| // Copyright 2022 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| #include "FindBadRawPtrPatterns.h" |
| |
| #include <memory> |
| |
| #include "RawPtrHelpers.h" |
| #include "RawPtrManualPathsToIgnore.h" |
| #include "SeparateRepositoryPaths.h" |
| #include "StackAllocatedChecker.h" |
| #include "TypePredicateUtil.h" |
| #include "Util.h" |
| #include "clang/AST/AST.h" |
| #include "clang/AST/ASTConsumer.h" |
| #include "clang/AST/Attr.h" |
| #include "clang/AST/CXXInheritance.h" |
| #include "clang/AST/TypeLoc.h" |
| #include "clang/ASTMatchers/ASTMatchFinder.h" |
| #include "clang/ASTMatchers/ASTMatchers.h" |
| #include "clang/Basic/SourceLocation.h" |
| #include "clang/Basic/SourceManager.h" |
| #include "llvm/Support/TimeProfiler.h" |
| |
| using namespace clang; |
| using namespace clang::ast_matchers; |
| |
| namespace raw_ptr_plugin { |
| |
| constexpr char kBadCastDiagnostic[] = |
| "[chromium-style] casting '%0' to '%1 is not allowed."; |
| constexpr char kBadCastDiagnosticNoteExplanation[] = |
| "[chromium-style] '%0' manages BackupRefPtr refcounts; bypassing its C++ " |
| "interface or treating it as a POD will lead to memory safety errors."; |
| constexpr char kBadCastDiagnosticNoteType[] = |
| "[chromium-style] '%0' manages BackupRefPtr or its container here."; |
| |
| class BadCastMatcher : public MatchFinder::MatchCallback { |
| public: |
| explicit BadCastMatcher(clang::CompilerInstance& compiler, |
| const FilterFile& exclude_files, |
| const FilterFile& exclude_functions) |
| : compiler_(compiler), |
| exclude_files_(exclude_files), |
| exclude_functions_(exclude_functions) { |
| error_bad_cast_signature_ = compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Error, kBadCastDiagnostic); |
| note_bad_cast_signature_explanation_ = |
| compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Note, kBadCastDiagnosticNoteExplanation); |
| note_bad_cast_signature_type_ = compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Note, kBadCastDiagnosticNoteType); |
| } |
| |
| void Register(MatchFinder& match_finder) { |
| auto cast_matcher = BadRawPtrCastExpr(casting_unsafe_predicate_, |
| exclude_files_, exclude_functions_); |
| match_finder.addMatcher(cast_matcher, this); |
| } |
| |
| void run(const MatchFinder::MatchResult& result) override { |
| const clang::CastExpr* cast_expr = |
| result.Nodes.getNodeAs<clang::CastExpr>("castExpr"); |
| assert(cast_expr && "matcher should bind 'castExpr'"); |
| |
| const clang::SourceManager& source_manager = *result.SourceManager; |
| clang::SourceLocation loc = cast_expr->getSourceRange().getBegin(); |
| std::string file_path = |
| GetFilename(source_manager, loc, FilenameLocationType::kSpellingLoc); |
| |
| clang::PrintingPolicy printing_policy(result.Context->getLangOpts()); |
| const std::string src_name = |
| cast_expr->getSubExpr()->getType().getAsString(printing_policy); |
| const std::string dst_name = |
| cast_expr->getType().getAsString(printing_policy); |
| |
| const auto* src_type = result.Nodes.getNodeAs<clang::Type>("srcType"); |
| const auto* dst_type = result.Nodes.getNodeAs<clang::Type>("dstType"); |
| assert((src_type || dst_type) && |
| "matcher should bind 'srcType' or 'dstType'"); |
| |
| const auto* enclosing_cast_expr = |
| result.Nodes.getNodeAs<clang::ExplicitCastExpr>("enclosingCastExpr"); |
| const auto* cast_expr_for_display = |
| enclosing_cast_expr ? enclosing_cast_expr : cast_expr; |
| |
