void StringLiteralWithEmbeddedNulCheck::registerMatchers(MatchFinder *Finder) {
// Match a string that contains embedded NUL character. Extra-checks are
// applied in |check| to find incorectly escaped characters.
Finder->addMatcher(stringLiteral(containsNul()).bind("strlit"), this);
// The remaining checks only apply to C++.
if (!getLangOpts().CPlusPlus)
return;
const auto StrLitWithNul =
ignoringParenImpCasts(stringLiteral(containsNul()).bind("truncated"));
// Match string constructor.
const auto StringConstructorExpr = expr(anyOf(
cxxConstructExpr(argumentCountIs(1),
hasDeclaration(cxxMethodDecl(hasName("basic_string")))),
// If present, the second argument is the alloc object which must not
// be present explicitly.
cxxConstructExpr(argumentCountIs(2),
hasDeclaration(cxxMethodDecl(hasName("basic_string"))),
hasArgument(1, cxxDefaultArgExpr()))));
// Detect passing a suspicious string literal to a string constructor.
// example: std::string str = "abc\0def";
Finder->addMatcher(
cxxConstructExpr(StringConstructorExpr, hasArgument(0, StrLitWithNul)),
this);
// Detect passing a suspicious string literal through an overloaded operator.
Finder->addMatcher(cxxOperatorCallExpr(hasAnyArgument(StrLitWithNul)), this);
}
void InaccurateEraseCheck::registerMatchers(MatchFinder *Finder) {
// Only register the matchers for C++; the functionality currently does not
// provide any benefit to other languages, despite being benign.
if (!getLangOpts().CPlusPlus)
return;
const auto EndCall =
callExpr(
callee(functionDecl(hasAnyName("remove", "remove_if", "unique"))),
hasArgument(
1,
anyOf(cxxConstructExpr(has(ignoringImplicit(
cxxMemberCallExpr(callee(cxxMethodDecl(hasName("end"))))
.bind("end")))),
anything())))
.bind("alg");
const auto DeclInStd = type(hasUnqualifiedDesugaredType(
tagType(hasDeclaration(decl(isInStdNamespace())))));
Finder->addMatcher(
cxxMemberCallExpr(
on(anyOf(hasType(DeclInStd), hasType(pointsTo(DeclInStd)))),
callee(cxxMethodDecl(hasName("erase"))), argumentCountIs(1),
hasArgument(0, has(ignoringImplicit(
anyOf(EndCall, has(ignoringImplicit(EndCall)))))),
unless(isInTemplateInstantiation()))
.bind("erase"),
this);
}
void InaccurateEraseCheck::registerMatchers(MatchFinder *Finder) {
// Only register the matchers for C++; the functionality currently does not
// provide any benefit to other languages, despite being benign.
if (!getLangOpts().CPlusPlus)
return;
const auto CheckForEndCall = hasArgument(
1, anyOf(cxxConstructExpr(has(ignoringParenImpCasts(
cxxMemberCallExpr(callee(cxxMethodDecl(hasName("end"))))
.bind("InaccEndCall")))),
anything()));
Finder->addMatcher(
cxxMemberCallExpr(
on(hasType(namedDecl(matchesName("^::std::")))),
callee(cxxMethodDecl(hasName("erase"))), argumentCountIs(1),
hasArgument(0, has(ignoringParenImpCasts(
callExpr(callee(functionDecl(matchesName(
"^::std::(remove(_if)?|unique)$"))),
CheckForEndCall)
.bind("InaccAlgCall")))),
unless(isInTemplateInstantiation()))
.bind("InaccErase"),
this);
}
void StrCatAppendCheck::registerMatchers(MatchFinder *Finder) {
if (!getLangOpts().CPlusPlus)
return;
const auto StrCat = functionDecl(hasName("::absl::StrCat"));
// The arguments of absl::StrCat are implicitly converted to AlphaNum. This
// matches to the arguments because of that behavior.
const auto AlphaNum = IgnoringTemporaries(cxxConstructExpr(
argumentCountIs(1), hasType(cxxRecordDecl(hasName("::absl::AlphaNum"))),
hasArgument(0, ignoringImpCasts(declRefExpr(to(equalsBoundNode("LHS")),
expr().bind("Arg0"))))));
const auto HasAnotherReferenceToLhs =
callExpr(hasAnyArgument(expr(hasDescendant(declRefExpr(
to(equalsBoundNode("LHS")), unless(equalsBoundNode("Arg0")))))));
// Now look for calls to operator= with an object on the LHS and a call to
// StrCat on the RHS. The first argument of the StrCat call should be the same
// as the LHS. Ignore calls from template instantiations.
