search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[docs] Fix build-docs.sh
[llvm-project.git] / clang / lib / Sema / SemaAccess.cpp
blob00d3efd19d7a2eceef7c8e7bc1c66aa8ba2a2b38
1 //===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file provides Sema routines for C++ access control semantics.
10 //
11 //===----------------------------------------------------------------------===//
12
13 #include "clang/Basic/Specifiers.h"
14 #include "clang/Sema/SemaInternal.h"
15 #include "clang/AST/ASTContext.h"
16 #include "clang/AST/CXXInheritance.h"
17 #include "clang/AST/DeclCXX.h"
18 #include "clang/AST/DeclFriend.h"
19 #include "clang/AST/DeclObjC.h"
20 #include "clang/AST/DependentDiagnostic.h"
21 #include "clang/AST/ExprCXX.h"
22 #include "clang/Sema/DelayedDiagnostic.h"
23 #include "clang/Sema/Initialization.h"
24 #include "clang/Sema/Lookup.h"
25
26 using namespace clang;
27 using namespace sema;
28
29 /// A copy of Sema's enum without AR_delayed.
30 enum AccessResult {
31 AR_accessible,
32 AR_inaccessible,
33 AR_dependent
34 };
35
36 /// SetMemberAccessSpecifier - Set the access specifier of a member.
37 /// Returns true on error (when the previous member decl access specifier
38 /// is different from the new member decl access specifier).
39 bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl,
40 NamedDecl *PrevMemberDecl,
41 AccessSpecifier LexicalAS) {
42 if (!PrevMemberDecl) {
43 // Use the lexical access specifier.
44 MemberDecl->setAccess(LexicalAS);
45 return false;
46 }
47
48 // C++ [class.access.spec]p3: When a member is redeclared its access
49 // specifier must be same as its initial declaration.
50 if (LexicalAS != AS_none && LexicalAS != PrevMemberDecl->getAccess()) {
51 Diag(MemberDecl->getLocation(),
52 diag::err_class_redeclared_with_different_access)
53 << MemberDecl << LexicalAS;
54 Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration)
55 << PrevMemberDecl << PrevMemberDecl->getAccess();
56
57 MemberDecl->setAccess(LexicalAS);
58 return true;
59 }
60
61 MemberDecl->setAccess(PrevMemberDecl->getAccess());
62 return false;
63 }
64
65 static CXXRecordDecl *FindDeclaringClass(NamedDecl *D) {
66 DeclContext *DC = D->getDeclContext();
67
68 // This can only happen at top: enum decls only "publish" their
69 // immediate members.
70 if (isa<EnumDecl>(DC))
71 DC = cast<EnumDecl>(DC)->getDeclContext();
72
73 CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(DC);
74 while (DeclaringClass->isAnonymousStructOrUnion())
75 DeclaringClass = cast<CXXRecordDecl>(DeclaringClass->getDeclContext());
76 return DeclaringClass;
77 }
78
79 namespace {
80 struct EffectiveContext {
81 EffectiveContext() : Inner(nullptr), Dependent(false) {}
82
83 explicit EffectiveContext(DeclContext *DC)
84 : Inner(DC),
85 Dependent(DC->isDependentContext()) {
86
87 // An implicit deduction guide is semantically in the context enclosing the
88 // class template, but for access purposes behaves like the constructor
89 // from which it was produced.
90 if (auto *DGD = dyn_cast<CXXDeductionGuideDecl>(DC)) {
91 if (DGD->isImplicit()) {
92 DC = DGD->getCorrespondingConstructor();
93 if (!DC) {
94 // The copy deduction candidate doesn't have a corresponding
95 // constructor.
96 DC = cast<DeclContext>(DGD->getDeducedTemplate()->getTemplatedDecl());
97 }
98 }
99 }
100
101 // C++11 [class.access.nest]p1:
102 // A nested class is a member and as such has the same access
103 // rights as any other member.
104 // C++11 [class.access]p2:
105 // A member of a class can also access all the names to which
106 // the class has access. A local class of a member function
107 // may access the same names that the member function itself
108 // may access.
109 // This almost implies that the privileges of nesting are transitive.
110 // Technically it says nothing about the local classes of non-member
111 // functions (which can gain privileges through friendship), but we
112 // take that as an oversight.
113 while (true) {
114 // We want to add canonical declarations to the EC lists for
115 // simplicity of checking, but we need to walk up through the
116 // actual current DC chain. Otherwise, something like a local
117 // extern or friend which happens to be the canonical
118 // declaration will really mess us up.
