summaryrefslogtreecommitdiffstats
path: root/clang/lib/Sema/SemaAccess.cpp
blob: f3c10392f7c9e25cba63bbb07bcc5e42b5c60163 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
//===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===//
//
//                     The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This file provides Sema routines for C++ access control semantics.
//
//===----------------------------------------------------------------------===//

#include "Sema.h"
#include "Lookup.h"
#include "clang/AST/ASTContext.h"
#include "clang/AST/CXXInheritance.h"
#include "clang/AST/DeclCXX.h"
#include "clang/AST/ExprCXX.h"

using namespace clang;

/// SetMemberAccessSpecifier - Set the access specifier of a member.
/// Returns true on error (when the previous member decl access specifier
/// is different from the new member decl access specifier).
bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl,
                                    NamedDecl *PrevMemberDecl,
                                    AccessSpecifier LexicalAS) {
  if (!PrevMemberDecl) {
    // Use the lexical access specifier.
    MemberDecl->setAccess(LexicalAS);
    return false;
  }

  // C++ [class.access.spec]p3: When a member is redeclared its access
  // specifier must be same as its initial declaration.
  if (LexicalAS != AS_none && LexicalAS != PrevMemberDecl->getAccess()) {
    Diag(MemberDecl->getLocation(),
         diag::err_class_redeclared_with_different_access)
      << MemberDecl << LexicalAS;
    Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration)
      << PrevMemberDecl << PrevMemberDecl->getAccess();

    MemberDecl->setAccess(LexicalAS);
    return true;
  }

  MemberDecl->setAccess(PrevMemberDecl->getAccess());
  return false;
}

/// Find a class on the derivation path between Derived and Base that is
/// inaccessible. If @p NoPrivileges is true, special access rights (members
/// and friends) are not considered.
const CXXBaseSpecifier *Sema::FindInaccessibleBase(
    QualType Derived, QualType Base, CXXBasePaths &Paths, bool NoPrivileges) {
  Base = Context.getCanonicalType(Base).getUnqualifiedType();
  assert(!Paths.isAmbiguous(Base) &&
         "Can't check base class access if set of paths is ambiguous");
  assert(Paths.isRecordingPaths() &&
         "Can't check base class access without recorded paths");


  const CXXBaseSpecifier *InaccessibleBase = 0;

  const CXXRecordDecl *CurrentClassDecl = 0;
  if (CXXMethodDecl *MD = dyn_cast_or_null<CXXMethodDecl>(getCurFunctionDecl()))
    CurrentClassDecl = MD->getParent();

  for (CXXBasePaths::paths_iterator Path = Paths.begin(), PathsEnd = Paths.end();
      Path != PathsEnd; ++Path) {

    bool FoundInaccessibleBase = false;

    for (CXXBasePath::const_iterator Element = Path->begin(),
         ElementEnd = Path->end(); Element != ElementEnd; ++Element) {
      const CXXBaseSpecifier *Base = Element->Base;

      switch (Base->getAccessSpecifier()) {
      default:
        assert(0 && "invalid access specifier");
      case AS_public:
        // Nothing to do.
        break;
      case AS_private:
        // FIXME: Check if the current function/class is a friend.
        if (NoPrivileges || CurrentClassDecl != Element->Class)
          FoundInaccessibleBase = true;
        break;
      case AS_protected:
        // FIXME: Implement
        break;
      }

      if (FoundInaccessibleBase) {
        InaccessibleBase = Base;
        break;
      }
    }

    if (!FoundInaccessibleBase) {
      // We found a path to the base, our work here is done.
      return 0;
    }
  }

  assert(InaccessibleBase && "no path found, but no inaccessible base");
  return InaccessibleBase;
}

/// CheckBaseClassAccess - Check that a derived class can access its base class
/// and report an error if it can't. [class.access.base]
bool Sema::CheckBaseClassAccess(QualType Derived, QualType Base,
                                unsigned InaccessibleBaseID,
                                CXXBasePaths &Paths, SourceLocation AccessLoc,
                                DeclarationName Name) {

  if (!getLangOptions().AccessControl)
    return false;
  const CXXBaseSpecifier *InaccessibleBase = FindInaccessibleBase(
                                               Derived, Base, Paths);

  if (InaccessibleBase) {
    Diag(AccessLoc, InaccessibleBaseID)
      << Derived << Base << Name;

    AccessSpecifier AS = InaccessibleBase->getAccessSpecifierAsWritten();

    // If there's no written access specifier, then the inheritance specifier
    // is implicitly private.
    if (AS == AS_none)
      Diag(InaccessibleBase->getSourceRange().getBegin(),
           diag::note_inheritance_implicitly_private_here);
    else
      Diag(InaccessibleBase->getSourceRange().getBegin(),
           diag::note_inheritance_specifier_here) << AS;

    return true;
  }

  return false;
}

/// Diagnose the path which caused the given declaration to become
/// inaccessible.
static void DiagnoseAccessPath(Sema &S, const LookupResult &R, NamedDecl *D,
                               AccessSpecifier Access) {
  // Easy case: the decl's natural access determined its path access.
  if (Access == D->getAccess() || D->getAccess() == AS_private) {
    S.Diag(D->getLocation(), diag::note_access_natural)
      << (unsigned) (Access == AS_protected);
    return;
  }

