Disallow heap objects containing unsafe on-heap iterators.

tools/clang/blink_gc_plugin/RecordInfo.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "Config.h"
 #include "RecordInfo.h"
 #include "clang/Sema/Sema.h"
 
 using namespace clang;
 using std::string;
@@ skipping 95 matching lines @@
 
   return dyn_cast_or_null<CXXRecordDecl>(tmpl_decl->getTemplatedDecl());
 }
 
 void RecordInfo::walkBases() {
   // This traversal is akin to CXXRecordDecl::forallBases()'s,
   // but without stepping over dependent bases -- these might also
   // have a "GC base name", so are to be included and considered.
   SmallVector<const CXXRecordDecl*, 8> queue;
 
-  const CXXRecordDecl *base_record = record();
+  const CXXRecordDecl* base_record = record();
   while (true) {
     for (const auto& it : base_record->bases()) {
-      const RecordType *type = it.getType()->getAs<RecordType>();
+      const RecordType* type = it.getType()->getAs<RecordType>();
       CXXRecordDecl* base;
       if (!type)
         base = GetDependentTemplatedDecl(*it.getType());
       else {
         base = cast_or_null<CXXRecordDecl>(type->getDecl()->getDefinition());
         if (base)
           queue.push_back(base);
       }
       if (!base)
         continue;
@@ skipping 34 matching lines @@
   // This is a mixin if all GC bases are mixins.
   return true;
 }
 
 // Test if a record is allocated on the managed heap.
 bool RecordInfo::IsGCAllocated() {
   return IsGCDerived() || IsHeapAllocatedCollection();
 }
 
 bool RecordInfo::IsEagerlyFinalized() {
-  if (is_eagerly_finalized_ == kNotComputed) {
-    is_eagerly_finalized_ = kFalse;
-    if (IsGCFinalized()) {
-      for (Decl* decl : record_->decls()) {
-        if (TypedefDecl* typedef_decl = dyn_cast<TypedefDecl>(decl)) {
-          if (typedef_decl->getNameAsString() == kIsEagerlyFinalizedName) {
-            is_eagerly_finalized_ = kTrue;
-            break;
-          }
-        }
-      }
+  if (is_eagerly_finalized_ != kNotComputed)
+    return is_eagerly_finalized_;
+
+  is_eagerly_finalized_ = kFalse;
+  if (!IsGCFinalized())
+    return is_eagerly_finalized_;
+
+  for (Decl* decl : record_->decls()) {
+    if (TypedefDecl* typedef_decl = dyn_cast<TypedefDecl>(decl)) {
+      if (typedef_decl->getNameAsString() != kIsEagerlyFinalizedName)
+        continue;
+      is_eagerly_finalized_ = kTrue;
+      break;
     }
   }
   return is_eagerly_finalized_;
 }
 
 bool RecordInfo::HasDefinition() {
   return record_->hasDefinition();
 }
 
 RecordInfo* RecordCache::Lookup(CXXRecordDecl* record) {
@@ skipping 212 matching lines @@
   if (!record_->hasDefinition())
     return fields;
   TracingStatus fields_status = TracingStatus::Unneeded();
   for (RecordDecl::field_iterator it = record_->field_begin();
        it != record_->field_end();
        ++it) {
     FieldDecl* field = *it;
     // Ignore fields annotated with the GC_PLUGIN_IGNORE macro.
     if (Config::IsIgnoreAnnotated(field))
       continue;
-    if (Edge* edge = CreateEdge(field->getType().getTypePtrOrNull())) {
+    // Check if the unexpanded type should be recorded; needed
+    // to track iterator aliases only
+    const Type* unexpandedType = field->getType().getSplitUnqualifiedType().Ty;
+    Edge* edge = CreateEdgeFromOriginalType(unexpandedType);
+    if (!edge)
+      edge = CreateEdge(field->getType().getTypePtrOrNull());
+    if (edge) {
       fields_status = fields_status.LUB(edge->NeedsTracing(Edge::kRecursive));
       fields->insert(std::make_pair(field, FieldPoint(field, edge)));
     }
   }
   fields_need_tracing_ = fields_status;
   return fields;
 }
 
 void RecordInfo::DetermineTracingMethods() {
   if (determined_trace_methods_)
@@ skipping 132 matching lines @@
 static bool isInStdNamespace(clang::Sema& sema, NamespaceDecl* ns)
 {
   while (ns) {
     if (sema.getStdNamespace()->InEnclosingNamespaceSetOf(ns))
       return true;
     ns = dyn_cast<NamespaceDecl>(ns->getParent());
   }
   return false;
 }
 
+Edge* RecordInfo::CreateEdgeFromOriginalType(const Type* type) {
+  if (!type)
+    return nullptr;
+
+  // look for "typedef ... iterator;"
+  if (!isa<ElaboratedType>(type))
+    return nullptr;
+  const ElaboratedType* elaboratedType = cast<ElaboratedType>(type);
+  if (!isa<TypedefType>(elaboratedType->getNamedType()))
+    return nullptr;
+  const TypedefType* typedefType =
+      cast<TypedefType>(elaboratedType->getNamedType());
+  std::string typeName = typedefType->getDecl()->getNameAsString();
+  if (!Config::IsIterator(typeName))
+    return nullptr;
+  RecordInfo* info =
+      cache_->Lookup(elaboratedType->getQualifier()->getAsType());
+
+  bool on_heap = false;
+  bool is_unsafe = false;
+  // Silently handle unknown types; the on-heap collection types will
+  // have to be in scope for the declaration to compile, though.
+  if (info) {
+    is_unsafe = Config::IsGCCollectionWithUnsafeIterator(info->name());
+    // Don't mark iterator as being on the heap if it is not supported.
+    on_heap = !is_unsafe && Config::IsGCCollection(info->name());
+  }
+  return new Iterator(info, on_heap, is_unsafe);
+}
+
 Edge* RecordInfo::CreateEdge(const Type* type) {
   if (!type) {
     return 0;
   }
 
   if (type->isPointerType() || type->isReferenceType()) {
     if (Edge* ptr = CreateEdge(type->getPointeeType().getTypePtrOrNull()))
       return new RawPtr(ptr, type->isReferenceType());
     return 0;
   }
@@ skipping 75 matching lines @@
         edge->members().push_back(member);
       }
       // TODO: Handle the case where we fail to create an edge (eg, if the
       // argument is a primitive type or just not fully known yet).
     }
     return edge;
   }
 
   return new Value(info);
 }