119
120 if (isa<CXXRecordDecl>(DC)) {
121 CXXRecordDecl *Record = cast<CXXRecordDecl>(DC);
122 Records.push_back(Record->getCanonicalDecl());
123 DC = Record->getDeclContext();
124 } else if (isa<FunctionDecl>(DC)) {
125 FunctionDecl *Function = cast<FunctionDecl>(DC);
126 Functions.push_back(Function->getCanonicalDecl());
127 if (Function->getFriendObjectKind())
128 DC = Function->getLexicalDeclContext();
129 else
130 DC = Function->getDeclContext();
131 } else if (DC->isFileContext()) {
132 break;
133 } else {
134 DC = DC->getParent();
135 }
136 }
137 }
138
139 bool isDependent() const { return Dependent; }
140
141 bool includesClass(const CXXRecordDecl *R) const {
142 R = R->getCanonicalDecl();
143 return llvm::is_contained(Records, R);
144 }
145
146 /// Retrieves the innermost "useful" context. Can be null if we're
147 /// doing access-control without privileges.
148 DeclContext *getInnerContext() const {
149 return Inner;
150 }
151
152 typedef SmallVectorImpl<CXXRecordDecl*>::const_iterator record_iterator;
153
154 DeclContext *Inner;
155 SmallVector<FunctionDecl*, 4> Functions;
156 SmallVector<CXXRecordDecl*, 4> Records;
157 bool Dependent;
158 };
159
160 /// Like sema::AccessedEntity, but kindly lets us scribble all over
161 /// it.
162 struct AccessTarget : public AccessedEntity {
163 AccessTarget(const AccessedEntity &Entity)
164 : AccessedEntity(Entity) {
165 initialize();
166 }
167
168 AccessTarget(ASTContext &Context,
169 MemberNonce _,
170 CXXRecordDecl *NamingClass,
171 DeclAccessPair FoundDecl,
172 QualType BaseObjectType)
173 : AccessedEntity(Context.getDiagAllocator(), Member, NamingClass,
174 FoundDecl, BaseObjectType) {
175 initialize();
176 }
177
178 AccessTarget(ASTContext &Context,
179 BaseNonce _,
180 CXXRecordDecl *BaseClass,
181 CXXRecordDecl *DerivedClass,
182 AccessSpecifier Access)
183 : AccessedEntity(Context.getDiagAllocator(), Base, BaseClass, DerivedClass,
184 Access) {
185 initialize();
186 }
187
188 bool isInstanceMember() const {
189 return (isMemberAccess() && getTargetDecl()->isCXXInstanceMember());
190 }
191
192 bool hasInstanceContext() const {
193 return HasInstanceContext;
194 }
195
196 class SavedInstanceContext {
197 public:
198 SavedInstanceContext(SavedInstanceContext &&S)
199 : Target(S.Target), Has(S.Has) {
200 S.Target = nullptr;
201 }
202 ~SavedInstanceContext() {
203 if (Target)
204 Target->HasInstanceContext = Has;
205 }
206
207 private:
208 friend struct AccessTarget;
209 explicit SavedInstanceContext(AccessTarget &Target)
210 : Target(&Target), Has(Target.HasInstanceContext) {}
211 AccessTarget *Target;
212 bool Has;
213 };
214
215 SavedInstanceContext saveInstanceContext() {
216 return SavedInstanceContext(*this);
217 }
218
219 void suppressInstanceContext() {
220 HasInstanceContext = false;
221 }
222
223 const CXXRecordDecl *resolveInstanceContext(Sema &S) const {
224 assert(HasInstanceContext);
225 if (CalculatedInstanceContext)
226 return InstanceContext;
227
228 CalculatedInstanceContext = true;
229 DeclContext *IC = S.computeDeclContext(getBaseObjectType());
230 InstanceContext = (IC ? cast<CXXRecordDecl>(IC)->getCanonicalDecl()
231 : nullptr);
232 return InstanceContext;
233 }
234
235 const CXXRecordDecl *getDeclaringClass() const {
236 return DeclaringClass;
237 }
238
239 /// The "effective" naming class is the canonical non-anonymous
240 /// class containing the actual naming class.
241 const CXXRecordDecl *getEffectiveNamingClass() const {
242 const CXXRecordDecl *namingClass = getNamingClass();
243 while (namingClass->isAnonymousStructOrUnion())
244 namingClass = cast<CXXRecordDecl>(namingClass->getParent());
245 return namingClass->getCanonicalDecl();
246 }
247
248 private:
249 void initialize() {
250 HasInstanceContext = (isMemberAccess() &&
251 !getBaseObjectType().isNull() &&
252 getTargetDecl()->isCXXInstanceMember());
253 CalculatedInstanceContext = false;
254 InstanceContext = nullptr;
255
256 if (isMemberAccess())
257 DeclaringClass = FindDeclaringClass(getTargetDecl());
258 else
259 DeclaringClass = getBaseClass();
260 DeclaringClass = DeclaringClass->getCanonicalDecl();
261 }
262
263 bool HasInstanceContext : 1;
264 mutable bool CalculatedInstanceContext : 1;
265 mutable const CXXRecordDecl *InstanceContext;
266 const CXXRecordDecl *DeclaringClass;
267 };
268
269 }
270
271 /// Checks whether one class might instantiate to the other.
272 static bool MightInstantiateTo(const CXXRecordDecl *From,
273 const CXXRecordDecl *To) {
274 // Declaration names are always preserved by instantiation.
