/// An AST check that diagnose when the class requires a -dealloc method and
/// is missing one.
void ObjCDeallocChecker::checkASTDecl(const ObjCImplementationDecl *D,
AnalysisManager &Mgr,
BugReporter &BR) const {
assert(Mgr.getLangOpts().getGC() != LangOptions::GCOnly);
assert(!Mgr.getLangOpts().ObjCAutoRefCount);
initIdentifierInfoAndSelectors(Mgr.getASTContext());
const ObjCInterfaceDecl *ID = D->getClassInterface();
// If the class is known to have a lifecycle with a separate teardown method
// then it may not require a -dealloc method.
if (classHasSeparateTeardown(ID))
return;
// Does the class contain any synthesized properties that are retainable?
// If not, skip the check entirely.
const ObjCPropertyImplDecl *PropImplRequiringRelease = nullptr;
bool HasOthers = false;
for (const auto *I : D->property_impls()) {
if (getDeallocReleaseRequirement(I) == ReleaseRequirement::MustRelease) {
if (!PropImplRequiringRelease)
PropImplRequiringRelease = I;
else {
HasOthers = true;
break;
}
}
}
if (!PropImplRequiringRelease)
return;
const ObjCMethodDecl *MD = nullptr;
// Scan the instance methods for "dealloc".
for (const auto *I : D->instance_methods()) {
if (I->getSelector() == DeallocSel) {
MD = I;
break;
}
}
if (!MD) { // No dealloc found.
const char* Name = "Missing -dealloc";
std::string Buf;
llvm::raw_string_ostream OS(Buf);
OS << "'" << *D << "' lacks a 'dealloc' instance method but "
<< "must release '" << *PropImplRequiringRelease->getPropertyIvarDecl()
<< "'";
if (HasOthers)
OS << " and others";
PathDiagnosticLocation DLoc =
PathDiagnosticLocation::createBegin(D, BR.getSourceManager());
BR.EmitBasicReport(D, this, Name, categories::CoreFoundationObjectiveC,
OS.str(), DLoc);
return;
}
}
static PathDiagnosticLocation makeLocation(const StmtSequence &S,
AnalysisManager &Mgr) {
ASTContext &ACtx = Mgr.getASTContext();
return PathDiagnosticLocation::createBegin(
S.front(), ACtx.getSourceManager(),
Mgr.getAnalysisDeclContext(ACtx.getTranslationUnitDecl()));
}
void FunctionChecker::checkASTDecl(const FunctionDecl *FD, AnalysisManager &mgr, BugReporter &BR) const {
if (FD->hasAttr<CMSThreadSafeAttr>())
return;
if (FD->isInExternCContext()) {
std::string buf;
std::string dname = FD->getQualifiedNameAsString();
if (dname.compare(dname.size() - 1, 1, "_") == 0) {
llvm::raw_string_ostream os(buf);
os << "function '" << dname
<< "' is in an extern \"C\" context and most likely accesses or modifies fortran variables in a "
"'COMMONBLOCK'.\n";
clang::ento::PathDiagnosticLocation::createBegin(FD, BR.getSourceManager());
// BR.EmitBasicReport(FD, "COMMONBLOCK variable accessed or modified","ThreadSafety",os.str(), FDLoc);
std::string ostring = "function '" + dname + "' static variable 'COMMONBLOCK'.\n";
std::string tname = "function-checker.txt.unsorted";
support::writeLog(ostring, tname);
}
}
const char *sfile = BR.getSourceManager().getPresumedLoc(FD->getLocation()).getFilename();
if (!support::isCmsLocalFile(sfile))
return;
std::string fname(sfile);
if (!support::isInterestingLocation(fname))
return;
if (FD->doesThisDeclarationHaveABody()) {
FWalker walker(this, BR, mgr.getAnalysisDeclContext(FD));
walker.Visit(FD->getBody());
}
}
// OutputPossibleOverflows - We've found a possible overflow earlier,
// now check whether Body might contain a comparison which might be
// preventing the overflow.