Finder->addMatcher(
cxxOperatorCallExpr(
unless(isInTemplateInstantiation()), hasOverloadedOperatorName("="),
hasArgument(0, declRefExpr(to(decl().bind("LHS")))),
hasArgument(1, IgnoringTemporaries(
callExpr(callee(StrCat), hasArgument(0, AlphaNum),
unless(HasAnotherReferenceToLhs))
.bind("Call"))))
.bind("Op"),
this);
}
void RefCountedCopyConstructorChecker::registerMatchers(MatchFinder* AstMatcher) {
AstMatcher->addMatcher(
cxxConstructExpr(
hasDeclaration(cxxConstructorDecl(isCompilerProvidedCopyConstructor(),
ofClass(hasRefCntMember()))))
.bind("node"),
this);
}
void PassByValueCheck::registerMatchers(MatchFinder *Finder) {
// Only register the matchers for C++; the functionality currently does not
// provide any benefit to other languages, despite being benign.
if (!getLangOpts().CPlusPlus)
return;
Finder->addMatcher(
cxxConstructorDecl(
forEachConstructorInitializer(
cxxCtorInitializer(
// Clang builds a CXXConstructExpr only whin it knows which
// constructor will be called. In dependent contexts a
// ParenListExpr is generated instead of a CXXConstructExpr,
// filtering out templates automatically for us.
withInitializer(cxxConstructExpr(
has(ignoringParenImpCasts(declRefExpr(to(
parmVarDecl(
hasType(qualType(
// Match only const-ref or a non-const value
// parameters. Rvalues and const-values
// shouldn't be modified.
anyOf(constRefType(), nonConstValueType()))))
.bind("Param"))))),
hasDeclaration(cxxConstructorDecl(
isCopyConstructor(), unless(isDeleted()),
hasDeclContext(
cxxRecordDecl(isMoveConstructible())))))))
.bind("Initializer")))
.bind("Ctor"),
this);
}
void MakeSmartPtrCheck::registerMatchers(ast_matchers::MatchFinder *Finder) {
if (!isLanguageVersionSupported(getLangOpts()))
return;
// Calling make_smart_ptr from within a member function of a type with a
// private or protected constructor would be ill-formed.
auto CanCallCtor = unless(has(ignoringImpCasts(
cxxConstructExpr(hasDeclaration(decl(unless(isPublic())))))));
Finder->addMatcher(
cxxBindTemporaryExpr(has(ignoringParenImpCasts(
cxxConstructExpr(
hasType(getSmartPointerTypeMatcher()), argumentCountIs(1),
hasArgument(0,
cxxNewExpr(hasType(pointsTo(qualType(hasCanonicalType(
equalsBoundNode(PointerType))))),
CanCallCtor)
.bind(NewExpression)),
unless(isInTemplateInstantiation()))
.bind(ConstructorCall)))),
this);
Finder->addMatcher(
cxxMemberCallExpr(
thisPointerType(getSmartPointerTypeMatcher()),
callee(cxxMethodDecl(hasName("reset"))),
hasArgument(0, cxxNewExpr(CanCallCtor).bind(NewExpression)),
unless(isInTemplateInstantiation()))
.bind(ResetCall),
this);
}
void ShrinkToFitCheck::registerMatchers(MatchFinder *Finder) {
// Swap as a function need not to be considered, because rvalue can not
// be bound to a non-const reference.