275 if (From->getDeclName() != To->getDeclName())
276 return false;
277
278 const DeclContext *FromDC = From->getDeclContext()->getPrimaryContext();
279 const DeclContext *ToDC = To->getDeclContext()->getPrimaryContext();
280 if (FromDC == ToDC) return true;
281 if (FromDC->isFileContext() || ToDC->isFileContext()) return false;
282
283 // Be conservative.
284 return true;
285 }
286
287 /// Checks whether one class is derived from another, inclusively.
288 /// Properly indicates when it couldn't be determined due to
289 /// dependence.
290 ///
291 /// This should probably be donated to AST or at least Sema.
292 static AccessResult IsDerivedFromInclusive(const CXXRecordDecl *Derived,
293 const CXXRecordDecl *Target) {
294 assert(Derived->getCanonicalDecl() == Derived);
295 assert(Target->getCanonicalDecl() == Target);
296
297 if (Derived == Target) return AR_accessible;
298
299 bool CheckDependent = Derived->isDependentContext();
300 if (CheckDependent && MightInstantiateTo(Derived, Target))
301 return AR_dependent;
302
303 AccessResult OnFailure = AR_inaccessible;
304 SmallVector<const CXXRecordDecl*, 8> Queue; // actually a stack
305
306 while (true) {
307 if (Derived->isDependentContext() && !Derived->hasDefinition() &&
308 !Derived->isLambda())
309 return AR_dependent;
310
311 for (const auto &I : Derived->bases()) {
312 const CXXRecordDecl *RD;
313
314 QualType T = I.getType();
315 if (const RecordType *RT = T->getAs<RecordType>()) {
316 RD = cast<CXXRecordDecl>(RT->getDecl());
317 } else if (const InjectedClassNameType *IT
318 = T->getAs<InjectedClassNameType>()) {
319 RD = IT->getDecl();
320 } else {
321 assert(T->isDependentType() && "non-dependent base wasn't a record?");
322 OnFailure = AR_dependent;
323 continue;
324 }
325
326 RD = RD->getCanonicalDecl();
327 if (RD == Target) return AR_accessible;
328 if (CheckDependent && MightInstantiateTo(RD, Target))
329 OnFailure = AR_dependent;
330
331 Queue.push_back(RD);
332 }
333
334 if (Queue.empty()) break;
335
336 Derived = Queue.pop_back_val();
337 }
338
339 return OnFailure;
340 }
341
342
343 static bool MightInstantiateTo(Sema &S, DeclContext *Context,
344 DeclContext *Friend) {
345 if (Friend == Context)
346 return true;
347
348 assert(!Friend->isDependentContext() &&
349 "can't handle friends with dependent contexts here");
350
351 if (!Context->isDependentContext())
352 return false;
353
354 if (Friend->isFileContext())
355 return false;
356
357 // TODO: this is very conservative
358 return true;
359 }
360
361 // Asks whether the type in 'context' can ever instantiate to the type
362 // in 'friend'.
363 static bool MightInstantiateTo(Sema &S, CanQualType Context, CanQualType Friend) {
364 if (Friend == Context)
365 return true;
366
367 if (!Friend->isDependentType() && !Context->isDependentType())
368 return false;
369
370 // TODO: this is very conservative.
371 return true;
372 }
373
374 static bool MightInstantiateTo(Sema &S,
375 FunctionDecl *Context,
376 FunctionDecl *Friend) {
377 if (Context->getDeclName() != Friend->getDeclName())
378 return false;
379
380 if (!MightInstantiateTo(S,
381 Context->getDeclContext(),
382 Friend->getDeclContext()))
383 return false;
384
385 CanQual<FunctionProtoType> FriendTy
386 = S.Context.getCanonicalType(Friend->getType())
387 ->getAs<FunctionProtoType>();
388 CanQual<FunctionProtoType> ContextTy
389 = S.Context.getCanonicalType(Context->getType())
390 ->getAs<FunctionProtoType>();
391
392 // There isn't any way that I know of to add qualifiers
393 // during instantiation.
394 if (FriendTy.getQualifiers() != ContextTy.getQualifiers())
395 return false;
396
397 if (FriendTy->getNumParams() != ContextTy->getNumParams())
398 return false;
399
400 if (!MightInstantiateTo(S, ContextTy->getReturnType(),
401 FriendTy->getReturnType()))
402 return false;
403
404 for (unsigned I = 0, E = FriendTy->getNumParams(); I != E; ++I)
405 if (!MightInstantiateTo(S, ContextTy->getParamType(I),
406 FriendTy->getParamType(I)))
407 return false;
408
409 return true;
410 }
411
412 static bool MightInstantiateTo(Sema &S,
413 FunctionTemplateDecl *Context,
414 FunctionTemplateDecl *Friend) {
415 return MightInstantiateTo(S,
416 Context->getTemplatedDecl(),
417 Friend->getTemplatedDecl());
418 }
419
420 static AccessResult MatchesFriend(Sema &S,
421 const EffectiveContext &EC,
422 const CXXRecordDecl *Friend) {
423 if (EC.includesClass(Friend))
424 return AR_accessible;
425
426 if (EC.isDependent()) {
427 for (const CXXRecordDecl *Context : EC.Records) {
428 if (MightInstantiateTo(Context, Friend))
429 return AR_dependent;
430 }
431 }
432
433 return AR_inaccessible;
434 }
435
436 static AccessResult MatchesFriend(Sema &S,
437 const EffectiveContext &EC,
438 CanQualType Friend) {
439 if (const RecordType *RT = Friend->getAs<RecordType>())
440 return MatchesFriend(S, EC, cast<CXXRecordDecl>(RT->getDecl()));
441
442 // TODO: we can do better than this
443 if (Friend->isDependentType())
444 return AR_dependent;
445
446 return AR_inaccessible;
447 }
448
449 /// Determines whether the given friend class template matches
450 /// anything in the effective context.