// This doesn't do flow analysis, range analysis, or points-to analysis; it's
// just a dumb "is there a comparison" scan. The aim here is to
// detect the most blatent cases of overflow and educate the
// programmer.
void MallocOverflowSecurityChecker::OutputPossibleOverflows(
llvm::SmallVectorImpl<MallocOverflowCheck> &PossibleMallocOverflows,
const Decl *D, BugReporter &BR, AnalysisManager &mgr) const {
// By far the most common case: nothing to check.
if (PossibleMallocOverflows.empty())
return;
// Delete any possible overflows which have a comparison.
CheckOverflowOps c(PossibleMallocOverflows, BR.getContext());
c.Visit(mgr.getAnalysisContext(D)->getBody());
// Output warnings for all overflows that are left.
for (CheckOverflowOps::theVecType::iterator
i = PossibleMallocOverflows.begin(),
e = PossibleMallocOverflows.end();
i != e;
++i) {
SourceRange R = i->mulop->getSourceRange();
BR.EmitBasicReport("MallocOverflowSecurityChecker",
"the computation of the size of the memory allocation may overflow",
PathDiagnosticLocation::createOperatorLoc(i->mulop,
BR.getSourceManager()),
&R, 1);
}
}
// Called on every method in the AST.
void checkASTCodeBody(const Decl *decl,
AnalysisManager &am,
BugReporter &br) const {
if (AnalysisDeclContext *ac = am.getAnalysisDeclContext(decl)) {
WalkAST walker(*this, br, ac, decl);
walker.Visit(decl->getBody());
}
}
void ThrUnsafeFCallChecker::checkASTDecl(const CXXMethodDecl *MD, AnalysisManager& mgr,
BugReporter &BR) const {
const SourceManager &SM = BR.getSourceManager();
PathDiagnosticLocation DLoc =PathDiagnosticLocation::createBegin( MD, SM );
if ( SM.isInSystemHeader(DLoc.asLocation()) || SM.isInExternCSystemHeader(DLoc.asLocation()) ) return;
if (!MD->doesThisDeclarationHaveABody()) return;
clangcms::TUFWalker walker(this,BR, mgr.getAnalysisDeclContext(MD));
walker.Visit(MD->getBody());
return;
}
void CloneChecker::checkEndOfTranslationUnit(const TranslationUnitDecl *TU,
AnalysisManager &Mgr,
BugReporter &BR) const {
// At this point, every statement in the translation unit has been analyzed by
// the CloneDetector. The only thing left to do is to report the found clones.
int MinComplexity = Mgr.getAnalyzerOptions().getOptionAsInteger(
"MinimumCloneComplexity", 10, this);
assert(MinComplexity >= 0);
bool ReportSuspiciousClones = Mgr.getAnalyzerOptions().getBooleanOption(
"ReportSuspiciousClones", true, this);
bool ReportNormalClones = Mgr.getAnalyzerOptions().getBooleanOption(
"ReportNormalClones", true, this);
// Let the CloneDetector create a list of clones from all the analyzed
// statements. We don't filter for matching variable patterns at this point
// because reportSuspiciousClones() wants to search them for errors.
std::vector<CloneDetector::CloneGroup> AllCloneGroups;
Detector.findClones(AllCloneGroups, RecursiveCloneTypeIIConstraint(),
MinComplexityConstraint(MinComplexity),
MinGroupSizeConstraint(2), OnlyLargestCloneConstraint());
if (ReportSuspiciousClones)
reportSuspiciousClones(BR, Mgr, AllCloneGroups);
// We are done for this translation unit unless we also need to report normal
// clones.