const auto ShrinkableAsMember =
memberExpr(member(valueDecl().bind("ContainerDecl")));
const auto ShrinkableAsDecl =
declRefExpr(hasDeclaration(valueDecl().bind("ContainerDecl")));
const auto CopyCtorCall = cxxConstructExpr(
hasArgument(0, anyOf(ShrinkableAsMember, ShrinkableAsDecl,
unaryOperator(has(ShrinkableAsMember)),
unaryOperator(has(ShrinkableAsDecl)))));
const auto SwapParam = expr(anyOf(
memberExpr(member(equalsBoundNode("ContainerDecl"))),
declRefExpr(hasDeclaration(equalsBoundNode("ContainerDecl"))),
unaryOperator(has(memberExpr(member(equalsBoundNode("ContainerDecl"))))),
unaryOperator(
has(declRefExpr(hasDeclaration(equalsBoundNode("ContainerDecl")))))));
Finder->addMatcher(
cxxMemberCallExpr(on(hasType(namedDecl(stlShrinkableContainer()))),
callee(cxxMethodDecl(hasName("swap"))),
has(memberExpr(hasDescendant(CopyCtorCall))),
hasArgument(0, SwapParam.bind("ContainerToShrink")),
unless(isInTemplateInstantiation()))
.bind("CopyAndSwapTrick"),
this);
}
/// \brief Creates a matcher that finds the \c std::auto_ptr copy-ctor and
/// assign-operator expressions.
///
/// \c AutoPtrOwnershipTransferId is assigned to the argument of the expression,
/// this is the part that has to be wrapped by \c std::move().
///
/// \code
/// std::auto_ptr<int> i, j;
/// i = j;
/// ~~~~^
/// \endcode
StatementMatcher makeTransferOwnershipExprMatcher() {
return anyOf(
cxxOperatorCallExpr(allOf(hasOverloadedOperatorName("="),
callee(cxxMethodDecl(ofClass(AutoPtrDecl))),
hasArgument(1, MovableArgumentMatcher))),
cxxConstructExpr(allOf(hasType(AutoPtrType), argumentCountIs(1),
hasArgument(0, MovableArgumentMatcher))));
}
void MoveConstructorInitCheck::registerMatchers(MatchFinder *Finder) {
// Only register the matchers for C++11; the functionality currently does not
// provide any benefit to other languages, despite being benign.
if (!getLangOpts().CPlusPlus11)
return;
Finder->addMatcher(
cxxConstructorDecl(
unless(isImplicit()),
allOf(isMoveConstructor(),
hasAnyConstructorInitializer(
cxxCtorInitializer(
withInitializer(cxxConstructExpr(hasDeclaration(
cxxConstructorDecl(isCopyConstructor())
.bind("ctor")))))
.bind("move-init")))),
this);
auto NonConstValueMovableAndExpensiveToCopy =
qualType(allOf(unless(pointerType()), unless(isConstQualified()),
hasDeclaration(cxxRecordDecl(hasMethod(cxxConstructorDecl(
isMoveConstructor(), unless(isDeleted()))))),
matchers::isExpensiveToCopy()));
// This checker is also used to implement cert-oop11-cpp, but when using that
// form of the checker, we do not want to diagnose movable parameters.
if (!UseCERTSemantics) {
Finder->addMatcher(
cxxConstructorDecl(
allOf(
unless(isMoveConstructor()),
hasAnyConstructorInitializer(withInitializer(cxxConstructExpr(
hasDeclaration(cxxConstructorDecl(isCopyConstructor())),
hasArgument(
0,
declRefExpr(
to(parmVarDecl(
hasType(
NonConstValueMovableAndExpensiveToCopy))
.bind("movable-param")))
.bind("init-arg")))))))
.bind("ctor-decl"),
this);
}
}
void ThrownExceptionTypeCheck::registerMatchers(MatchFinder *Finder) {
if (!getLangOpts().CPlusPlus)
return;
Finder->addMatcher(
cxxThrowExpr(has(ignoringParenImpCasts(
cxxConstructExpr(hasDeclaration(cxxConstructorDecl(
isCopyConstructor(), unless(isNoThrow()))))
.bind("expr")))),
this);
}
void UseEmplaceCheck::registerMatchers(MatchFinder *Finder) {
if (!getLangOpts().CPlusPlus11)
return;
// FIXME: Bunch of functionality that could be easily added:
// + add handling of `push_front` for std::forward_list, std::list
// and std::deque.
