This is an archive of the discontinued LLVM Phabricator instance.

[Sema][ObjC] Warn about implicitly autoreleasing indirect parameters that are captured by blocks
ClosedPublic

Authored by ahatanak on Oct 20 2016, 1:51 PM.

Download Raw Diff

Details

Reviewers

Commits

rGc81708e6ecf0: [Sema][ObjC] Warn about implicitly autoreleasing out-parameters captured by…
rC285031: [Sema][ObjC] Warn about implicitly autoreleasing out-parameters captured
rL285031: [Sema][ObjC] Warn about implicitly autoreleasing out-parameters captured

Summary

ARC implicitly marks indirect parameters passed to a function as autoreleasing and passing a block that captures those parameters to another function sometimes causes problems that are hard to debug.

For example, in the code below, a block capturing fillMeIn is passed to enumerateObjectsUsingBlock, in which an autorelease pool is pushed and popped before and after the block is invoked:

void doStuff(NSString **fillMeIn) {
    [@[@"array"] enumerateObjectsUsingBlock:
      ^(id obj, NSUInteger idx, BOOL* stop) {
        *stop = YES;
        *fillMeIn = [@"wow" mutableCopy];
      }
     ];
}

The object assigned to *fillMeIn gets autoreleased inside the block, so it gets destructed when the autorelease pool is drained, and the program will crash if it tries to access the NSString returned in fillMeIn after doStuff returns.

To help the users figure out why the program is crashing, this patch adds a new warning "-Wblock-capture-autoreleasing" which warns about implicitly autoreleasing indirect parameters captured by blocks and suggests explicitly specifying ownership qualification.

Diff Detail

Repository: rL LLVM

Event Timeline

ahatanak updated this revision to Diff 75343.Oct 20 2016, 1:51 PM

ahatanak retitled this revision from to [Sema][ObjC] Warn about implicitly autoreleasing indirect parameters that are captured by blocks.

ahatanak updated this object.

ahatanak added a reviewer: rjmccall.

ahatanak added a subscriber: cfe-commits.

rjmccall added inline comments.Oct 20 2016, 10:13 PM

include/clang/Basic/DiagnosticSemaKinds.td

5080 ↗

(On Diff #75343)

How about:

warning: block captures an autoreleasing out-parameter, which may result in use-after-free bugs
note: declare the parameter __autoreleasing explicitly to suppress this warning  (include a fixit on this one)
note: declare the parameter __strong or capture a __block __strong variable to keep values alive across autorelease pools

Improve warning messages.

Thanks. LGTM.

Closed by commit rL285031: [Sema][ObjC] Warn about implicitly autoreleasing out-parameters captured (authored by ahatanak). · Explain WhyOct 24 2016, 2:55 PM

This revision was automatically updated to reflect the committed changes.

Hello!

What compiler do when call doStuff:

NSString * __strong fillMe;
NSString * __autoreleasing autorelesingFillMe = fillMe;
doStuff(&fillMe);
fillMe = autoreleasingFillMe;

Why it's not making the same thing in doStuff body?
Compiler generated code for yours example should be:

void doStuff(NSString **fillMeIn) {
    __block NSString *fillMeInResult;
    __block BOOL fillMeInResultHasChanged = NO;
    [@[@"array"] enumerateObjectsUsingBlock:
      ^(id obj, NSUInteger idx, BOOL* stop) {
        *stop = YES;
        fillMeInResult = [@"wow" mutableCopy];
        fillMeInResultHasChanged = YES;
      }
    ];
    if (fillMeInResultHasChanged) {
      *fillMeIn = fillMeInResult;
    }
}

Instead we got this warning and had to do the same stuff in every implementation

That's not an unreasonable idea, and we did consider it, and in fact it's still on the table as something we could do. However, it's a significantly more complex change, and we're not committed to doing it, and so we wanted to at least put this warning in place to help people avoid a relatively common bug.