| compiler_.getDiagnostics().Report(cast_expr_for_display->getEndLoc(), |
| error_bad_cast_signature_) |
| << src_name << dst_name; |
| |
| std::shared_ptr<MatchResult> type_note; |
| if (src_type != nullptr) { |
| compiler_.getDiagnostics().Report(cast_expr_for_display->getEndLoc(), |
| note_bad_cast_signature_explanation_) |
| << src_name; |
| type_note = casting_unsafe_predicate_.GetMatchResult(src_type); |
| } else { |
| compiler_.getDiagnostics().Report(cast_expr_for_display->getEndLoc(), |
| note_bad_cast_signature_explanation_) |
| << dst_name; |
| type_note = casting_unsafe_predicate_.GetMatchResult(dst_type); |
| } |
| |
| while (type_note) { |
| if (type_note->source_loc()) { |
| const auto& type_name = clang::QualType::getAsString( |
| type_note->type(), {}, printing_policy); |
| compiler_.getDiagnostics().Report(*type_note->source_loc(), |
| note_bad_cast_signature_type_) |
| << type_name; |
| } |
| type_note = type_note->source(); |
| } |
| } |
| |
| llvm::StringRef getID() const override { return "BadCastMatcher"; }; |
| |
| private: |
| clang::CompilerInstance& compiler_; |
| const FilterFile& exclude_files_; |
| const FilterFile& exclude_functions_; |
| CastingUnsafePredicate casting_unsafe_predicate_; |
| unsigned error_bad_cast_signature_; |
| unsigned note_bad_cast_signature_explanation_; |
| unsigned note_bad_cast_signature_type_; |
| }; |
| |
| const char kNeedRawPtrSignature[] = |
| "[chromium-rawptr] Use raw_ptr<T> instead of a raw pointer."; |
| |
| class RawPtrFieldMatcher : public MatchFinder::MatchCallback { |
| public: |
| explicit RawPtrFieldMatcher( |
| clang::CompilerInstance& compiler, |
| const RawPtrAndRefExclusionsOptions& exclusion_options) |
| : compiler_(compiler), exclusion_options_(exclusion_options) { |
| error_need_raw_ptr_signature_ = compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Error, kNeedRawPtrSignature); |
| } |
| |
| void Register(MatchFinder& match_finder) { |
| auto field_decl_matcher = AffectedRawPtrFieldDecl(exclusion_options_); |
| match_finder.addMatcher(field_decl_matcher, this); |
| } |
| void run(const MatchFinder::MatchResult& result) override { |
| const clang::FieldDecl* field_decl = |
| result.Nodes.getNodeAs<clang::FieldDecl>("affectedFieldDecl"); |
| assert(field_decl && "matcher should bind 'fieldDecl'"); |
| |
| const clang::TypeSourceInfo* type_source_info = |
| field_decl->getTypeSourceInfo(); |
| assert(type_source_info && "assuming |type_source_info| is always present"); |
| |
| assert(type_source_info->getType()->isPointerType() && |
| "matcher should only match pointer types"); |
| |
| compiler_.getDiagnostics().Report(field_decl->getLocation(), |
| error_need_raw_ptr_signature_); |
| } |
| |
| llvm::StringRef getID() const override { return "RawPtrFieldMatcher"; }; |
| |
| private: |
| clang::CompilerInstance& compiler_; |
| unsigned error_need_raw_ptr_signature_; |
| const RawPtrAndRefExclusionsOptions& exclusion_options_; |
| }; |
| |
| const char kNeedRawRefSignature[] = |
| "[chromium-rawref] Use raw_ref<T> instead of a native reference."; |
| |
| class RawRefFieldMatcher : public MatchFinder::MatchCallback { |
| public: |
| explicit RawRefFieldMatcher( |
| clang::CompilerInstance& compiler, |
| const RawPtrAndRefExclusionsOptions& exclusion_options) |
| : compiler_(compiler), exclusion_options_(exclusion_options) { |
| error_need_raw_ref_signature_ = compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Error, kNeedRawRefSignature); |