451 static AccessResult MatchesFriend(Sema &S,
452 const EffectiveContext &EC,
453 ClassTemplateDecl *Friend) {
454 AccessResult OnFailure = AR_inaccessible;
455
456 // Check whether the friend is the template of a class in the
457 // context chain.
458 for (SmallVectorImpl<CXXRecordDecl*>::const_iterator
459 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
460 CXXRecordDecl *Record = *I;
461
462 // Figure out whether the current class has a template:
463 ClassTemplateDecl *CTD;
464
465 // A specialization of the template...
466 if (isa<ClassTemplateSpecializationDecl>(Record)) {
467 CTD = cast<ClassTemplateSpecializationDecl>(Record)
468 ->getSpecializedTemplate();
469
470 // ... or the template pattern itself.
471 } else {
472 CTD = Record->getDescribedClassTemplate();
473 if (!CTD) continue;
474 }
475
476 // It's a match.
477 if (Friend == CTD->getCanonicalDecl())
478 return AR_accessible;
479
480 // If the context isn't dependent, it can't be a dependent match.
481 if (!EC.isDependent())
482 continue;
483
484 // If the template names don't match, it can't be a dependent
485 // match.
486 if (CTD->getDeclName() != Friend->getDeclName())
487 continue;
488
489 // If the class's context can't instantiate to the friend's
490 // context, it can't be a dependent match.
491 if (!MightInstantiateTo(S, CTD->getDeclContext(),
492 Friend->getDeclContext()))
493 continue;
494
495 // Otherwise, it's a dependent match.
496 OnFailure = AR_dependent;
497 }
498
499 return OnFailure;
500 }
501
502 /// Determines whether the given friend function matches anything in
503 /// the effective context.
504 static AccessResult MatchesFriend(Sema &S,
505 const EffectiveContext &EC,
506 FunctionDecl *Friend) {
507 AccessResult OnFailure = AR_inaccessible;
508
509 for (SmallVectorImpl<FunctionDecl*>::const_iterator
510 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
511 if (Friend == *I)
512 return AR_accessible;
513
514 if (EC.isDependent() && MightInstantiateTo(S, *I, Friend))
515 OnFailure = AR_dependent;
516 }
517
518 return OnFailure;
519 }
520
521 /// Determines whether the given friend function template matches
522 /// anything in the effective context.
523 static AccessResult MatchesFriend(Sema &S,
524 const EffectiveContext &EC,
525 FunctionTemplateDecl *Friend) {
526 if (EC.Functions.empty()) return AR_inaccessible;
527
528 AccessResult OnFailure = AR_inaccessible;
529
530 for (SmallVectorImpl<FunctionDecl*>::const_iterator
531 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
532
533 FunctionTemplateDecl *FTD = (*I)->getPrimaryTemplate();
534 if (!FTD)
535 FTD = (*I)->getDescribedFunctionTemplate();
536 if (!FTD)
537 continue;
538
539 FTD = FTD->getCanonicalDecl();
540
541 if (Friend == FTD)
542 return AR_accessible;
543
544 if (EC.isDependent() && MightInstantiateTo(S, FTD, Friend))
545 OnFailure = AR_dependent;
546 }
547
548 return OnFailure;
549 }
550
551 /// Determines whether the given friend declaration matches anything
552 /// in the effective context.
553 static AccessResult MatchesFriend(Sema &S,
554 const EffectiveContext &EC,
555 FriendDecl *FriendD) {
556 // Whitelist accesses if there's an invalid or unsupported friend
557 // declaration.
558 if (FriendD->isInvalidDecl() || FriendD->isUnsupportedFriend())
559 return AR_accessible;
560
561 if (TypeSourceInfo *T = FriendD->getFriendType())
562 return MatchesFriend(S, EC, T->getType()->getCanonicalTypeUnqualified());
563
564 NamedDecl *Friend
565 = cast<NamedDecl>(FriendD->getFriendDecl()->getCanonicalDecl());
566
567 // FIXME: declarations with dependent or templated scope.
