall;
459 if (isLambdaCall) {
460
461 CallbackCall = create_call_once_lambda_call(C, M, Callback,
462 CallbackDecl: CallbackRecordDecl, CallArgs);
463 } else {
464
465 // Function pointer case.
466 CallbackCall = create_call_once_funcptr_call(C, M, Callback, CallArgs);
467 }
468
469 DeclRefExpr *FlagDecl =
470 M.makeDeclRefExpr(Flag,
471 /* RefersToEnclosingVariableOrCapture=*/true);
472
473
474 MemberExpr *Deref = M.makeMemberExpression(FlagDecl, FlagFieldDecl);
475 assert(Deref->isLValue());
476 QualType DerefType = Deref->getType();
477
478 // Negation predicate.
479 UnaryOperator *FlagCheck = UnaryOperator::Create(
480 C,
481 /* input=*/
482 M.makeImplicitCast(M.makeLvalueToRvalue(Deref, DerefType), DerefType,
483 CK_IntegralToBoolean),
484 /* opc=*/UO_LNot,
485 /* QualType=*/type: C.IntTy,
486 /* ExprValueKind=*/VK: VK_PRValue,
487 /* ExprObjectKind=*/OK: OK_Ordinary, l: SourceLocation(),
488 /* CanOverflow*/ false, FPFeatures: FPOptionsOverride());
489
490 // Create assignment.
491 BinaryOperator *FlagAssignment = M.makeAssignment(
492 LHS: Deref, RHS: M.makeIntegralCast(Arg: M.makeIntegerLiteral(Value: 1, Ty: C.IntTy), Ty: DerefType),
493 Ty: DerefType);
494
495 auto *Out =
496 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary,
497 /* Init=*/nullptr,
498 /* Var=*/nullptr,
499 /* Cond=*/FlagCheck,
500 /* LPL=*/SourceLocation(),
501 /* RPL=*/SourceLocation(),
502 /* Then=*/M.makeCompound({CallbackCall, FlagAssignment}));
503
504 return Out;
505}
506
507/// Create a fake body for dispatch_once.
508static Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) {
509 // Check if we have at least two parameters.
510 if (D->param_size() != 2)
511 return nullptr;
512
513 // Check if the first parameter is a pointer to integer type.
514 const ParmVarDecl *Predicate = D->getParamDecl(i: 0);
515 QualType PredicateQPtrTy = Predicate->getType();
516 const PointerType *PredicatePtrTy = PredicateQPtrTy->getAs<PointerType>();
517 if (!PredicatePtrTy)
518 return nullptr;
519 QualType PredicateTy = PredicatePtrTy->getPointeeType();
520 if (!PredicateTy->isIntegerType())
521 return nullptr;
522
523 // Check if the second parameter is the proper block type.
524 const ParmVarDecl *Block = D->getParamDecl(i: 1);
525 QualType Ty = Block->getType();
526 if (!isDispatchBlock(Ty))
527 return nullptr;
528
529 // Everything checks out. Create a fakse body that checks the predicate,
530 // sets it, and calls the block. Basically, an AST dump of:
531 //
532 // void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block) {
533 // if (*predicate != ~0l) {
534 // *predicate = ~0l;
535 // block();
536 // }
537 // }
538
539 ASTMaker M(C);
540
541 // (1) Create the call.
542 CallExpr *CE = CallExpr::Create(
543 /*ASTContext=*/Ctx: C,
544 /*StmtClass=*/Fn: M.makeLvalueToRvalue(/*Expr=*/Block),
545 /*Args=*/std::nullopt,
546 /*QualType=*/Ty: C.VoidTy,
547 /*ExprValueType=*/VK: VK_PRValue,
548 /*SourceLocation=*/RParenLoc: SourceLocation(), FPFeatures: FPOptionsOverride());
549
550 // (2) Create the assignment to the predicate.
551 Expr *DoneValue =
552 UnaryOperator::Create(C, input: M.makeIntegerLiteral(Value: 0, Ty: C.LongTy), opc: UO_Not,
553 type: C.LongTy, VK: VK_PRValue, OK: OK_Ordinary, l: SourceLocation(),
554 /*CanOverflow*/ false, FPFeatures: FPOptionsOverride());
555
556 BinaryOperator *B =
557 M.makeAssignment(
558 M.makeDereference(
559 M.makeLvalueToRvalue(
560 M.makeDeclRefExpr(Predicate), PredicateQPtrTy),
561 PredicateTy),
562 M.makeIntegralCast(Arg: DoneValue, Ty: PredicateTy),
563 PredicateTy);
564
565 // (3) Create the compound statement.
