[clang] [alpha.webkit.ForwardDeclChecker] Add a new WebKit checker for forward declarations (PR #130554)
Ryosuke Niwa via cfe-commits
cfe-commits at lists.llvm.org
Wed Mar 12 13:22:43 PDT 2025
================
@@ -0,0 +1,335 @@
+//=======- ForwardDeclChecker.cpp --------------------------------*- C++ -*-==//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "ASTUtils.h"
+#include "DiagOutputUtils.h"
+#include "PtrTypesSemantics.h"
+#include "clang/AST/CXXInheritance.h"
+#include "clang/AST/Decl.h"
+#include "clang/AST/DeclCXX.h"
+#include "clang/AST/RecursiveASTVisitor.h"
+#include "clang/Analysis/DomainSpecific/CocoaConventions.h"
+#include "clang/Basic/SourceLocation.h"
+#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
+#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
+#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
+#include "clang/StaticAnalyzer/Core/Checker.h"
+#include "llvm/ADT/DenseSet.h"
+#include "llvm/Support/SaveAndRestore.h"
+#include <optional>
+
+using namespace clang;
+using namespace ento;
+
+namespace {
+
+class ForwardDeclChecker : public Checker<check::ASTDecl<TranslationUnitDecl>> {
+ BugType Bug;
+ mutable BugReporter *BR;
+ mutable RetainTypeChecker RTC;
+ mutable llvm::DenseSet<const Type *> SystemTypes;
+
+public:
+ ForwardDeclChecker()
+ : Bug(this, "Forward declared member or local variable or parameter",
+ "WebKit coding guidelines") {}
+
+ void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &MGR,
+ BugReporter &BRArg) const {
+ BR = &BRArg;
+
+ // The calls to checkAST* from AnalysisConsumer don't
+ // visit template instantiations or lambda classes. We
+ // want to visit those, so we make our own RecursiveASTVisitor.
+ struct LocalVisitor : public RecursiveASTVisitor<LocalVisitor> {
+ using Base = RecursiveASTVisitor<LocalVisitor>;
+
+ const ForwardDeclChecker *Checker;
+ Decl *DeclWithIssue{nullptr};
+
+ explicit LocalVisitor(const ForwardDeclChecker *Checker)
+ : Checker(Checker) {
+ assert(Checker);
+ }
+
+ bool shouldVisitTemplateInstantiations() const { return true; }
+ bool shouldVisitImplicitCode() const { return false; }
+
+ bool VisitTypedefDecl(TypedefDecl *TD) {
+ Checker->visitTypedef(TD);
+ return true;
+ }
+
+ bool VisitRecordDecl(const RecordDecl *RD) {
+ Checker->visitRecordDecl(RD, DeclWithIssue);
+ return true;
+ }
+
+ bool TraverseDecl(Decl *D) {
+ llvm::SaveAndRestore SavedDecl(DeclWithIssue);
+ if (D && (isa<FunctionDecl>(D) || isa<ObjCMethodDecl>(D)))
+ DeclWithIssue = D;
+ return Base::TraverseDecl(D);
+ }
+
+ bool VisitVarDecl(VarDecl *V) {
+ if (V->isLocalVarDecl())
+ Checker->visitVarDecl(V, DeclWithIssue);
+ return true;
+ }
+
+ bool VisitCallExpr(const CallExpr *CE) {
+ Checker->visitCallExpr(CE, DeclWithIssue);
+ return true;
+ }
+
+ bool VisitCXXConstructExpr(const CXXConstructExpr *CE) {
+ Checker->visitConstructExpr(CE, DeclWithIssue);
+ return true;
+ }
+
+ bool VisitObjCMessageExpr(const ObjCMessageExpr *ObjCMsgExpr) {
+ Checker->visitObjCMessageExpr(ObjCMsgExpr, DeclWithIssue);
+ return true;
+ }
+ };
+
+ LocalVisitor visitor(this);
+ RTC.visitTranslationUnitDecl(TUD);
+ visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD));
+ }
+
+ void visitTypedef(const TypedefDecl *TD) const {
+ RTC.visitTypedef(TD);
+ auto QT = TD->getUnderlyingType().getCanonicalType();
+ if (BR->getSourceManager().isInSystemHeader(TD->getBeginLoc())) {
+ if (auto *Type = QT.getTypePtrOrNull(); Type && QT->isPointerType())
+ SystemTypes.insert(Type);
+ }
+ }
+
+ bool isUnknownType(QualType QT) const {
+ auto *Type = QT.getTypePtrOrNull();
+ if (!Type)
+ return false;
+ auto *CanonicalType = QT.getCanonicalType().getTypePtrOrNull();
+ auto PointeeQT = Type->getPointeeType();
+ auto *PointeeType = PointeeQT.getTypePtrOrNull();
+ if (!PointeeType)
+ return false;
+ auto *R = PointeeType->getAsCXXRecordDecl();
+ if (!R) // Forward declaration of a Objective-C interface is safe.