// + add handling of `push` for std::stack, std::queue, std::priority_queue
// + add handling of `insert` for stl associative container, but be careful
// because this requires special treatment (it could cause performance
// regression)
// + match for emplace calls that should be replaced with insertion
// + match for make_pair calls.
auto callPushBack = cxxMemberCallExpr(
hasDeclaration(functionDecl(hasName("push_back"))),
on(hasType(cxxRecordDecl(hasAnyName("std::vector", "llvm::SmallVector",
"std::list", "std::deque")))));
// We can't replace push_backs of smart pointer because
// if emplacement fails (f.e. bad_alloc in vector) we will have leak of
// passed pointer because smart pointer won't be constructed
// (and destructed) as in push_back case.
auto isCtorOfSmartPtr = hasDeclaration(cxxConstructorDecl(
ofClass(hasAnyName("std::shared_ptr", "std::unique_ptr", "std::auto_ptr",
"std::weak_ptr"))));
// Bitfields binds only to consts and emplace_back take it by universal ref.
auto bitFieldAsArgument = hasAnyArgument(ignoringParenImpCasts(
memberExpr(hasDeclaration(fieldDecl(matchers::isBitfield())))));
// We could have leak of resource.
auto newExprAsArgument = hasAnyArgument(ignoringParenImpCasts(cxxNewExpr()));
auto constructingDerived =
hasParent(implicitCastExpr(hasCastKind(CastKind::CK_DerivedToBase)));
auto hasInitList = has(ignoringParenImpCasts(initListExpr()));
auto soughtConstructExpr =
cxxConstructExpr(
unless(anyOf(isCtorOfSmartPtr, hasInitList, bitFieldAsArgument,
newExprAsArgument, constructingDerived,
has(materializeTemporaryExpr(hasInitList)))))
.bind("ctor");
auto hasConstructExpr = has(ignoringParenImpCasts(soughtConstructExpr));
auto ctorAsArgument = materializeTemporaryExpr(
anyOf(hasConstructExpr, has(cxxFunctionalCastExpr(hasConstructExpr))));
Finder->addMatcher(
cxxMemberCallExpr(callPushBack, has(ctorAsArgument)).bind("call"), this);
}
void ReplaceAutoPtrCheck::registerMatchers(MatchFinder *Finder) {
// Only register the matchers for C++; the functionality currently does not
// provide any benefit to other languages, despite being benign.
if (!getLangOpts().CPlusPlus)
return;
auto AutoPtrDecl = recordDecl(hasName("auto_ptr"), isFromStdNamespace());
auto AutoPtrType = qualType(hasDeclaration(AutoPtrDecl));
// std::auto_ptr<int> a;
// ^~~~~~~~~~~~~
//
// typedef std::auto_ptr<int> int_ptr_t;
// ^~~~~~~~~~~~~
//
// std::auto_ptr<int> fn(std::auto_ptr<int>);
// ^~~~~~~~~~~~~ ^~~~~~~~~~~~~
Finder->addMatcher(typeLoc(loc(qualType(AutoPtrType,
// Skip elaboratedType() as the named
// type will match soon thereafter.
unless(elaboratedType()))))
.bind(AutoPtrTokenId),
this);
// using std::auto_ptr;
// ^~~~~~~~~~~~~~~~~~~
Finder->addMatcher(usingDecl(hasAnyUsingShadowDecl(hasTargetDecl(allOf(
hasName("auto_ptr"), isFromStdNamespace()))))
.bind(AutoPtrTokenId),
this);
// Find ownership transfers via copy construction and assignment.
// AutoPtrOwnershipTransferId is bound to the the part that has to be wrapped
// into std::move().
// std::auto_ptr<int> i, j;
// i = j;
// ~~~~^
auto MovableArgumentMatcher =
expr(isLValue(), hasType(AutoPtrType)).bind(AutoPtrOwnershipTransferId);
Finder->addMatcher(
cxxOperatorCallExpr(hasOverloadedOperatorName("="),
callee(cxxMethodDecl(ofClass(AutoPtrDecl))),
hasArgument(1, MovableArgumentMatcher)),
this);
Finder->addMatcher(cxxConstructExpr(hasType(AutoPtrType), argumentCountIs(1),
hasArgument(0, MovableArgumentMatcher)),
this);
}
void ReturnBracedInitListCheck::registerMatchers(MatchFinder *Finder) {
// Only register the matchers for C++.
if (!getLangOpts().CPlusPlus11)
return;
// Skip list initialization and constructors with an initializer list.
auto ConstructExpr =
cxxConstructExpr(
unless(anyOf(hasDeclaration(cxxConstructorDecl(isExplicit())),
isListInitialization(), hasDescendant(initListExpr()),
isInTemplateInstantiation())))
.bind("ctor");
auto CtorAsArgument = materializeTemporaryExpr(anyOf(
has(ConstructExpr), has(cxxFunctionalCastExpr(has(ConstructExpr)))));
Finder->addMatcher(
functionDecl(isDefinition(), // Declarations don't have return statements.