566 Stmt *Stmts[] = { B, CE };
567 CompoundStmt *CS = M.makeCompound(Stmts);
568
569 // (4) Create the 'if' condition.
570 ImplicitCastExpr *LValToRval =
571 M.makeLvalueToRvalue(
572 M.makeDereference(
573 M.makeLvalueToRvalue(
574 M.makeDeclRefExpr(Predicate),
575 PredicateQPtrTy),
576 PredicateTy),
577 PredicateTy);
578
579 Expr *GuardCondition = M.makeComparison(LValToRval, DoneValue, BO_NE);
580 // (5) Create the 'if' statement.
581 auto *If = IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary,
582 /* Init=*/nullptr,
583 /* Var=*/nullptr,
584 /* Cond=*/GuardCondition,
585 /* LPL=*/SourceLocation(),
586 /* RPL=*/SourceLocation(),
587 /* Then=*/CS);
588 return If;
589}
590
591/// Create a fake body for dispatch_sync.
592static Stmt *create_dispatch_sync(ASTContext &C, const FunctionDecl *D) {
593 // Check if we have at least two parameters.
594 if (D->param_size() != 2)
595 return nullptr;
596
597 // Check if the second parameter is a block.
598 const ParmVarDecl *PV = D->getParamDecl(i: 1);
599 QualType Ty = PV->getType();
600 if (!isDispatchBlock(Ty))
601 return nullptr;
602
603 // Everything checks out. Create a fake body that just calls the block.
604 // This is basically just an AST dump of:
605 //
606 // void dispatch_sync(dispatch_queue_t queue, void (^block)(void)) {
607 // block();
608 // }
609 //
610 ASTMaker M(C);
611 DeclRefExpr *DR = M.makeDeclRefExpr(PV);
612 ImplicitCastExpr *ICE = M.makeLvalueToRvalue(DR, Ty);
613 CallExpr *CE = CallExpr::Create(Ctx: C, Fn: ICE, Args: std::nullopt, Ty: C.VoidTy, VK: VK_PRValue,
614 RParenLoc: SourceLocation(), FPFeatures: FPOptionsOverride());
615 return CE;
616}
617
618static Stmt *create_OSAtomicCompareAndSwap(ASTContext &C, const FunctionDecl *D)
619{
620 // There are exactly 3 arguments.
621 if (D->param_size() != 3)
622 return nullptr;
623
624 // Signature:
625 // _Bool OSAtomicCompareAndSwapPtr(void *__oldValue,
626 // void *__newValue,
627 // void * volatile *__theValue)
628 // Generate body:
629 // if (oldValue == *theValue) {
630 // *theValue = newValue;
631 // return YES;
632 // }
633 // else return NO;
634
635 QualType ResultTy = D->getReturnType();
636 bool isBoolean = ResultTy->isBooleanType();
637 if (!isBoolean && !ResultTy->isIntegralType(Ctx: C))
638 return nullptr;
639
640 const ParmVarDecl *OldValue = D->getParamDecl(i: 0);
641 QualType OldValueTy = OldValue->getType();
642
643 const ParmVarDecl *NewValue = D->getParamDecl(i: 1);
644 QualType NewValueTy = NewValue->getType();
645
646 assert(OldValueTy == NewValueTy);
647
648 const ParmVarDecl *TheValue = D->getParamDecl(i: 2);
649 QualType TheValueTy = TheValue->getType();
650 const PointerType *PT = TheValueTy->getAs<PointerType>();
651 if (!PT)
652 return nullptr;
653 QualType PointeeTy = PT->getPointeeType();
654
655 ASTMaker M(C);
656 // Construct the comparison.
657 Expr *Comparison =
658 M.makeComparison(
659 M.makeLvalueToRvalue(M.makeDeclRefExpr(OldValue), OldValueTy),
660 M.makeLvalueToRvalue(
661 M.makeDereference(
662 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy),
663 PointeeTy),
664 PointeeTy),
665 BO_EQ);
666
667 // Construct the body of the IfStmt.
668 Stmt *Stmts[2];
669 Stmts[0] =
670 M.makeAssignment(
671 M.makeDereference(
672 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy),
673 PointeeTy),
674 M.makeLvalueToRvalue(M.makeDeclRefExpr(NewValue), NewValueTy),
675 NewValueTy);
676
677 Expr *BoolVal = M.makeObjCBool(Val: true);
678 Expr *RetVal = isBoolean ? M.makeIntegralCastToBoolean(Arg: BoolVal)
679 : M.makeIntegralCast(Arg: BoolVal, Ty: ResultTy);
680 Stmts[1] = M.makeReturn(RetVal);
681 CompoundStmt *Body = M.makeCompound(Stmts);
682
683 // Construct the else clause.