568
569 if (isa<ClassTemplateDecl>(Friend))
570 return MatchesFriend(S, EC, cast<ClassTemplateDecl>(Friend));
571
572 if (isa<FunctionTemplateDecl>(Friend))
573 return MatchesFriend(S, EC, cast<FunctionTemplateDecl>(Friend));
574
575 if (isa<CXXRecordDecl>(Friend))
576 return MatchesFriend(S, EC, cast<CXXRecordDecl>(Friend));
577
578 assert(isa<FunctionDecl>(Friend) && "unknown friend decl kind");
579 return MatchesFriend(S, EC, cast<FunctionDecl>(Friend));
580 }
581
582 static AccessResult GetFriendKind(Sema &S,
583 const EffectiveContext &EC,
584 const CXXRecordDecl *Class) {
585 AccessResult OnFailure = AR_inaccessible;
586
587 // Okay, check friends.
588 for (auto *Friend : Class->friends()) {
589 switch (MatchesFriend(S, EC, Friend)) {
590 case AR_accessible:
591 return AR_accessible;
592
593 case AR_inaccessible:
594 continue;
595
596 case AR_dependent:
597 OnFailure = AR_dependent;
598 break;
599 }
600 }
601
602 // That's it, give up.
603 return OnFailure;
604 }
605
606 namespace {
607
608 /// A helper class for checking for a friend which will grant access
609 /// to a protected instance member.
610 struct ProtectedFriendContext {
611 Sema &S;
612 const EffectiveContext &EC;
613 const CXXRecordDecl *NamingClass;
614 bool CheckDependent;
615 bool EverDependent;
616
617 /// The path down to the current base class.
618 SmallVector<const CXXRecordDecl*, 20> CurPath;
619
620 ProtectedFriendContext(Sema &S, const EffectiveContext &EC,
621 const CXXRecordDecl *InstanceContext,
622 const CXXRecordDecl *NamingClass)
623 : S(S), EC(EC), NamingClass(NamingClass),
624 CheckDependent(InstanceContext->isDependentContext() ||
625 NamingClass->isDependentContext()),
626 EverDependent(false) {}
627
628 /// Check classes in the current path for friendship, starting at
629 /// the given index.
630 bool checkFriendshipAlongPath(unsigned I) {
631 assert(I < CurPath.size());
632 for (unsigned E = CurPath.size(); I != E; ++I) {
633 switch (GetFriendKind(S, EC, CurPath[I])) {
634 case AR_accessible: return true;
635 case AR_inaccessible: continue;
636 case AR_dependent: EverDependent = true; continue;
637 }
638 }
639 return false;
640 }
641
642 /// Perform a search starting at the given class.
643 ///
644 /// PrivateDepth is the index of the last (least derived) class
645 /// along the current path such that a notional public member of
646 /// the final class in the path would have access in that class.
647 bool findFriendship(const CXXRecordDecl *Cur, unsigned PrivateDepth) {
648 // If we ever reach the naming class, check the current path for
649 // friendship. We can also stop recursing because we obviously
650 // won't find the naming class there again.
651 if (Cur == NamingClass)
652 return checkFriendshipAlongPath(PrivateDepth);
653
654 if (CheckDependent && MightInstantiateTo(Cur, NamingClass))
655 EverDependent = true;
656
657 // Recurse into the base classes.
658 for (const auto &I : Cur->bases()) {
659 // If this is private inheritance, then a public member of the
660 // base will not have any access in classes derived from Cur.
661 unsigned BasePrivateDepth = PrivateDepth;
662 if (I.getAccessSpecifier() == AS_private)
663 BasePrivateDepth = CurPath.size() - 1;
664
665 const CXXRecordDecl *RD;
666
667 QualType T = I.getType();
668 if (const RecordType *RT = T->getAs<RecordType>()) {
669 RD = cast<CXXRecordDecl>(RT->getDecl());
670 } else if (const InjectedClassNameType *IT
671 = T->getAs<InjectedClassNameType>()) {
672 RD = IT->getDecl();
673 } else {
674 assert(T->isDependentType() && "non-dependent base wasn't a record?");
675 EverDependent = true;
676 continue;
677 }
678
679 // Recurse. We don't need to clean up if this returns true.
680 CurPath.push_back(RD);
681 if (findFriendship(RD->getCanonicalDecl(), BasePrivateDepth))
682 return true;
683 CurPath.pop_back();
684 }
685
686 return false;
687 }
688
689 bool findFriendship(const CXXRecordDecl *Cur) {
690 assert(CurPath.empty());
691 CurPath.push_back(Cur);
692 return findFriendship(Cur, 0);
693 }
694 };
695 }
696
697 /// Search for a class P that EC is a friend of, under the constraint
698 /// InstanceContext <= P
699 /// if InstanceContext exists, or else
700 /// NamingClass <= P
701 /// and with the additional restriction that a protected member of
702 /// NamingClass would have some natural access in P, which implicitly
703 /// imposes the constraint that P <= NamingClass.
704 ///
705 /// This isn't quite the condition laid out in the standard.