returns(unless(anyOf(builtinType(), autoType()))),
hasDescendant(returnStmt(hasReturnValue(
has(cxxConstructExpr(has(CtorAsArgument)))))))
.bind("fn"),
this);
}
void SlicingCheck::registerMatchers(MatchFinder *Finder) {
// When we see:
// class B : public A { ... };
// A a;
// B b;
// a = b;
// The assignment is OK if:
// - the assignment operator is defined as taking a B as second parameter,
// or
// - B does not define any additional members (either variables or
// overrides) wrt A.
//
// The same holds for copy ctor calls. This also captures stuff like:
// void f(A a);
// f(b);
// Helpers.
const auto OfBaseClass = ofClass(cxxRecordDecl().bind("BaseDecl"));
const auto IsDerivedFromBaseDecl =
cxxRecordDecl(isDerivedFrom(equalsBoundNode("BaseDecl")))
.bind("DerivedDecl");
const auto HasTypeDerivedFromBaseDecl =
anyOf(hasType(IsDerivedFromBaseDecl),
hasType(references(IsDerivedFromBaseDecl)));
const auto IsWithinDerivedCtor =
hasParent(cxxConstructorDecl(ofClass(equalsBoundNode("DerivedDecl"))));
// Assignement slicing: "a = b;" and "a = std::move(b);" variants.
const auto SlicesObjectInAssignment =
callExpr(callee(cxxMethodDecl(anyOf(isCopyAssignmentOperator(),
isMoveAssignmentOperator()),
OfBaseClass)),
hasArgument(1, HasTypeDerivedFromBaseDecl));
// Construction slicing: "A a{b};" and "f(b);" variants. Note that in case of
// slicing the letter will create a temporary and therefore call a ctor.
const auto SlicesObjectInCtor = cxxConstructExpr(
hasDeclaration(cxxConstructorDecl(
anyOf(isCopyConstructor(), isMoveConstructor()), OfBaseClass)),
hasArgument(0, HasTypeDerivedFromBaseDecl),
// We need to disable matching on the call to the base copy/move
// constructor in DerivedDecl's constructors.
unless(IsWithinDerivedCtor));
Finder->addMatcher(
expr(anyOf(SlicesObjectInAssignment, SlicesObjectInCtor)).bind("Call"),
this);
}
void MoveConstArgCheck::registerMatchers(MatchFinder *Finder) {
if (!getLangOpts().CPlusPlus)
return;
auto MoveCallMatcher =
callExpr(callee(functionDecl(hasName("::std::move"))), argumentCountIs(1),
unless(isInTemplateInstantiation()))
.bind("call-move");
Finder->addMatcher(MoveCallMatcher, this);
auto ConstParamMatcher = forEachArgumentWithParam(
MoveCallMatcher, parmVarDecl(hasType(references(isConstQualified()))));
Finder->addMatcher(callExpr(ConstParamMatcher).bind("receiving-expr"), this);
Finder->addMatcher(cxxConstructExpr(ConstParamMatcher).bind("receiving-expr"),
this);
}
void ProperlySeededRandomGeneratorCheck::registerMatchers(MatchFinder *Finder) {
auto RandomGeneratorEngineDecl = cxxRecordDecl(hasAnyName(
"::std::linear_congruential_engine", "::std::mersenne_twister_engine",
"::std::subtract_with_carry_engine", "::std::discard_block_engine",
"::std::independent_bits_engine", "::std::shuffle_order_engine"));
auto RandomGeneratorEngineTypeMatcher = hasType(hasUnqualifiedDesugaredType(
recordType(hasDeclaration(RandomGeneratorEngineDecl))));
// std::mt19937 engine;
// engine.seed();
// ^
// engine.seed(1);
// ^
// const int x = 1;
// engine.seed(x);
// ^
Finder->addMatcher(
cxxMemberCallExpr(
has(memberExpr(has(declRefExpr(RandomGeneratorEngineTypeMatcher)),
member(hasName("seed")),
unless(hasDescendant(cxxThisExpr())))))
.bind("seed"),
this);
// std::mt19937 engine;
// ^
// std::mt19937 engine(1);
// ^
// const int x = 1;
// std::mt19937 engine(x);
// ^
Finder->addMatcher(