684 BoolVal = M.makeObjCBool(Val: false);
685 RetVal = isBoolean ? M.makeIntegralCastToBoolean(Arg: BoolVal)
686 : M.makeIntegralCast(Arg: BoolVal, Ty: ResultTy);
687 Stmt *Else = M.makeReturn(RetVal);
688
689 /// Construct the If.
690 auto *If =
691 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary,
692 /* Init=*/nullptr,
693 /* Var=*/nullptr, Comparison,
694 /* LPL=*/SourceLocation(),
695 /* RPL=*/SourceLocation(), Body, SourceLocation(), Else);
696
697 return If;
698}
699
700Stmt *BodyFarm::getBody(const FunctionDecl *D) {
701 std::optional<Stmt *> &Val = Bodies[D];
702 if (Val)
703 return *Val;
704
705 Val = nullptr;
706
707 if (D->getIdentifier() == nullptr)
708 return nullptr;
709
710 StringRef Name = D->getName();
711 if (Name.empty())
712 return nullptr;
713
714 FunctionFarmer FF;
715
716 if (unsigned BuiltinID = D->getBuiltinID()) {
717 switch (BuiltinID) {
718 case Builtin::BIas_const:
719 case Builtin::BIforward:
720 case Builtin::BIforward_like:
721 case Builtin::BImove:
722 case Builtin::BImove_if_noexcept:
723 FF = create_std_move_forward;
724 break;
725 default:
726 FF = nullptr;
727 break;
728 }
729 } else if (Name.starts_with(Prefix: "OSAtomicCompareAndSwap") ||
730 Name.starts_with(Prefix: "objc_atomicCompareAndSwap")) {
731 FF = create_OSAtomicCompareAndSwap;
732 } else if (Name == "call_once" && D->getDeclContext()->isStdNamespace()) {
733 FF = create_call_once;
734 } else {
735 FF = llvm::StringSwitch<FunctionFarmer>(Name)
736 .Case(S: "dispatch_sync", Value: create_dispatch_sync)
737 .Case(S: "dispatch_once", Value: create_dispatch_once)
738 .Default(Value: nullptr);
739 }
740
741 if (FF) { Val = FF(C, D); }
742 else if (Injector) { Val = Injector->getBody(D); }
743 return *Val;
744}
745
746static const ObjCIvarDecl *findBackingIvar(const ObjCPropertyDecl *Prop) {
747 const ObjCIvarDecl *IVar = Prop->getPropertyIvarDecl();
748
749 if (IVar)
750 return IVar;
751
752 // When a readonly property is shadowed in a class extensions with a
753 // a readwrite property, the instance variable belongs to the shadowing
754 // property rather than the shadowed property. If there is no instance
755 // variable on a readonly property, check to see whether the property is
756 // shadowed and if so try to get the instance variable from shadowing
757 // property.
758 if (!Prop->isReadOnly())
759 return nullptr;
760
761 auto *Container = cast<ObjCContainerDecl>(Prop->getDeclContext());
762 const ObjCInterfaceDecl *PrimaryInterface = nullptr;
763 if (auto *InterfaceDecl = dyn_cast<ObjCInterfaceDecl>(Container)) {
764 PrimaryInterface = InterfaceDecl;
765 } else if (auto *CategoryDecl = dyn_cast<ObjCCategoryDecl>(Container)) {
766 PrimaryInterface = CategoryDecl->getClassInterface();
767 } else if (auto *ImplDecl = dyn_cast<ObjCImplDecl>(Container)) {
768 PrimaryInterface = ImplDecl->getClassInterface();
769 } else {
770 return nullptr;
771 }
772
773 // FindPropertyVisibleInPrimaryClass() looks first in class extensions, so it
774 // is guaranteed to find the shadowing property, if it exists, rather than
775 // the shadowed property.
776 auto *ShadowingProp = PrimaryInterface->FindPropertyVisibleInPrimaryClass(
777 PropertyId: Prop->getIdentifier(), QueryKind: Prop->getQueryKind());
778 if (ShadowingProp && ShadowingProp != Prop) {
779 IVar = ShadowingProp->getPropertyIvarDecl();
780 }
781
782 return IVar;
783}
784
785static Stmt *createObjCPropertyGetter(ASTContext &Ctx,
786 const ObjCMethodDecl *MD) {
787 // First, find the backing ivar.
788 const ObjCIvarDecl *IVar = nullptr;
789 const ObjCPropertyDecl *Prop = nullptr;
790
791 // Property accessor stubs sometimes do not correspond to any property decl
792 // in the current interface (but in a superclass). They still have a
793 // corresponding property impl decl in this case.
