1//=======- UncountedLambdaCapturesChecker.cpp --------------------*- C++ -*-==// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8 9#include "DiagOutputUtils.h" 10#include "PtrTypesSemantics.h" 11#include "clang/AST/CXXInheritance.h" 12#include "clang/AST/RecursiveASTVisitor.h" 13#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" 14#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 15#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 16#include "clang/StaticAnalyzer/Core/Checker.h" 17#include <optional> 18 19using namespace clang; 20using namespace ento; 21 22namespace { 23class UncountedLambdaCapturesChecker 24 : public Checker<check::ASTDecl<TranslationUnitDecl>> { 25private: 26 BugType Bug{this, "Lambda capture of uncounted variable", 27 "WebKit coding guidelines"}; 28 mutable BugReporter *BR; 29 30public: 31 void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &MGR, 32 BugReporter &BRArg) const { 33 BR = &BRArg; 34 35 // The calls to checkAST* from AnalysisConsumer don't 36 // visit template instantiations or lambda classes. We 37 // want to visit those, so we make our own RecursiveASTVisitor. 38 struct LocalVisitor : public RecursiveASTVisitor<LocalVisitor> { 39 const UncountedLambdaCapturesChecker *Checker; 40 explicit LocalVisitor(const UncountedLambdaCapturesChecker *Checker) 41 : Checker(Checker) { 42 assert(Checker); 43 } 44 45 bool shouldVisitTemplateInstantiations() const { return true; } 46 bool shouldVisitImplicitCode() const { return false; } 47 48 bool VisitLambdaExpr(LambdaExpr *L) { 49 Checker->visitLambdaExpr(L); 50 return true; 51 } 52 }; 53 54 LocalVisitor visitor(this); 55 visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD)); 56 } 57 58 void visitLambdaExpr(LambdaExpr *L) const { 59 for (const LambdaCapture &C : L->captures()) { 60 if (C.capturesVariable()) { 61 ValueDecl *CapturedVar = C.getCapturedVar(); 62 if (auto *CapturedVarType = CapturedVar->getType().getTypePtrOrNull()) { 63 std::optional<bool> IsUncountedPtr = isUncountedPtr(CapturedVarType); 64 if (IsUncountedPtr && *IsUncountedPtr) { 65 reportBug(C, CapturedVar, CapturedVarType); 66 } 67 } 68 } 69 } 70 } 71 72 void reportBug(const LambdaCapture &Capture, ValueDecl *CapturedVar, 73 const Type *T) const { 74 assert(CapturedVar); 75 76 SmallString<100> Buf; 77 llvm::raw_svector_ostream Os(Buf); 78 79 if (Capture.isExplicit()) { 80 Os << "Captured "; 81 } else { 82 Os << "Implicitly captured "; 83 } 84 if (T->isPointerType()) { 85 Os << "raw-pointer "; 86 } else { 87 assert(T->isReferenceType()); 88 Os << "reference "; 89 } 90 91 printQuotedQualifiedName(Os, Capture.getCapturedVar()); 92 Os << " to uncounted type is unsafe."; 93 94 PathDiagnosticLocation BSLoc(Capture.getLocation(), BR->getSourceManager()); 95 auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc); 96 BR->emitReport(std::move(Report)); 97 } 98}; 99} // namespace 100 101void ento::registerUncountedLambdaCapturesChecker(CheckerManager &Mgr) { 102 Mgr.registerChecker<UncountedLambdaCapturesChecker>(); 103} 104 105bool ento::shouldRegisterUncountedLambdaCapturesChecker( 106 const CheckerManager &mgr) { 107 return true; 108} 109