cxxConstructExpr(RandomGeneratorEngineTypeMatcher).bind("ctor"), this);
// srand();
// ^
// const int x = 1;
// srand(x);
// ^
Finder->addMatcher(
callExpr(callee(functionDecl(hasAnyName("::srand", "::std::srand"))))
.bind("srand"),
this);
}
void RedundantMemberInitCheck::registerMatchers(MatchFinder *Finder) {
auto Construct =
cxxConstructExpr(
hasDeclaration(cxxConstructorDecl(hasParent(
cxxRecordDecl(unless(isTriviallyDefaultConstructible()))))))
.bind("construct");
Finder->addMatcher(
cxxConstructorDecl(
unless(isDelegatingConstructor()),
ofClass(unless(
anyOf(isUnion(), ast_matchers::isTemplateInstantiation()))),
forEachConstructorInitializer(
cxxCtorInitializer(isWritten(),
withInitializer(ignoringImplicit(Construct)),
unless(forField(hasType(isConstQualified()))))
.bind("init"))),
this);
}
void StaticObjectExceptionCheck::registerMatchers(MatchFinder *Finder) {
if ((!getLangOpts().CPlusPlus) || (!getLangOpts().CXXExceptions))
return;
// Match any static or thread_local variable declaration that has an
// initializer that can throw.
Finder->addMatcher(
varDecl(anyOf(hasThreadStorageDuration(), hasStaticStorageDuration()),
unless(anyOf(isConstexpr(), hasType(cxxRecordDecl(isLambda())),
hasAncestor(functionDecl()))),
anyOf(hasDescendant(cxxConstructExpr(hasDeclaration(
cxxConstructorDecl(unless(isNoThrow())).bind("func")))),
hasDescendant(cxxNewExpr(hasDeclaration(
functionDecl(unless(isNoThrow())).bind("func")))),
hasDescendant(callExpr(hasDeclaration(
functionDecl(unless(isNoThrow())).bind("func"))))))
.bind("var"),
this);
}
void NonConstParameterCheck::registerMatchers(MatchFinder *Finder) {
// Add parameters to Parameters.
Finder->addMatcher(parmVarDecl(unless(isInstantiated())).bind("Parm"), this);
// C++ constructor.
Finder->addMatcher(cxxConstructorDecl().bind("Ctor"), this);
// Track unused parameters, there is Wunused-parameter about unused
// parameters.
Finder->addMatcher(declRefExpr().bind("Ref"), this);
// Analyse parameter usage in function.
Finder->addMatcher(stmt(anyOf(unaryOperator(anyOf(hasOperatorName("++"),
hasOperatorName("--"))),
binaryOperator(), callExpr(), returnStmt(),
cxxConstructExpr()))
.bind("Mark"),
this);
Finder->addMatcher(varDecl(hasInitializer(anything())).bind("Mark"), this);
}
void StaticallyConstructedObjectsCheck::registerMatchers(MatchFinder *Finder) {
// Constructing global, non-trivial objects with static storage is
// disallowed, unless the object is statically initialized with a constexpr
// constructor or has no explicit constructor.
// Constexpr requires C++11 or later.
if (!getLangOpts().CPlusPlus11)
return;
Finder->addMatcher(varDecl(
// Match global, statically stored objects...
isGlobalStatic(),
// ... that have C++ constructors...
hasDescendant(cxxConstructExpr(unless(allOf(
// ... unless it is constexpr ...
hasDeclaration(cxxConstructorDecl(isConstexpr())),
// ... and is statically initialized.
isConstantInitializer())))))
.bind("decl"),
this);
}
void UndelegatedConstructorCheck::registerMatchers(MatchFinder *Finder) {
// We look for calls to constructors of the same type in constructors. To do
// this we have to look through a variety of nodes that occur in the path,
// depending on the type's destructor and the number of arguments on the
// constructor call, this is handled by ignoringTemporaryExpr. Ignore template
// instantiations to reduce the number of duplicated warnings.