706 /// Instead of saying that a notional protected member of NamingClass
707 /// would have to have some natural access in P, it says the actual
708 /// target has to have some natural access in P, which opens up the
709 /// possibility that the target (which is not necessarily a member
710 /// of NamingClass) might be more accessible along some path not
711 /// passing through it. That's really a bad idea, though, because it
712 /// introduces two problems:
713 /// - Most importantly, it breaks encapsulation because you can
714 /// access a forbidden base class's members by directly subclassing
715 /// it elsewhere.
716 /// - It also makes access substantially harder to compute because it
717 /// breaks the hill-climbing algorithm: knowing that the target is
718 /// accessible in some base class would no longer let you change
719 /// the question solely to whether the base class is accessible,
720 /// because the original target might have been more accessible
721 /// because of crazy subclassing.
722 /// So we don't implement that.
723 static AccessResult GetProtectedFriendKind(Sema &S, const EffectiveContext &EC,
724 const CXXRecordDecl *InstanceContext,
725 const CXXRecordDecl *NamingClass) {
726 assert(InstanceContext == nullptr ||
727 InstanceContext->getCanonicalDecl() == InstanceContext);
728 assert(NamingClass->getCanonicalDecl() == NamingClass);
729
730 // If we don't have an instance context, our constraints give us
731 // that NamingClass <= P <= NamingClass, i.e. P == NamingClass.
732 // This is just the usual friendship check.
733 if (!InstanceContext) return GetFriendKind(S, EC, NamingClass);
734
735 ProtectedFriendContext PRC(S, EC, InstanceContext, NamingClass);
736 if (PRC.findFriendship(InstanceContext)) return AR_accessible;
737 if (PRC.EverDependent) return AR_dependent;
738 return AR_inaccessible;
739 }
740
741 static AccessResult HasAccess(Sema &S,
742 const EffectiveContext &EC,
743 const CXXRecordDecl *NamingClass,
744 AccessSpecifier Access,
745 const AccessTarget &Target) {
746 assert(NamingClass->getCanonicalDecl() == NamingClass &&
747 "declaration should be canonicalized before being passed here");
748
749 if (Access == AS_public) return AR_accessible;
750 assert(Access == AS_private || Access == AS_protected);
751
752 AccessResult OnFailure = AR_inaccessible;
753
754 for (EffectiveContext::record_iterator
755 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
756 // All the declarations in EC have been canonicalized, so pointer
757 // equality from this point on will work fine.
758 const CXXRecordDecl *ECRecord = *I;
759
760 // [B2] and [M2]
761 if (Access == AS_private) {
762 if (ECRecord == NamingClass)
763 return AR_accessible;
764
765 if (EC.isDependent() && MightInstantiateTo(ECRecord, NamingClass))
766 OnFailure = AR_dependent;
767
768 // [B3] and [M3]
769 } else {
770 assert(Access == AS_protected);
771 switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
772 case AR_accessible: break;
773 case AR_inaccessible: continue;
774 case AR_dependent: OnFailure = AR_dependent; continue;
775 }
776
777 // C++ [class.protected]p1:
778 // An additional access check beyond those described earlier in
779 // [class.access] is applied when a non-static data member or
780 // non-static member function is a protected member of its naming
781 // class. As described earlier, access to a protected member is
782 // granted because the reference occurs in a friend or member of
783 // some class C. If the access is to form a pointer to member,
784 // the nested-name-specifier shall name C or a class derived from
785 // C. All other accesses involve a (possibly implicit) object
786 // expression. In this case, the class of the object expression
787 // shall be C or a class derived from C.
788 //
789 // We interpret this as a restriction on [M3].
790
791 // In this part of the code, 'C' is just our context class ECRecord.
792
793 // These rules are different if we don't have an instance context.
794 if (!Target.hasInstanceContext()) {
795 // If it's not an instance member, these restrictions don't apply.
796 if (!Target.isInstanceMember()) return AR_accessible;
797
798 // If it's an instance member, use the pointer-to-member rule
799 // that the naming class has to be derived from the effective
800 // context.
801
802 // Emulate a MSVC bug where the creation of pointer-to-member
803 // to protected member of base class is allowed but only from
804 // static member functions.
805 if (S.getLangOpts().MSVCCompat && !EC.Functions.empty())
806 if (CXXMethodDecl* MD = dyn_cast<CXXMethodDecl>(EC.Functions.front()))
807 if (MD->isStatic()) return AR_accessible;
808
809 // Despite the standard's confident wording, there is a case
810 // where you can have an instance member that's neither in a
811 // pointer-to-member expression nor in a member access: when
812 // it names a field in an unevaluated context that can't be an
813 // implicit member. Pending clarification, we just apply the
814 // same naming-class restriction here.
815 // FIXME: we're probably not correctly adding the
816 // protected-member restriction when we retroactively convert
817 // an expression to being evaluated.
818
819 // We know that ECRecord derives from NamingClass. The
820 // restriction says to check whether NamingClass derives from
821 // ECRecord, but that's not really necessary: two distinct
822 // classes can't be recursively derived from each other. So
823 // along this path, we just need to check whether the classes
824 // are equal.
825 if (NamingClass == ECRecord) return AR_accessible;
826
827 // Otherwise, this context class tells us nothing; on to the next.