794 if (MD->isSynthesizedAccessorStub()) {
795 const ObjCInterfaceDecl *IntD = MD->getClassInterface();
796 const ObjCImplementationDecl *ImpD = IntD->getImplementation();
797 for (const auto *PI : ImpD->property_impls()) {
798 if (const ObjCPropertyDecl *Candidate = PI->getPropertyDecl()) {
799 if (Candidate->getGetterName() == MD->getSelector()) {
800 Prop = Candidate;
801 IVar = Prop->getPropertyIvarDecl();
802 }
803 }
804 }
805 }
806
807 if (!IVar) {
808 Prop = MD->findPropertyDecl();
809 IVar = Prop ? findBackingIvar(Prop) : nullptr;
810 }
811
812 if (!IVar || !Prop)
813 return nullptr;
814
815 // Ignore weak variables, which have special behavior.
816 if (Prop->getPropertyAttributes() & ObjCPropertyAttribute::kind_weak)
817 return nullptr;
818
819 // Look to see if Sema has synthesized a body for us. This happens in
820 // Objective-C++ because the return value may be a C++ class type with a
821 // non-trivial copy constructor. We can only do this if we can find the
822 // @synthesize for this property, though (or if we know it's been auto-
823 // synthesized).
824 const ObjCImplementationDecl *ImplDecl =
825 IVar->getContainingInterface()->getImplementation();
826 if (ImplDecl) {
827 for (const auto *I : ImplDecl->property_impls()) {
828 if (I->getPropertyDecl() != Prop)
829 continue;
830
831 if (I->getGetterCXXConstructor()) {
832 ASTMaker M(Ctx);
833 return M.makeReturn(I->getGetterCXXConstructor());
834 }
835 }
836 }
837
838 // We expect that the property is the same type as the ivar, or a reference to
839 // it, and that it is either an object pointer or trivially copyable.
840 if (!Ctx.hasSameUnqualifiedType(T1: IVar->getType(),
841 T2: Prop->getType().getNonReferenceType()))
842 return nullptr;
843 if (!IVar->getType()->isObjCLifetimeType() &&
844 !IVar->getType().isTriviallyCopyableType(Ctx))
845 return nullptr;
846
847 // Generate our body:
848 // return self->_ivar;
849 ASTMaker M(Ctx);
850
851 const VarDecl *selfVar = MD->getSelfDecl();
852 if (!selfVar)
853 return nullptr;
854
855 Expr *loadedIVar = M.makeObjCIvarRef(
856 Base: M.makeLvalueToRvalue(M.makeDeclRefExpr(D: selfVar), selfVar->getType()),
857 IVar);
858
859 if (!MD->getReturnType()->isReferenceType())
860 loadedIVar = M.makeLvalueToRvalue(loadedIVar, IVar->getType());
861
862 return M.makeReturn(RetVal: loadedIVar);
863}
864
865Stmt *BodyFarm::getBody(const ObjCMethodDecl *D) {
866 // We currently only know how to synthesize property accessors.
867 if (!D->isPropertyAccessor())
868 return nullptr;
869
870 D = D->getCanonicalDecl();
871
872 // We should not try to synthesize explicitly redefined accessors.
873 // We do not know for sure how they behave.
874 if (!D->isImplicit())
875 return nullptr;
876
877 std::optional<Stmt *> &Val = Bodies[D];
878 if (Val)
879 return *Val;
880 Val = nullptr;
881
882 // For now, we only synthesize getters.
883 // Synthesizing setters would cause false negatives in the
884 // RetainCountChecker because the method body would bind the parameter
885 // to an instance variable, causing it to escape. This would prevent
886 // warning in the following common scenario:
887 //
888 // id foo = [[NSObject alloc] init];
889 // self.foo = foo; // We should warn that foo leaks here.
890 //
891 if (D->param_size() != 0)
892 return nullptr;
893
894 // If the property was defined in an extension, search the extensions for
895 // overrides.
896 const ObjCInterfaceDecl *OID = D->getClassInterface();
897 if (dyn_cast<ObjCInterfaceDecl>(D->getParent()) != OID)
898 for (auto *Ext : OID->known_extensions()) {
899 auto *OMD = Ext->getInstanceMethod(D->getSelector());
900 if (OMD && !OMD->isImplicit())
901 return nullptr;
902 }
903
904 Val = createObjCPropertyGetter(Ctx&: C, MD: D);
905
906 return *Val;
907}
908

source code of clang/lib/Analysis/BodyFarm.cpp