//
// Only register the matchers for C++11; the functionality currently does not
// provide any benefit to other languages, despite being benign.
if (!getLangOpts().CPlusPlus11)
return;
Finder->addMatcher(
compoundStmt(
hasParent(
cxxConstructorDecl(ofClass(cxxRecordDecl().bind("parent")))),
forEach(ignoringTemporaryExpr(
cxxConstructExpr(hasDeclaration(cxxConstructorDecl(ofClass(
cxxRecordDecl(baseOfBoundNode("parent"))))))
.bind("construct"))),
unless(isInTemplateInstantiation())),
this);
}
void UseEmplaceCheck::registerMatchers(MatchFinder *Finder) {
if (!getLangOpts().CPlusPlus11)
return;
// FIXME: Bunch of functionality that could be easily added:
// + add handling of `push_front` for std::forward_list, std::list
// and std::deque.
// + add handling of `push` for std::stack, std::queue, std::priority_queue
// + add handling of `insert` for stl associative container, but be careful
// because this requires special treatment (it could cause performance
// regression)
// + match for emplace calls that should be replaced with insertion
// + match for make_pair calls.
auto callPushBack = cxxMemberCallExpr(
hasDeclaration(functionDecl(hasName("push_back"))),
on(hasType(cxxRecordDecl(hasAnyName(SmallVector<StringRef, 5>(
ContainersWithPushBack.begin(), ContainersWithPushBack.end()))))));
// We can't replace push_backs of smart pointer because
// if emplacement fails (f.e. bad_alloc in vector) we will have leak of
// passed pointer because smart pointer won't be constructed
// (and destructed) as in push_back case.
auto isCtorOfSmartPtr = hasDeclaration(cxxConstructorDecl(ofClass(hasAnyName(
SmallVector<StringRef, 5>(SmartPointers.begin(), SmartPointers.end())))));
// Bitfields binds only to consts and emplace_back take it by universal ref.
auto bitFieldAsArgument = hasAnyArgument(
ignoringImplicit(memberExpr(hasDeclaration(fieldDecl(isBitField())))));
// Initializer list can't be passed to universal reference.
auto initializerListAsArgument = hasAnyArgument(
ignoringImplicit(cxxConstructExpr(isListInitialization())));
// We could have leak of resource.
auto newExprAsArgument = hasAnyArgument(ignoringImplicit(cxxNewExpr()));
// We would call another constructor.
auto constructingDerived =
hasParent(implicitCastExpr(hasCastKind(CastKind::CK_DerivedToBase)));
// emplace_back can't access private constructor.
auto isPrivateCtor = hasDeclaration(cxxConstructorDecl(isPrivate()));
auto hasInitList = has(ignoringImplicit(initListExpr()));
// FIXME: Discard 0/NULL (as nullptr), static inline const data members,
// overloaded functions and template names.
auto soughtConstructExpr =
cxxConstructExpr(
unless(anyOf(isCtorOfSmartPtr, hasInitList, bitFieldAsArgument,
initializerListAsArgument, newExprAsArgument,
constructingDerived, isPrivateCtor)))
.bind("ctor");
auto hasConstructExpr = has(ignoringImplicit(soughtConstructExpr));
auto ctorAsArgument = materializeTemporaryExpr(
anyOf(hasConstructExpr, has(cxxFunctionalCastExpr(hasConstructExpr))));
Finder->addMatcher(cxxMemberCallExpr(callPushBack, has(ctorAsArgument),
unless(isInTemplateInstantiation()))
.bind("call"),
this);
}
void CanRunScriptChecker::registerMatchers(MatchFinder *AstMatcher) {
auto InvalidArg =
// We want to find any expression,
ignoreTrivials(expr(
// which has a refcounted pointer type,
hasType(pointerType(
pointee(hasDeclaration(cxxRecordDecl(isRefCounted()))))),
// and which is not this,
unless(cxxThisExpr()),
// and which is not a method call on a smart ptr,
unless(cxxMemberCallExpr(on(hasType(isSmartPtrToRefCounted())))),
// and which is not a parameter of the parent function,
unless(declRefExpr(to(parmVarDecl()))),
// and which is not a MOZ_KnownLive wrapped value.
unless(callExpr(callee(functionDecl(hasName("MOZ_KnownLive"))))),
expr().bind("invalidArg")));
auto OptionalInvalidExplicitArg = anyOf(
// We want to find any argument which is invalid.
hasAnyArgument(InvalidArg),
// This makes this matcher optional.
anything());
// Please not that the hasCanRunScriptAnnotation() matchers are not present
// directly in the cxxMemberCallExpr, callExpr and constructExpr matchers
// because we check that the corresponding functions can run script later in
// the checker code.