Revision Contents

Path

Size

cfe/

trunk/

include/

clang/

Basic/

DiagnosticGroups.td

1 line

DiagnosticSemaKinds.td

10 lines

lib/

Sema/

SemaExpr.cpp

17 lines

test/

SemaObjC/

arc.m

9 lines

Diff 75650

cfe/trunk/include/clang/Basic/DiagnosticGroups.td

	Show First 20 Lines • Show All 492 Lines • ▼ Show 20 Lines
	def ARCNonPodMemAccess : DiagGroup<"arc-non-pod-memaccess">;			def ARCNonPodMemAccess : DiagGroup<"arc-non-pod-memaccess">;
	def AutomaticReferenceCounting : DiagGroup<"arc",			def AutomaticReferenceCounting : DiagGroup<"arc",
	[ARCUnsafeRetainedAssign,			[ARCUnsafeRetainedAssign,
	ARCRetainCycles,			ARCRetainCycles,
	ARCNonPodMemAccess]>;			ARCNonPodMemAccess]>;
	def ARCRepeatedUseOfWeakMaybe : DiagGroup<"arc-maybe-repeated-use-of-weak">;			def ARCRepeatedUseOfWeakMaybe : DiagGroup<"arc-maybe-repeated-use-of-weak">;
	def ARCRepeatedUseOfWeak : DiagGroup<"arc-repeated-use-of-weak",			def ARCRepeatedUseOfWeak : DiagGroup<"arc-repeated-use-of-weak",
	[ARCRepeatedUseOfWeakMaybe]>;			[ARCRepeatedUseOfWeakMaybe]>;
				def BlockCaptureAutoReleasing : DiagGroup<"block-capture-autoreleasing">;
	def ObjCBridge : DiagGroup<"bridge-cast">;			def ObjCBridge : DiagGroup<"bridge-cast">;

	def DeallocInCategory:DiagGroup<"dealloc-in-category">;			def DeallocInCategory:DiagGroup<"dealloc-in-category">;
	def SelectorTypeMismatch : DiagGroup<"selector-type-mismatch">;			def SelectorTypeMismatch : DiagGroup<"selector-type-mismatch">;
	def Selector : DiagGroup<"selector", [SelectorTypeMismatch]>;			def Selector : DiagGroup<"selector", [SelectorTypeMismatch]>;
	def Protocol : DiagGroup<"protocol">;			def Protocol : DiagGroup<"protocol">;
	def AtProtocol : DiagGroup<"at-protocol">;			def AtProtocol : DiagGroup<"at-protocol">;
	def PropertyAccessDotSyntax: DiagGroup<"property-access-dot-syntax">;			def PropertyAccessDotSyntax: DiagGroup<"property-access-dot-syntax">;
	▲ Show 20 Lines • Show All 379 Lines • Show Last 20 Lines

cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 5,071 Lines • ▼ Show 20 Lines	def err_arc_assign_property_ownership : Error<
"existing instance variable %1 for property %0 with %select{unsafe_unretained\|assign}2 "		"existing instance variable %1 for property %0 with %select{unsafe_unretained\|assign}2 "
"attribute must be __unsafe_unretained">;		"attribute must be __unsafe_unretained">;
def err_arc_inconsistent_property_ownership : Error<		def err_arc_inconsistent_property_ownership : Error<
"%select{\|unsafe_unretained\|strong\|weak}1 property %0 may not also be "		"%select{\|unsafe_unretained\|strong\|weak}1 property %0 may not also be "
"declared %select{\|__unsafe_unretained\|__strong\|__weak\|__autoreleasing}2">;		"declared %select{\|__unsafe_unretained\|__strong\|__weak\|__autoreleasing}2">;

} // end "ARC and @properties" category		} // end "ARC and @properties" category

		def warn_block_capture_autoreleasing : Warning<
		"block captures an autoreleasing out-parameter, which may result in "
		"use-after-free bugs">,
		InGroup<BlockCaptureAutoReleasing>, DefaultIgnore;
		def note_declare_parameter_autoreleasing : Note<
		"declare the parameter __autoreleasing explicitly to suppress this warning">;
		def note_declare_parameter_strong : Note<
		"declare the parameter __strong or capture a __block __strong variable to "
		"keep values alive across autorelease pools">;

def err_arc_atomic_ownership : Error<		def err_arc_atomic_ownership : Error<
"cannot perform atomic operation on a pointer to type %0: type has "		"cannot perform atomic operation on a pointer to type %0: type has "
"non-trivial ownership">;		"non-trivial ownership">;

let CategoryName = "ARC Casting Rules" in {		let CategoryName = "ARC Casting Rules" in {

def err_arc_bridge_cast_incompatible : Error<		def err_arc_bridge_cast_incompatible : Error<
"incompatible types casting %0 to %1 with a %select{__bridge\|"		"incompatible types casting %0 to %1 with a %select{__bridge\|"
▲ Show 20 Lines • Show All 3,699 Lines • Show Last 20 Lines

cfe/trunk/lib/Sema/SemaExpr.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 13,496 Lines • ▼ Show 20 Lines	if (CaptureType.getObjCLifetime() == Qualifiers::OCL_Autoreleasing) {
if (BuildAndDiagnose) {		if (BuildAndDiagnose) {
S.Diag(Loc, diag::err_arc_autoreleasing_capture)		S.Diag(Loc, diag::err_arc_autoreleasing_capture)
<< /block/ 0;		<< /block/ 0;
S.Diag(Var->getLocation(), diag::note_previous_decl)		S.Diag(Var->getLocation(), diag::note_previous_decl)
<< Var->getDeclName();		<< Var->getDeclName();
}		}
return false;		return false;
}		}