| } |
| |
| void Register(MatchFinder& match_finder) { |
| auto field_decl_matcher = AffectedRawRefFieldDecl(exclusion_options_); |
| match_finder.addMatcher(field_decl_matcher, this); |
| } |
| void run(const MatchFinder::MatchResult& result) override { |
| const clang::FieldDecl* field_decl = |
| result.Nodes.getNodeAs<clang::FieldDecl>("affectedFieldDecl"); |
| assert(field_decl && "matcher should bind 'fieldDecl'"); |
| |
| const clang::TypeSourceInfo* type_source_info = |
| field_decl->getTypeSourceInfo(); |
| assert(type_source_info && "assuming |type_source_info| is always present"); |
| |
| assert(type_source_info->getType()->isReferenceType() && |
| "matcher should only match reference types"); |
| |
| compiler_.getDiagnostics().Report(field_decl->getEndLoc(), |
| error_need_raw_ref_signature_); |
| } |
| |
| llvm::StringRef getID() const override { return "RawRefFieldMatcher"; }; |
| |
| private: |
| clang::CompilerInstance& compiler_; |
| unsigned error_need_raw_ref_signature_; |
| const RawPtrAndRefExclusionsOptions exclusion_options_; |
| }; |
| |
| const char kNoRawPtrToStackAllocatedSignature[] = |
| "[chromium-raw-ptr-to-stack-allocated] Do not use '%0<T>' on a " |
| "`STACK_ALLOCATED` object '%1'."; |
| |
| class RawPtrToStackAllocatedMatcher : public MatchFinder::MatchCallback { |
| public: |
| explicit RawPtrToStackAllocatedMatcher(clang::CompilerInstance& compiler) |
| : compiler_(compiler), stack_allocated_predicate_() { |
| error_no_raw_ptr_to_stack_ = compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Error, kNoRawPtrToStackAllocatedSignature); |
| } |
| |
| void Register(MatchFinder& match_finder) { |
| auto value_decl_matcher = |
| RawPtrToStackAllocatedTypeLoc(&stack_allocated_predicate_); |
| match_finder.addMatcher(value_decl_matcher, this); |
| } |
| void run(const MatchFinder::MatchResult& result) override { |
| const auto* pointer = |
| result.Nodes.getNodeAs<clang::CXXRecordDecl>("pointerRecordDecl"); |
| assert(pointer && "matcher should bind 'pointerRecordDecl'"); |
| |
| const auto* pointee = |
| result.Nodes.getNodeAs<clang::QualType>("pointeeQualType"); |
| assert(pointee && "matcher should bind 'pointeeQualType'"); |
| clang::PrintingPolicy printing_policy(result.Context->getLangOpts()); |
| const std::string pointee_name = pointee->getAsString(printing_policy); |
| |
| const auto* type_loc = |
| result.Nodes.getNodeAs<clang::TypeLoc>("stackAllocatedRawPtrTypeLoc"); |
| assert(type_loc && "matcher should bind 'stackAllocatedRawPtrTypeLoc'"); |
| |
| compiler_.getDiagnostics().Report(type_loc->getEndLoc(), |
| error_no_raw_ptr_to_stack_) |
| << pointer->getNameAsString() << pointee_name; |
| } |
| |
| llvm::StringRef getID() const override { |
| return "RawPtrToStackAllocatedMatcher"; |
| }; |
| |
| private: |
| clang::CompilerInstance& compiler_; |
| StackAllocatedPredicate stack_allocated_predicate_; |
| unsigned error_no_raw_ptr_to_stack_; |
| }; |
| |
| const char kNeedRawSpanSignature[] = |
| "[chromium-rawptr] Use raw_span<T> instead of a span<T>."; |
| |
| const char kNeedContainerSpanSignature[] = |
| "[chromium-rawptr] Use raw_span<T> instead of a span<T> in the field " |
| "type's template arguments."; |
| |
| class SpanFieldMatcher : public MatchFinder::MatchCallback { |
| public: |
| explicit SpanFieldMatcher( |
| clang::CompilerInstance& compiler, |
| const RawPtrAndRefExclusionsOptions& exclusion_options) |