if (!ReportNormalClones)
return;
// Now that the suspicious clone detector has checked for pattern errors,
// we also filter all clones who don't have matching patterns
CloneDetector::constrainClones(AllCloneGroups,
MatchingVariablePatternConstraint(),
MinGroupSizeConstraint(2));
reportClones(BR, Mgr, AllCloneGroups);
}
void TrunCastChecker::checkASTDecl(const CXXRecordDecl *D, AnalysisManager &Mgr, BugReporter &BR) const {
for (auto I = D->method_begin(), E = D->method_end(); I != E; ++I) {
if (!llvm::isa<clang::CXXMethodDecl>((*I)))
continue;
clang::CXXMethodDecl *MD = llvm::cast<clang::CXXMethodDecl>((*I)->getMostRecentDecl());
if (!MD->hasBody())
continue;
clang::Stmt *Body = MD->getBody();
ICEVisitor icevisitor(this, BR, Mgr.getAnalysisDeclContext(MD));
icevisitor.Visit(Body);
}
}
void FunctionChecker::checkASTDecl(const CXXMethodDecl *MD, AnalysisManager& mgr,
BugReporter &BR) const {
if ( MD->hasAttr<CMSThreadSafeAttr>()) return;
const char *sfile=BR.getSourceManager().getPresumedLoc(MD->getLocation()).getFilename();
if (!support::isCmsLocalFile(sfile)) return;
std::string fname(sfile);
if ( fname.find("/test/") != std::string::npos) return;
if (!MD->doesThisDeclarationHaveABody()) return;
FWalker walker(BR, mgr.getAnalysisDeclContext(MD));
walker.Visit(MD->getBody());
return;
}
void MallocOverflowSecurityChecker::checkASTCodeBody(const Decl *D,
AnalysisManager &mgr,
BugReporter &BR) const {
CFG *cfg = mgr.getCFG(D);
if (!cfg)
return;
// A list of variables referenced in possibly overflowing malloc operands.
llvm::SmallVector<MallocOverflowCheck, 2> PossibleMallocOverflows;
for (CFG::iterator it = cfg->begin(), ei = cfg->end(); it != ei; ++it) {
CFGBlock *block = *it;
for (CFGBlock::iterator bi = block->begin(), be = block->end();
bi != be; ++bi) {
if (const CFGStmt *CS = bi->getAs<CFGStmt>()) {
if (const CallExpr *TheCall = dyn_cast<CallExpr>(CS->getStmt())) {
// Get the callee.
const FunctionDecl *FD = TheCall->getDirectCallee();
if (!FD)
return;
// Get the name of the callee. If it's a builtin, strip off the prefix.
IdentifierInfo *FnInfo = FD->getIdentifier();
if (!FnInfo)
return;
if (FnInfo->isStr ("malloc") || FnInfo->isStr ("_MALLOC")) {
if (TheCall->getNumArgs() == 1)
CheckMallocArgument(PossibleMallocOverflows, TheCall->getArg(0),
mgr.getASTContext());
}
}
}
}
}
OutputPossibleOverflows(PossibleMallocOverflows, D, BR, mgr);
}
void getByChecker::checkASTDecl(const FunctionTemplateDecl *TD, AnalysisManager &mgr, BugReporter &BR) const {
const clang::SourceManager &SM = BR.getSourceManager();
clang::ento::PathDiagnosticLocation DLoc = clang::ento::PathDiagnosticLocation::createBegin(TD, SM);
if (SM.isInSystemHeader(DLoc.asLocation()) || SM.isInExternCSystemHeader(DLoc.asLocation()))
return;
for (auto I = TD->spec_begin(), E = TD->spec_end(); I != E; ++I) {
if (I->doesThisDeclarationHaveABody()) {
clangcms::Walker walker(this, BR, mgr.getAnalysisDeclContext(*I));
walker.Visit(I->getBody());
}
}
return;
}
void DanglingDelegateChecker::checkASTDecl(const ObjCImplDecl *implDecl, AnalysisManager& manager, BugReporter &bugReporter) const {
const NamedDecl *namedDecl = dyn_cast<NamedDecl>(implDecl);
if (!namedDecl) {
assert(false);
return;
}
std::string name = namedDecl->getNameAsString();
// obtain the map of facts for the current class implementation, possibly a new one
ObjCImplFacts &facts = _implFacts[name];
for (ObjCImplDecl::method_iterator it = implDecl->meth_begin(), end = implDecl->meth_end();
it != end; ++it) {
FactFinder factFinder(*it, facts);
factFinder.VisitMethodDecl();
Stmt *body = (*it)->getBody();
if (body) {
factFinder.Visit(body);
}
}
PathDiagnosticLocation pLoc(implDecl->getLocation(), bugReporter.getSourceManager());
const std::function<void(StringRef)> emitBug([implDecl, &pLoc, &bugReporter, this](StringRef str) {
bugReporter.EmitBasicReport(implDecl,
this,
"Leaking unsafe reference to self",
"Memory error (Facebook)",
str,
pLoc);
});
// The default dealloc in ARC mode does not clear delegates.