828 continue;
829 }
830
831 assert(Target.isInstanceMember());
832
833 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
834 if (!InstanceContext) {
835 OnFailure = AR_dependent;
836 continue;
837 }
838
839 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
840 case AR_accessible: return AR_accessible;
841 case AR_inaccessible: continue;
842 case AR_dependent: OnFailure = AR_dependent; continue;
843 }
844 }
845 }
846
847 // [M3] and [B3] say that, if the target is protected in N, we grant
848 // access if the access occurs in a friend or member of some class P
849 // that's a subclass of N and where the target has some natural
850 // access in P. The 'member' aspect is easy to handle because P
851 // would necessarily be one of the effective-context records, and we
852 // address that above. The 'friend' aspect is completely ridiculous
853 // to implement because there are no restrictions at all on P
854 // *unless* the [class.protected] restriction applies. If it does,
855 // however, we should ignore whether the naming class is a friend,
856 // and instead rely on whether any potential P is a friend.
857 if (Access == AS_protected && Target.isInstanceMember()) {
858 // Compute the instance context if possible.
859 const CXXRecordDecl *InstanceContext = nullptr;
860 if (Target.hasInstanceContext()) {
861 InstanceContext = Target.resolveInstanceContext(S);
862 if (!InstanceContext) return AR_dependent;
863 }
864
865 switch (GetProtectedFriendKind(S, EC, InstanceContext, NamingClass)) {
866 case AR_accessible: return AR_accessible;
867 case AR_inaccessible: return OnFailure;
868 case AR_dependent: return AR_dependent;
869 }
870 llvm_unreachable("impossible friendship kind");
871 }
872
873 switch (GetFriendKind(S, EC, NamingClass)) {
874 case AR_accessible: return AR_accessible;
875 case AR_inaccessible: return OnFailure;
876 case AR_dependent: return AR_dependent;
877 }
878
879 // Silence bogus warnings
880 llvm_unreachable("impossible friendship kind");
881 }
882
883 /// Finds the best path from the naming class to the declaring class,
884 /// taking friend declarations into account.
885 ///
886 /// C++0x [class.access.base]p5:
887 /// A member m is accessible at the point R when named in class N if
888 /// [M1] m as a member of N is public, or
889 /// [M2] m as a member of N is private, and R occurs in a member or
890 /// friend of class N, or
891 /// [M3] m as a member of N is protected, and R occurs in a member or
892 /// friend of class N, or in a member or friend of a class P
893 /// derived from N, where m as a member of P is public, private,
894 /// or protected, or
895 /// [M4] there exists a base class B of N that is accessible at R, and
896 /// m is accessible at R when named in class B.
897 ///
898 /// C++0x [class.access.base]p4:
899 /// A base class B of N is accessible at R, if
900 /// [B1] an invented public member of B would be a public member of N, or
901 /// [B2] R occurs in a member or friend of class N, and an invented public
902 /// member of B would be a private or protected member of N, or
903 /// [B3] R occurs in a member or friend of a class P derived from N, and an
904 /// invented public member of B would be a private or protected member
905 /// of P, or
906 /// [B4] there exists a class S such that B is a base class of S accessible
907 /// at R and S is a base class of N accessible at R.
908 ///
909 /// Along a single inheritance path we can restate both of these
910 /// iteratively:
911 ///
912 /// First, we note that M1-4 are equivalent to B1-4 if the member is
913 /// treated as a notional base of its declaring class with inheritance
914 /// access equivalent to the member's access. Therefore we need only
915 /// ask whether a class B is accessible from a class N in context R.
916 ///
917 /// Let B_1 .. B_n be the inheritance path in question (i.e. where
918 /// B_1 = N, B_n = B, and for all i, B_{i+1} is a direct base class of
919 /// B_i). For i in 1..n, we will calculate ACAB(i), the access to the
920 /// closest accessible base in the path:
921 /// Access(a, b) = (* access on the base specifier from a to b *)
922 /// Merge(a, forbidden) = forbidden
923 /// Merge(a, private) = forbidden
924 /// Merge(a, b) = min(a,b)
925 /// Accessible(c, forbidden) = false
926 /// Accessible(c, private) = (R is c) || IsFriend(c, R)
927 /// Accessible(c, protected) = (R derived from c) || IsFriend(c, R)
928 /// Accessible(c, public) = true
929 /// ACAB(n) = public
930 /// ACAB(i) =
931 /// let AccessToBase = Merge(Access(B_i, B_{i+1}), ACAB(i+1)) in
932 /// if Accessible(B_i, AccessToBase) then public else AccessToBase
933 ///
934 /// B is an accessible base of N at R iff ACAB(1) = public.
935 ///
936 /// \param FinalAccess the access of the "final step", or AS_public if
937 /// there is no final step.
938 /// \return null if friendship is dependent
939 static CXXBasePath *FindBestPath(Sema &S,
940 const EffectiveContext &EC,
941 AccessTarget &Target,
942 AccessSpecifier FinalAccess,
943 CXXBasePaths &Paths) {
944 // Derive the paths to the desired base.