| : compiler_(compiler), exclusion_options_(exclusion_options) { |
| error_need_span_signature_ = compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Error, kNeedRawSpanSignature); |
| |
| error_need_container_span_signature_ = |
| compiler_.getDiagnostics().getCustomDiagID( |
| clang::DiagnosticsEngine::Error, kNeedContainerSpanSignature); |
| } |
| |
| void Register(MatchFinder& match_finder) { |
| auto raw_span = hasTemplateArgument( |
| 2, refersToType(qualType(hasCanonicalType(qualType(hasDeclaration( |
| mapAnyOf(classTemplateSpecializationDecl, classTemplateDecl) |
| .with(hasName("raw_ptr")))))))); |
| |
| auto string_literals_span = hasTemplateArgument( |
| 0, refersToType(qualType(hasCanonicalType( |
| anyOf(asString("const char"), asString("const wchar_t"), |
| asString("const char8_t"), asString("const char16_t"), |
| asString("const char32_t")))))); |
| |
| auto excluded_spans = anyOf(raw_span, string_literals_span); |
| |
| auto span_type = anyOf( |
| qualType(hasCanonicalType( |
| qualType(hasDeclaration(classTemplateSpecializationDecl( |
| hasName("base::span"), unless(excluded_spans)))))), |
| qualType(hasCanonicalType(qualType(type(templateSpecializationType( |
| hasDeclaration(classTemplateDecl(hasName("base::span"))), |
| unless(excluded_spans))))))); |
| |
| auto optional_span_type = anyOf( |
| qualType( |
| hasCanonicalType(hasDeclaration(classTemplateSpecializationDecl( |
| hasName("optional"), |
| hasTemplateArgument(0, refersToType(span_type)))))), |
| qualType(hasCanonicalType(qualType(type(templateSpecializationType( |
| hasDeclaration(classTemplateDecl(hasName("optional"))), |
| hasAnyTemplateArgument(refersToType(span_type)))))))); |
| |
| auto container_methods = |
| anyOf(allOf(hasMethod(hasName("push_back")), |
| hasMethod(hasName("pop_back")), hasMethod(hasName("size"))), |
| allOf(hasMethod(hasName("insert")), hasMethod(hasName("erase")), |
| hasMethod(hasName("size"))), |
| allOf(hasMethod(hasName("push")), hasMethod(hasName("pop")), |
| hasMethod(hasName("size")))); |
| |
| auto template_argument = |
| templateArgument(refersToType(anyOf(span_type, optional_span_type))); |
| auto template_arguments = anyOf(hasTemplateArgument(0, template_argument), |
| hasTemplateArgument(1, template_argument)); |
| |
| auto container_of_span_type = |
| qualType(hasCanonicalType(anyOf( |
| qualType(hasDeclaration(classTemplateSpecializationDecl( |
| container_methods, template_arguments))), |
| qualType(type(templateSpecializationType( |
| hasDeclaration(classTemplateDecl( |
| has(cxxRecordDecl(container_methods)))), |
| template_arguments)))))) |
| .bind("container_type"); |
| |
| auto field_decl_matcher = |
| traverse(clang::TK_IgnoreUnlessSpelledInSource, |
| fieldDecl(hasType(qualType(anyOf(span_type, optional_span_type, |
| container_of_span_type))), |
| unless(PtrAndRefExclusions(exclusion_options_))) |
| .bind("affectedFieldDecl")); |
| match_finder.addMatcher(field_decl_matcher, this); |
| } |
| |
| void run(const MatchFinder::MatchResult& result) override { |
| const clang::FieldDecl* field_decl = |
| result.Nodes.getNodeAs<clang::FieldDecl>("affectedFieldDecl"); |
| assert(field_decl && "matcher should bind 'fieldDecl'"); |
| |
| if (result.Nodes.getNodeAs<clang::QualType>("container_type")) { |
| compiler_.getDiagnostics().Report(field_decl->getLocation(), |
| error_need_container_span_signature_); |
| } else { |
| compiler_.getDiagnostics().Report(field_decl->getLocation(), |