if (!facts._hasDealloc && manager.getLangOpts().ObjCAutoRefCount) {
const StringSet emptySet;
for (auto it = facts._ivarFactsMap.begin(), end = facts._ivarFactsMap.end(); it != end; it++) {
verifyAndReportDangerousProperties(it->second._mayStoreSelfInUnsafeProperty,
emptySet,
it->first->getNameAsString(),
it->first->getType(),
"ARC-generated dealloc",
emitBug);
}
}
}
void ObjCSuperCallChecker::checkASTDecl(const ObjCImplementationDecl *D,
AnalysisManager &Mgr,
BugReporter &BR) const {
ASTContext &Ctx = BR.getContext();
// We need to initialize the selector table once.
if (!IsInitialized)
initializeSelectors(Ctx);
// Find out whether this class has a superclass that we are supposed to check.
StringRef SuperclassName;
if (!isCheckableClass(D, SuperclassName))
return;
// Iterate over all instance methods.
for (auto *MD : D->instance_methods()) {
Selector S = MD->getSelector();
// Find out whether this is a selector that we want to check.
if (!SelectorsForClass[SuperclassName].count(S))
continue;
// Check if the method calls its superclass implementation.
if (MD->getBody())
{
FindSuperCallVisitor Visitor(S);
Visitor.TraverseDecl(MD);
// It doesn't call super, emit a diagnostic.
if (!Visitor.DoesCallSuper) {
PathDiagnosticLocation DLoc =
PathDiagnosticLocation::createEnd(MD->getBody(),
BR.getSourceManager(),
Mgr.getAnalysisDeclContext(D));
const char *Name = "Missing call to superclass";
SmallString<320> Buf;
llvm::raw_svector_ostream os(Buf);
os << "The '" << S.getAsString()
<< "' instance method in " << SuperclassName.str() << " subclass '"
<< *D << "' is missing a [super " << S.getAsString() << "] call";
BR.EmitBasicReport(MD, this, Name, categories::CoreFoundationObjectiveC,
os.str(), DLoc);
}
}
}
}
void FunctionChecker::checkASTDecl(const FunctionTemplateDecl *TD, AnalysisManager &mgr, BugReporter &BR) const {
if (TD->hasAttr<CMSThreadSafeAttr>())
return;
const char *sfile = BR.getSourceManager().getPresumedLoc(TD->getLocation()).getFilename();
if (!support::isCmsLocalFile(sfile))
return;
std::string fname(sfile);
if (!support::isInterestingLocation(fname))
return;
for (auto I = TD->spec_begin(), E = TD->spec_end(); I != E; ++I) {
if (I->doesThisDeclarationHaveABody()) {
FWalker walker(this, BR, mgr.getAnalysisDeclContext(*I));
walker.Visit(I->getBody());
}
}
return;
}
void FunctionChecker::checkASTDecl(const FunctionTemplateDecl *TD, AnalysisManager& mgr,
BugReporter &BR) const {
if ( TD->hasAttr<CMSThreadSafeAttr>()) return;
const char *sfile=BR.getSourceManager().getPresumedLoc(TD->getLocation ()).getFilename();
if (!support::isCmsLocalFile(sfile)) return;
std::string fname(sfile);
if ( fname.find("/test/") != std::string::npos) return;
for (FunctionTemplateDecl::spec_iterator I = const_cast<clang::FunctionTemplateDecl *>(TD)->spec_begin(),
E = const_cast<clang::FunctionTemplateDecl *>(TD)->spec_end(); I != E; ++I)
{
if (I->doesThisDeclarationHaveABody()) {
FWalker walker(BR, mgr.getAnalysisDeclContext(*I));