+ return false;
+ auto Name = R->getName();
+ return !R->hasDefinition() && !RTC.isUnretained(QT) &&
+ !SystemTypes.contains(CanonicalType) &&
+ !Name.starts_with("Opaque") && Name != "_NSZone";
+ }
+
+ void visitRecordDecl(const RecordDecl *RD, const Decl *DeclWithIssue) const {
+ if (!RD->isThisDeclarationADefinition())
+ return;
+
+ if (RD->isImplicit() || RD->isLambda())
+ return;
+
+ const auto RDLocation = RD->getLocation();
+ if (!RDLocation.isValid())
+ return;
+
+ const auto Kind = RD->getTagKind();
+ if (Kind != TagTypeKind::Struct && Kind != TagTypeKind::Class)
+ return;
+
+ if (BR->getSourceManager().isInSystemHeader(RDLocation))
+ return;
+
+ // Ref-counted smartpointers actually have raw-pointer to uncounted type as
+ // a member but we trust them to handle it correctly.
+ auto R = llvm::dyn_cast_or_null<CXXRecordDecl>(RD);
+ if (!R || isRefCounted(R) || isCheckedPtr(R) || isRetainPtr(R))
+ return;
+
+ for (auto *Member : RD->fields()) {
+ auto QT = Member->getType();
+ if (isUnknownType(QT)) {
+ SmallString<100> Buf;
+ llvm::raw_svector_ostream Os(Buf);
+
+ const std::string TypeName = QT.getAsString();
+ Os << "Member variable ";
+ printQuotedName(Os, Member);
+ Os << " uses a forward declared type '" << TypeName << "'";
+
+ const SourceLocation SrcLocToReport = Member->getBeginLoc();
+ PathDiagnosticLocation BSLoc(SrcLocToReport, BR->getSourceManager());
+ auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
+ Report->addRange(Member->getSourceRange());
+ Report->setDeclWithIssue(DeclWithIssue);
+ BR->emitReport(std::move(Report));
+ }
+ }
+ }
+
+ void visitVarDecl(const VarDecl *V, const Decl *DeclWithIssue) const {
+ if (BR->getSourceManager().isInSystemHeader(V->getBeginLoc()))
+ return;
+
+ auto QT = V->getType();
+ if (!isUnknownType(QT))
+ return;
+
+ SmallString<100> Buf;
+ llvm::raw_svector_ostream Os(Buf);
+
+ const std::string TypeName = QT.getAsString();
+ Os << "Local variable ";
+ printQuotedQualifiedName(Os, V);
+ Os << " uses a forward declared type '" << TypeName << "'";
+
+ const SourceLocation SrcLocToReport = V->getBeginLoc();
+ PathDiagnosticLocation BSLoc(SrcLocToReport, BR->getSourceManager());
+ auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
+ Report->addRange(V->getSourceRange());
+ Report->setDeclWithIssue(DeclWithIssue);
+ BR->emitReport(std::move(Report));
+ }
+
+ void visitCallExpr(const CallExpr *CE, const Decl *DeclWithIssue) const {
+ if (BR->getSourceManager().isInSystemHeader(CE->getExprLoc()))
+ return;
+
+ if (auto *F = CE->getDirectCallee()) {
+ // Skip the first argument for overloaded member operators (e. g. lambda
+ // or std::function call operator).