		// Warn about implicitly autoreleasing indirect parameters captured by blocks.
		if (auto *PT = dyn_cast<PointerType>(CaptureType)) {
		QualType PointeeTy = PT->getPointeeType();
		if (isa<ObjCObjectPointerType>(PointeeTy.getCanonicalType()) &&
		PointeeTy.getObjCLifetime() == Qualifiers::OCL_Autoreleasing &&
		!isa<AttributedType>(PointeeTy)) {
		if (BuildAndDiagnose) {
		SourceLocation VarLoc = Var->getLocation();
		S.Diag(Loc, diag::warn_block_capture_autoreleasing);
		S.Diag(VarLoc, diag::note_declare_parameter_autoreleasing) <<
		FixItHint::CreateInsertion(VarLoc, "__autoreleasing");
		S.Diag(VarLoc, diag::note_declare_parameter_strong);
		}
		}
		}

const bool HasBlocksAttr = Var->hasAttr<BlocksAttr>();		const bool HasBlocksAttr = Var->hasAttr<BlocksAttr>();
if (HasBlocksAttr \|\| CaptureType->isReferenceType() \|\|		if (HasBlocksAttr \|\| CaptureType->isReferenceType() \|\|
(S.getLangOpts().OpenMP && S.IsOpenMPCapturedDecl(Var))) {		(S.getLangOpts().OpenMP && S.IsOpenMPCapturedDecl(Var))) {
// Block capture by reference does not change the capture or		// Block capture by reference does not change the capture or
// declaration reference types.		// declaration reference types.
ByRef = true;		ByRef = true;
} else {		} else {
// Block capture by copy introduces 'const'.		// Block capture by copy introduces 'const'.
▲ Show 20 Lines • Show All 1,780 Lines • Show Last 20 Lines

cfe/trunk/test/SemaObjC/arc.m

// RUN: %clang_cc1 -triple x86_64-apple-darwin11 -fobjc-runtime-has-weak -fsyntax-only -fobjc-arc -fblocks -verify -Wno-objc-root-class %s		// RUN: %clang_cc1 -triple x86_64-apple-darwin11 -fobjc-runtime-has-weak -fsyntax-only -fobjc-arc -fblocks -verify -Wno-objc-root-class -Wblock-capture-autoreleasing %s

typedef unsigned long NSUInteger;		typedef unsigned long NSUInteger;
typedef const void * CFTypeRef;		typedef const void * CFTypeRef;
CFTypeRef CFBridgingRetain(id X);		CFTypeRef CFBridgingRetain(id X);
id CFBridgingRelease(CFTypeRef);		id CFBridgingRelease(CFTypeRef);
@protocol NSCopying @end		@protocol NSCopying @end
@interface NSDictionary		@interface NSDictionary
+ (id)dictionaryWithObjects:(const id [])objects forKeys:(const id <NSCopying> [])keys count:(NSUInteger)cnt;		+ (id)dictionaryWithObjects:(const id [])objects forKeys:(const id <NSCopying> [])keys count:(NSUInteger)cnt;
▲ Show 20 Lines • Show All 793 Lines • ▼ Show 20 Lines	#define TKAssertEqual(a, b) do{\
}\		}\
}while(0)		}while(0)

int garf() {		int garf() {
id object;		id object;
TKAssertEqual(object, nil);		TKAssertEqual(object, nil);
TKAssertEqual(object, (id)nil);		TKAssertEqual(object, (id)nil);
}		}

		void block_capture_autoreleasing(A * __autoreleasing a, A *b) { // expected-note {{declare the parameter __autoreleasing explicitly to suppress this warning}} expected-note {{declare the parameter __strong or capture a __block __strong variable to keep values alive across autorelease pools}}
		^{
		(void)*a;
		(void)*b; // expected-warning {{block captures an autoreleasing out-parameter, which may result in use-after-free bugs}}
		}();
		}