| error_need_span_signature_); |
| } |
| } |
| |
| llvm::StringRef getID() const override { return "SpanFieldMatcher"; }; |
| |
| private: |
| clang::CompilerInstance& compiler_; |
| unsigned error_need_span_signature_; |
| unsigned error_need_container_span_signature_; |
| const RawPtrAndRefExclusionsOptions& exclusion_options_; |
| }; |
| |
| void FindBadRawPtrPatterns(const Options& options, |
| clang::ASTContext& ast_context, |
| clang::CompilerInstance& compiler) { |
| llvm::StringMap<llvm::TimeRecord> Records; |
| MatchFinder::MatchFinderOptions FinderOptions; |
| if (options.enable_match_profiling) { |
| FinderOptions.CheckProfiling.emplace(Records); |
| } |
| MatchFinder match_finder(std::move(FinderOptions)); |
| |
| std::vector<std::string> paths_to_exclude_lines; |
| std::vector<std::string> check_bad_raw_ptr_cast_exclude_paths; |
| for (auto* const line : kRawPtrManualPathsToIgnore) { |
| paths_to_exclude_lines.push_back(line); |
| } |
| for (auto* const line : kSeparateRepositoryPaths) { |
| paths_to_exclude_lines.push_back(line); |
| check_bad_raw_ptr_cast_exclude_paths.push_back(line); |
| } |
| paths_to_exclude_lines.insert(paths_to_exclude_lines.end(), |
| options.raw_ptr_paths_to_exclude_lines.begin(), |
| options.raw_ptr_paths_to_exclude_lines.end()); |
| check_bad_raw_ptr_cast_exclude_paths.insert( |
| check_bad_raw_ptr_cast_exclude_paths.end(), |
| options.check_bad_raw_ptr_cast_exclude_paths.begin(), |
| options.check_bad_raw_ptr_cast_exclude_paths.end()); |
| |
| FilterFile exclude_fields(options.exclude_fields_file, "exclude-fields"); |
| FilterFile exclude_lines(paths_to_exclude_lines); |
| |
| StackAllocatedPredicate stack_allocated_predicate; |
| RawPtrAndRefExclusionsOptions exclusion_options{ |
| &exclude_fields, &exclude_lines, options.check_raw_ptr_to_stack_allocated, |
| &stack_allocated_predicate, options.check_ptrs_to_non_string_literals}; |
| |
| FilterFile filter_check_bad_raw_ptr_cast_exclude_paths( |
| check_bad_raw_ptr_cast_exclude_paths); |
| FilterFile filter_check_bad_raw_ptr_cast_exclude_funcs( |
| options.check_bad_raw_ptr_cast_exclude_funcs); |
| BadCastMatcher bad_cast_matcher(compiler, |
| filter_check_bad_raw_ptr_cast_exclude_paths, |
| filter_check_bad_raw_ptr_cast_exclude_funcs); |
| if (options.check_bad_raw_ptr_cast) { |
| bad_cast_matcher.Register(match_finder); |
| } |
| |
| RawPtrFieldMatcher field_matcher(compiler, exclusion_options); |
| if (options.check_raw_ptr_fields) { |
| field_matcher.Register(match_finder); |
| } |
| |
| RawRefFieldMatcher ref_field_matcher(compiler, exclusion_options); |
| if (options.check_raw_ref_fields) { |
| ref_field_matcher.Register(match_finder); |
| } |
| |
| RawPtrToStackAllocatedMatcher raw_ptr_to_stack(compiler); |
| if (options.check_raw_ptr_to_stack_allocated && |
| !options.disable_check_raw_ptr_to_stack_allocated_error) { |
| raw_ptr_to_stack.Register(match_finder); |
| } |
| |
| SpanFieldMatcher raw_span_matcher(compiler, exclusion_options); |
| if (options.check_span_fields) { |
| raw_span_matcher.Register(match_finder); |
| } |
| |
| { |
| llvm::TimeTraceScope TimeScope( |
| "match_finder.matchAST in FindBadRawPtrPatterns"); |
| match_finder.matchAST(ast_context); |
| } |
| |
| if (options.enable_match_profiling) { |
| llvm::TimerGroup TG("FindBadRawPtrPatterns", |
| "FindBadRawPtrPatterns match profiling", Records); |
| TG.print(llvm::errs()); |
| } |
| } |
| |
| } // namespace raw_ptr_plugin |