+ unsigned ArgIdx =
+ isa<CXXOperatorCallExpr>(CE) && isa_and_nonnull<CXXMethodDecl>(F);
+
+ for (auto P = F->param_begin();
+ P < F->param_end() && ArgIdx < CE->getNumArgs(); ++P, ++ArgIdx)
+ visitCallArg(CE->getArg(ArgIdx), *P, DeclWithIssue);
+ }
+ }
+
+ void visitConstructExpr(const CXXConstructExpr *CE,
+ const Decl *DeclWithIssue) const {
+ if (BR->getSourceManager().isInSystemHeader(CE->getExprLoc()))
+ return;
+
+ if (auto *F = CE->getConstructor()) {
+ // Skip the first argument for overloaded member operators (e. g. lambda
+ // or std::function call operator).
+ unsigned ArgIdx =
+ isa<CXXOperatorCallExpr>(CE) && isa_and_nonnull<CXXMethodDecl>(F);
+
+ for (auto P = F->param_begin();
+ P < F->param_end() && ArgIdx < CE->getNumArgs(); ++P, ++ArgIdx)
+ visitCallArg(CE->getArg(ArgIdx), *P, DeclWithIssue);
+ }
+ }
+
+ void visitObjCMessageExpr(const ObjCMessageExpr *E,
+ const Decl *DeclWithIssue) const {
+ if (BR->getSourceManager().isInSystemHeader(E->getExprLoc()))
+ return;
+
+ if (auto *Receiver = E->getInstanceReceiver()->IgnoreParenCasts()) {
+ if (isUnknownType(E->getReceiverType()))
+ reportUnknownRecieverType(Receiver, DeclWithIssue);
+ }
+
+ auto *MethodDecl = E->getMethodDecl();
+ if (!MethodDecl)
+ return;
+
+ auto ArgCount = E->getNumArgs();
+ for (unsigned i = 0; i < ArgCount && i < MethodDecl->param_size(); ++i)
+ visitCallArg(E->getArg(i), MethodDecl->getParamDecl(i), DeclWithIssue);
+ }
+
+ void visitCallArg(const Expr *Arg, const ParmVarDecl *Param,
+ const Decl *DeclWithIssue) const {
+ auto *ArgExpr = Arg->IgnoreParenCasts();
+ if (auto *InnerCE = dyn_cast<CallExpr>(Arg)) {
+ auto *InnerCallee = InnerCE->getDirectCallee();
+ if (InnerCallee && InnerCallee->isInStdNamespace() &&
+ safeGetName(InnerCallee) == "move" && InnerCE->getNumArgs() == 1) {
+ ArgExpr = InnerCE->getArg(0);
+ if (ArgExpr)
+ ArgExpr = ArgExpr->IgnoreParenCasts();
+ }
+ }
+ if (isa<CXXNullPtrLiteralExpr>(ArgExpr) || isa<IntegerLiteral>(ArgExpr) ||
+ isa<CXXDefaultArgExpr>(ArgExpr))
+ return;
+ if (auto *DRE = dyn_cast<DeclRefExpr>(ArgExpr)) {
+ if (auto *ValDecl = DRE->getDecl()) {
+ if (isa<ParmVarDecl>(ValDecl))
+ return;
+ }
+ }
+
+ QualType ArgType = Param->getType();
+ if (!isUnknownType(ArgType))
+ return;
+
+ reportUnknownArgType(Arg, Param, DeclWithIssue);
+ }
+
+ void reportUnknownArgType(const Expr *CallArg, const ParmVarDecl *Param,
+ const Decl *DeclWithIssue) const {
+ assert(CallArg);
+
+ SmallString<100> Buf;
+ llvm::raw_svector_ostream Os(Buf);
+
+ const std::string paramName = safeGetName(Param);
+ const std::string TypeName = Param->getType().getAsString();
+ Os << "Call argument";
+ if (!paramName.empty()) {
+ Os << " for parameter ";
+ printQuotedQualifiedName(Os, Param);
+ }
+ Os << " uses a forward declared type '" << TypeName << "'";
+
+ const SourceLocation SrcLocToReport = CallArg->getExprLoc();
+ PathDiagnosticLocation BSLoc(SrcLocToReport, BR->getSourceManager());
+ auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
+ Report->addRange(CallArg->getSourceRange());
+ Report->setDeclWithIssue(DeclWithIssue);
+ BR->emitReport(std::move(Report));
----------------
rniwa wrote:
Sure, done.
https://github.com/llvm/llvm-project/pull/130554
More information about the cfe-commits
mailing list