walker.Visit(I->getBody());
}
}
return;
}
AnalysisManager::AnalysisManager(ASTContext &ctx, DiagnosticsEngine &diags,
AnalysisManager &ParentAM)
: AnaCtxMgr(ParentAM.AnaCtxMgr.getUseUnoptimizedCFG(),
ParentAM.AnaCtxMgr.getCFGBuildOptions().AddImplicitDtors,
ParentAM.AnaCtxMgr.getCFGBuildOptions().AddInitializers),
Ctx(ctx), Diags(diags),
LangInfo(ParentAM.LangInfo), PD(ParentAM.getPathDiagnosticConsumer()),
CreateStoreMgr(ParentAM.CreateStoreMgr),
CreateConstraintMgr(ParentAM.CreateConstraintMgr),
CheckerMgr(ParentAM.CheckerMgr),
Idxer(ParentAM.Idxer),
AScope(ScopeDecl),
MaxNodes(ParentAM.MaxNodes),
MaxVisit(ParentAM.MaxVisit),
VisualizeEGDot(ParentAM.VisualizeEGDot),
VisualizeEGUbi(ParentAM.VisualizeEGUbi),
PurgeDead(ParentAM.PurgeDead),
EagerlyAssume(ParentAM.EagerlyAssume),
TrimGraph(ParentAM.TrimGraph),
InlineCall(ParentAM.InlineCall),
EagerlyTrimEGraph(ParentAM.EagerlyTrimEGraph)
{
AnaCtxMgr.getCFGBuildOptions().setAllAlwaysAdd();
}
void NumberObjectConversionChecker::checkASTCodeBody(const Decl *D,
AnalysisManager &AM,
BugReporter &BR) const {
// Currently this matches CoreFoundation opaque pointer typedefs.
auto CSuspiciousNumberObjectExprM =
expr(ignoringParenImpCasts(
expr(hasType(
typedefType(hasDeclaration(anyOf(
typedefDecl(hasName("CFNumberRef")),
typedefDecl(hasName("CFBooleanRef")))))))
.bind("c_object")));
// Currently this matches XNU kernel number-object pointers.
auto CppSuspiciousNumberObjectExprM =
expr(ignoringParenImpCasts(
expr(hasType(hasCanonicalType(
pointerType(pointee(hasCanonicalType(
recordType(hasDeclaration(
anyOf(
cxxRecordDecl(hasName("OSBoolean")),
cxxRecordDecl(hasName("OSNumber"))
.bind("osnumber"))))))))))
.bind("cpp_object")));
// Currently this matches NeXTSTEP number objects.
auto ObjCSuspiciousNumberObjectExprM =
expr(ignoringParenImpCasts(
expr(hasType(hasCanonicalType(
objcObjectPointerType(pointee(
qualType(hasCanonicalType(
qualType(hasDeclaration(
objcInterfaceDecl(hasName("NSNumber")))))))))))
.bind("objc_object")));
auto SuspiciousNumberObjectExprM = anyOf(
CSuspiciousNumberObjectExprM,
CppSuspiciousNumberObjectExprM,
ObjCSuspiciousNumberObjectExprM);
// Useful for predicates like "Unless we've seen the same object elsewhere".
auto AnotherSuspiciousNumberObjectExprM =
expr(anyOf(
equalsBoundNode("c_object"),
equalsBoundNode("objc_object"),
equalsBoundNode("cpp_object")));
// The .bind here is in order to compose the error message more accurately.
auto ObjCSuspiciousScalarBooleanTypeM =
qualType(typedefType(hasDeclaration(
typedefDecl(hasName("BOOL"))))).bind("objc_bool_type");
// The .bind here is in order to compose the error message more accurately.
auto SuspiciousScalarBooleanTypeM =
qualType(anyOf(qualType(booleanType()).bind("cpp_bool_type"),
ObjCSuspiciousScalarBooleanTypeM));
// The .bind here is in order to compose the error message more accurately.
// Also avoid intptr_t and uintptr_t because they were specifically created
// for storing pointers.