  // TODO: flesh this out
  S.Diag(D->getLocation(), diag::note_access_constrained_by_path)
    << (unsigned) (Access == AS_protected);
}

/// Checks access to the given declaration in the current context.
///
/// \param R the means via which the access was made; must have a naming
///   class set
/// \param D the declaration accessed
/// \param Access the best access along any inheritance path from the
///   naming class to the declaration.  AS_none means the path is impossible
bool Sema::CheckAccess(const LookupResult &R, NamedDecl *D,
                       AccessSpecifier Access) {
  assert(R.getNamingClass() && "performing access check without naming class");

  // If the access path is public, it's accessible everywhere.
  if (Access == AS_public)
    return false;

  // If we're currently parsing a top-level declaration, delay
  // diagnostics.  This is the only case where parsing a declaration
  // can actually change our effective context for the purposes of
  // access control.
  if (CurContext->isFileContext() && ParsingDeclDepth) {
    DelayedDiagnostics.push_back(
        DelayedDiagnostic::makeAccess(R.getNameLoc(), D, Access,
                                      R.getNamingClass()));
    return false;
  }

  return CheckEffectiveAccess(CurContext, R, D, Access);
}

/// Checks access from the given effective context.
bool Sema::CheckEffectiveAccess(DeclContext *EffectiveContext,
                                const LookupResult &R,
                                NamedDecl *D, AccessSpecifier Access) {
  DeclContext *DC = EffectiveContext;
  while (isa<CXXRecordDecl>(DC) &&
         cast<CXXRecordDecl>(DC)->isAnonymousStructOrUnion())
    DC = DC->getParent();

  CXXRecordDecl *CurRecord;
  if (isa<CXXRecordDecl>(DC))
    CurRecord = cast<CXXRecordDecl>(DC);
  else if (isa<CXXMethodDecl>(DC))
    CurRecord = cast<CXXMethodDecl>(DC)->getParent();
  else {
    Diag(R.getNameLoc(), diag::err_access_outside_class)
      << (Access == AS_protected);
    DiagnoseAccessPath(*this, R, D, Access);
    return true;
  }

  CXXRecordDecl *NamingClass = R.getNamingClass();
  while (NamingClass->isAnonymousStructOrUnion())
    // This should be guaranteed by the fact that the decl has
    // non-public access.  If not, we should make it guaranteed!
    NamingClass = cast<CXXRecordDecl>(NamingClass);

  // White-list accesses from within the declaring class.
  if (Access != AS_none &&
      CurRecord->getCanonicalDecl() == NamingClass->getCanonicalDecl())
    return false;

  // Protected access.
  if (Access == AS_protected) {
    // FIXME: implement [class.protected]p1
    if (CurRecord->isDerivedFrom(NamingClass))
      return false;

    // FIXME: dependent classes
  }

  // FIXME: friends

  // Okay, it's a bad access, reject it.

  
  CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(D->getDeclContext());

  if (Access == AS_protected) {
    Diag(R.getNameLoc(), diag::err_access_protected)
      << Context.getTypeDeclType(DeclaringClass)
      << Context.getTypeDeclType(CurRecord);
    DiagnoseAccessPath(*this, R, D, Access);
    return true;
  }

  assert(Access == AS_private || Access == AS_none);
  Diag(R.getNameLoc(), diag::err_access_private)
    << Context.getTypeDeclType(DeclaringClass)
    << Context.getTypeDeclType(CurRecord);
  DiagnoseAccessPath(*this, R, D, Access);
  return true;
}

void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *Ctx) {
  NamedDecl *D = DD.AccessData.Decl;

  // Fake up a lookup result.
  LookupResult R(*this, D->getDeclName(), DD.Loc, LookupOrdinaryName);
  R.suppressDiagnostics();
  R.setNamingClass(DD.AccessData.NamingClass);

  // Pretend we did this from the context of the newly-parsed
  // declaration.
  DeclContext *EffectiveContext = Ctx->getDeclContext();

  if (CheckEffectiveAccess(EffectiveContext, R, D, DD.AccessData.Access))
    DD.Triggered = true;
}

bool Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E,
                                       NamedDecl *D, AccessSpecifier Access) {
  if (!getLangOptions().AccessControl || !E->getNamingClass())
    return false;

  // Fake up a lookup result.
  LookupResult R(*this, E->getName(), E->getNameLoc(), LookupOrdinaryName);
  R.suppressDiagnostics();

  R.setNamingClass(E->getNamingClass());
  R.addDecl(D, Access);

  // FIXME: protected check (triggers for member-address expressions)

  return CheckAccess(R, D, Access);
}

/// Perform access-control checking on a previously-unresolved member
/// access which has now been resolved to a member.
bool Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E,
                                       NamedDecl *D, AccessSpecifier Access) {
  if (!getLangOptions().AccessControl)
    return false;

  // Fake up a lookup result.
  LookupResult R(*this, E->getMemberName(), E->getMemberLoc(),
                 LookupOrdinaryName);
  R.suppressDiagnostics();

  R.setNamingClass(E->getNamingClass());
  R.addDecl(D, Access);

  if (CheckAccess(R, D, Access))
    return true;

  // FIXME: protected check

  return false;
}

/// Checks access to all the declarations in the given result set.
void Sema::CheckAccess(const LookupResult &R) {
  for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I)
    CheckAccess(R, *I, I.getAccess());
}
OpenPOWER on IntegriCloud