AstMatcher->addMatcher(
expr(
anyOf(
// We want to match a method call expression,
cxxMemberCallExpr(
// which optionally has an invalid arg,
OptionalInvalidExplicitArg,
// or which optionally has an invalid implicit this argument,
anyOf(
// which derefs into an invalid arg,
on(cxxOperatorCallExpr(
anyOf(hasAnyArgument(InvalidArg), anything()))),
// or is an invalid arg.
on(InvalidArg),
anything()),
expr().bind("callExpr")),
// or a regular call expression,
callExpr(
// which optionally has an invalid arg.
OptionalInvalidExplicitArg, expr().bind("callExpr")),
// or a construct expression,
cxxConstructExpr(
// which optionally has an invalid arg.
OptionalInvalidExplicitArg, expr().bind("constructExpr"))),
anyOf(
// We want to match the parent function.
forFunction(functionDecl().bind("nonCanRunScriptParentFunction")),
// ... optionally.
anything())),
this);
}
void DanglingOnTemporaryChecker::registerMatchers(MatchFinder *AstMatcher) {
////////////////////////////////////////
// Quick annotation conflict checkers //
////////////////////////////////////////
AstMatcher->addMatcher(
// This is a matcher on a method declaration,
cxxMethodDecl(
// which is marked as no dangling on temporaries,
noDanglingOnTemporaries(),
// and which is && ref-qualified.
isRValueRefQualified(),
decl().bind("invalidMethodRefQualified")),
this);
AstMatcher->addMatcher(
// This is a matcher on a method declaration,
cxxMethodDecl(
// which is marked as no dangling on temporaries,
noDanglingOnTemporaries(),
// which returns a primitive type,
returns(builtinType()),
// and which doesn't return a pointer.
unless(returns(pointerType())),
decl().bind("invalidMethodPointer")),
this);
//////////////////
// Main checker //
//////////////////
auto hasParentCall =
hasParent(expr(anyOf(
cxxOperatorCallExpr(
// If we're in a lamda, we may have an operator call expression
// ancestor in the AST, but the temporary we're matching
// against is not going to have the same lifetime as the
// constructor call.
unless(has(expr(ignoreTrivials(lambdaExpr())))),
expr().bind("parentOperatorCallExpr")),
callExpr(
// If we're in a lamda, we may have a call expression
// ancestor in the AST, but the temporary we're matching
// against is not going to have the same lifetime as the
// function call.
unless(has(expr(ignoreTrivials(lambdaExpr())))),
expr().bind("parentCallExpr")),
objcMessageExpr(
// If we're in a lamda, we may have an objc message expression
// ancestor in the AST, but the temporary we're matching
// against is not going to have the same lifetime as the
// function call.
unless(has(expr(ignoreTrivials(lambdaExpr())))),
expr().bind("parentObjCMessageExpr")),
cxxConstructExpr(
// If we're in a lamda, we may have a construct expression
// ancestor in the AST, but the temporary we're matching
// against is not going to have the same lifetime as the
// constructor call.
unless(has(expr(ignoreTrivials(lambdaExpr())))),
expr().bind("parentConstructExpr")))));
AstMatcher->addMatcher(
// This is a matcher on a method call,
cxxMemberCallExpr(
// which is in first party code,
isFirstParty(),
// and which is performed on a temporary,
on(allOf(
unless(hasType(pointerType())),
isTemporary(),
// but which is not `this`.
unless(cxxThisExpr()))),
// and which is marked as no dangling on temporaries.
callee(cxxMethodDecl(noDanglingOnTemporaries())),
expr().bind("memberCallExpr"),
// We optionally match a parent call expression or a parent construct
// expression because using a temporary inside a call is fine as long
// as the pointer doesn't escape the function call.
anyOf(
// This is the case where the call is the direct parent, so we
// know that the member call expression is the argument.
allOf(hasParentCall, expr().bind("parentCallArg")),
// This is the case where the call is not the direct parent, so we
// get its child to know in which argument tree we are.
hasAncestor(expr(
hasParentCall,
expr().bind("parentCallArg"))),
// To make it optional.
anything())),
this);
}