auto SuspiciousScalarNumberTypeM =
qualType(hasCanonicalType(isInteger()),
unless(typedefType(hasDeclaration(
typedefDecl(matchesName("^::u?intptr_t$"))))))
.bind("int_type");
auto SuspiciousScalarTypeM =
qualType(anyOf(SuspiciousScalarBooleanTypeM,
SuspiciousScalarNumberTypeM));
auto SuspiciousScalarExprM =
expr(ignoringParenImpCasts(expr(hasType(SuspiciousScalarTypeM))));
auto ConversionThroughAssignmentM =
binaryOperator(allOf(hasOperatorName("="),
hasLHS(SuspiciousScalarExprM),
hasRHS(SuspiciousNumberObjectExprM)));
auto ConversionThroughBranchingM =
ifStmt(allOf(
hasCondition(SuspiciousNumberObjectExprM),
unless(hasConditionVariableStatement(declStmt())
))).bind("pedantic");
auto ConversionThroughCallM =
callExpr(hasAnyArgument(allOf(hasType(SuspiciousScalarTypeM),
ignoringParenImpCasts(
SuspiciousNumberObjectExprM))));
// We bind "check_if_null" to modify the warning message
// in case it was intended to compare a pointer to 0 with a relatively-ok
// construct "x == 0" or "x != 0".
auto ConversionThroughEquivalenceM =
binaryOperator(allOf(anyOf(hasOperatorName("=="), hasOperatorName("!=")),
hasEitherOperand(SuspiciousNumberObjectExprM),
hasEitherOperand(SuspiciousScalarExprM
.bind("check_if_null"))))
.bind("comparison");
auto ConversionThroughComparisonM =
binaryOperator(allOf(anyOf(hasOperatorName(">="), hasOperatorName(">"),
hasOperatorName("<="), hasOperatorName("<")),
hasEitherOperand(SuspiciousNumberObjectExprM),
hasEitherOperand(SuspiciousScalarExprM)))
.bind("comparison");
auto ConversionThroughConditionalOperatorM =
conditionalOperator(allOf(
hasCondition(SuspiciousNumberObjectExprM),
unless(hasTrueExpression(
hasDescendant(AnotherSuspiciousNumberObjectExprM))),
unless(hasFalseExpression(
hasDescendant(AnotherSuspiciousNumberObjectExprM)))))
.bind("pedantic");
auto ConversionThroughExclamationMarkM =
unaryOperator(allOf(hasOperatorName("!"),
has(expr(SuspiciousNumberObjectExprM))))
.bind("pedantic");
auto ConversionThroughExplicitBooleanCastM =
explicitCastExpr(allOf(hasType(SuspiciousScalarBooleanTypeM),
has(expr(SuspiciousNumberObjectExprM))));
auto ConversionThroughExplicitNumberCastM =
explicitCastExpr(allOf(hasType(SuspiciousScalarNumberTypeM),
has(expr(SuspiciousNumberObjectExprM))));
auto ConversionThroughInitializerM =
declStmt(hasSingleDecl(
varDecl(hasType(SuspiciousScalarTypeM),
hasInitializer(SuspiciousNumberObjectExprM))));
auto FinalM = stmt(anyOf(ConversionThroughAssignmentM,
ConversionThroughBranchingM,
ConversionThroughCallM,
ConversionThroughComparisonM,
ConversionThroughConditionalOperatorM,
ConversionThroughEquivalenceM,
ConversionThroughExclamationMarkM,
ConversionThroughExplicitBooleanCastM,
ConversionThroughExplicitNumberCastM,
ConversionThroughInitializerM)).bind("conv");
MatchFinder F;
Callback CB(this, BR, AM.getAnalysisDeclContext(D));
F.addMatcher(stmt(forEachDescendant(FinalM)), &CB);
F.match(*D->getBody(), AM.getASTContext());
}
void ObjCSuperCallChecker::checkASTDecl(const ObjCImplementationDecl *D,
AnalysisManager &Mgr,
BugReporter &BR) const {
ASTContext &Ctx = BR.getContext();
if (!isUIViewControllerSubclass(Ctx, D))
return;
const char *SelectorNames[] =
{"addChildViewController", "viewDidAppear", "viewDidDisappear",
"viewWillAppear", "viewWillDisappear", "removeFromParentViewController",
"didReceiveMemoryWarning", "viewDidUnload", "viewWillUnload",
"viewDidLoad"};
const unsigned SelectorArgumentCounts[] =
{1, 1, 1, 1, 1, 0, 0, 0, 0, 0};
const size_t SelectorCount = llvm::array_lengthof(SelectorNames);
assert(llvm::array_lengthof(SelectorArgumentCounts) == SelectorCount);
// Fill the Selectors SmallSet with all selectors we want to check.
llvm::SmallSet<Selector, 16> Selectors;
for (size_t i = 0; i < SelectorCount; i++) {
unsigned ArgumentCount = SelectorArgumentCounts[i];
const char *SelectorCString = SelectorNames[i];
// Get the selector.
IdentifierInfo *II = &Ctx.Idents.get(SelectorCString);
Selectors.insert(Ctx.Selectors.getSelector(ArgumentCount, &II));
}
// Iterate over all instance methods.
for (ObjCImplementationDecl::instmeth_iterator I = D->instmeth_begin(),
E = D->instmeth_end();
I != E; ++I) {
Selector S = (*I)->getSelector();
// Find out whether this is a selector that we want to check.
if (!Selectors.count(S))
continue;
ObjCMethodDecl *MD = *I;
// Check if the method calls its superclass implementation.
if (MD->getBody())
{
FindSuperCallVisitor Visitor(S);
Visitor.TraverseDecl(MD);
// It doesn't call super, emit a diagnostic.
if (!Visitor.DoesCallSuper) {
PathDiagnosticLocation DLoc =
PathDiagnosticLocation::createEnd(MD->getBody(),
BR.getSourceManager(),
Mgr.getAnalysisDeclContext(D));
const char *Name = "Missing call to superclass";
SmallString<256> Buf;
llvm::raw_svector_ostream os(Buf);
os << "The '" << S.getAsString()
<< "' instance method in UIViewController subclass '" << *D
<< "' is missing a [super " << S.getAsString() << "] call";
BR.EmitBasicReport(MD, Name, categories::CoreFoundationObjectiveC,
os.str(), DLoc);
}
}
}
}
void CloneChecker::reportSuspiciousClones(
BugReporter &BR, AnalysisManager &Mgr,
std::vector<CloneDetector::CloneGroup> &CloneGroups) const {
std::vector<VariablePattern::SuspiciousClonePair> Pairs;
for (const CloneDetector::CloneGroup &Group : CloneGroups) {
for (unsigned i = 0; i < Group.size(); ++i) {
VariablePattern PatternA(Group[i]);
for (unsigned j = i + 1; j < Group.size(); ++j) {
VariablePattern PatternB(Group[j]);
VariablePattern::SuspiciousClonePair ClonePair;
// For now, we only report clones which break the variable pattern just
// once because multiple differences in a pattern are an indicator that
// those differences are maybe intended (e.g. because it's actually a
// different algorithm).
// FIXME: In very big clones even multiple variables can be unintended,
// so replacing this number with a percentage could better handle such
// cases. On the other hand it could increase the false-positive rate
// for all clones if the percentage is too high.
if (PatternA.countPatternDifferences(PatternB, &ClonePair) == 1) {
Pairs.push_back(ClonePair);
break;
}
}
}
}
if (!BT_Suspicious)
BT_Suspicious.reset(
new BugType(this, "Suspicious code clone", "Code clone"));
ASTContext &ACtx = BR.getContext();
SourceManager &SM = ACtx.getSourceManager();
AnalysisDeclContext *ADC =
Mgr.getAnalysisDeclContext(ACtx.getTranslationUnitDecl());
for (VariablePattern::SuspiciousClonePair &Pair : Pairs) {
// FIXME: We are ignoring the suggestions currently, because they are
// only 50% accurate (even if the second suggestion is unavailable),
// which may confuse the user.
// Think how to perform more accurate suggestions?
auto R = llvm::make_unique<BugReport>(
*BT_Suspicious,
"Potential copy-paste error; did you really mean to use '" +
Pair.FirstCloneInfo.Variable->getNameAsString() + "' here?",
PathDiagnosticLocation::createBegin(Pair.FirstCloneInfo.Mention, SM,
ADC));
R->addRange(Pair.FirstCloneInfo.Mention->getSourceRange());
R->addNote("Similar code using '" +
Pair.SecondCloneInfo.Variable->getNameAsString() + "' here",
PathDiagnosticLocation::createBegin(Pair.SecondCloneInfo.Mention,
SM, ADC),
Pair.SecondCloneInfo.Mention->getSourceRange());
BR.emitReport(std::move(R));
}
}
bool operator () (std::string A, std::string B) {AnalysisManager * a; return a->sorting(A,B); delete a;}