945 const CXXRecordDecl *Derived = Target.getNamingClass();
946 const CXXRecordDecl *Base = Target.getDeclaringClass();
947
948 // FIXME: fail correctly when there are dependent paths.
949 bool isDerived = Derived->isDerivedFrom(const_cast<CXXRecordDecl*>(Base),
950 Paths);
951 assert(isDerived && "derived class not actually derived from base");
952 (void) isDerived;
953
954 CXXBasePath *BestPath = nullptr;
955
956 assert(FinalAccess != AS_none && "forbidden access after declaring class");
957
958 bool AnyDependent = false;
959
960 // Derive the friend-modified access along each path.
961 for (CXXBasePaths::paths_iterator PI = Paths.begin(), PE = Paths.end();
962 PI != PE; ++PI) {
963 AccessTarget::SavedInstanceContext _ = Target.saveInstanceContext();
964
965 // Walk through the path backwards.
966 AccessSpecifier PathAccess = FinalAccess;
967 CXXBasePath::iterator I = PI->end(), E = PI->begin();
968 while (I != E) {
969 --I;
970
971 assert(PathAccess != AS_none);
972
973 // If the declaration is a private member of a base class, there
974 // is no level of friendship in derived classes that can make it
975 // accessible.
976 if (PathAccess == AS_private) {
977 PathAccess = AS_none;
978 break;
979 }
980
981 const CXXRecordDecl *NC = I->Class->getCanonicalDecl();
982
983 AccessSpecifier BaseAccess = I->Base->getAccessSpecifier();
984 PathAccess = std::max(PathAccess, BaseAccess);
985
986 switch (HasAccess(S, EC, NC, PathAccess, Target)) {
987 case AR_inaccessible: break;
988 case AR_accessible:
989 PathAccess = AS_public;
990
991 // Future tests are not against members and so do not have
992 // instance context.
993 Target.suppressInstanceContext();
994 break;
995 case AR_dependent:
996 AnyDependent = true;
997 goto Next;
998 }
999 }
1000
1001 // Note that we modify the path's Access field to the
1002 // friend-modified access.
1003 if (BestPath == nullptr || PathAccess < BestPath->Access) {
1004 BestPath = &*PI;
1005 BestPath->Access = PathAccess;
1006
1007 // Short-circuit if we found a public path.
1008 if (BestPath->Access == AS_public)
1009 return BestPath;
1010 }
1011
1012 Next: ;
1013 }
1014
1015 assert((!BestPath || BestPath->Access != AS_public) &&
1016 "fell out of loop with public path");
1017
1018 // We didn't find a public path, but at least one path was subject
1019 // to dependent friendship, so delay the check.
1020 if (AnyDependent)
1021 return nullptr;
1022
1023 return BestPath;
1024 }
1025
1026 /// Given that an entity has protected natural access, check whether
1027 /// access might be denied because of the protected member access
1028 /// restriction.
1029 ///
1030 /// \return true if a note was emitted
1031 static bool TryDiagnoseProtectedAccess(Sema &S, const EffectiveContext &EC,
1032 AccessTarget &Target) {
1033 // Only applies to instance accesses.
1034 if (!Target.isInstanceMember())
1035 return false;
1036
1037 assert(Target.isMemberAccess());
1038
1039 const CXXRecordDecl *NamingClass = Target.getEffectiveNamingClass();
1040
1041 for (EffectiveContext::record_iterator
1042 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
1043 const CXXRecordDecl *ECRecord = *I;
1044 switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
1045 case AR_accessible: break;
1046 case AR_inaccessible: continue;
1047 case AR_dependent: continue;
1048 }
1049
1050 // The effective context is a subclass of the declaring class.
1051 // Check whether the [class.protected] restriction is limiting
1052 // access.
1053
1054 // To get this exactly right, this might need to be checked more
1055 // holistically; it's not necessarily the case that gaining
1056 // access here would grant us access overall.
1057
1058 NamedDecl *D = Target.getTargetDecl();
1059
1060 // If we don't have an instance context, [class.protected] says the
1061 // naming class has to equal the context class.
1062 if (!Target.hasInstanceContext()) {
1063 // If it does, the restriction doesn't apply.
1064 if (NamingClass == ECRecord) continue;
1065
1066 // TODO: it would be great to have a fixit here, since this is
1067 // such an obvious error.
1068 S.Diag(D->getLocation(), diag::note_access_protected_restricted_noobject)
1069 << S.Context.getTypeDeclType(ECRecord);
1070 return true;
1071 }
1072
1073 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
1074 assert(InstanceContext && "diagnosing dependent access");
1075
1076 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
1077 case AR_accessible: continue;
1078 case AR_dependent: continue;
1079 case AR_inaccessible:
1080 break;
1081 }
1082
1083 // Okay, the restriction seems to be what's limiting us.
1084
1085 // Use a special diagnostic for constructors and destructors.
1086 if (isa<CXXConstructorDecl>(D) || isa<CXXDestructorDecl>(D) ||
1087 (isa<FunctionTemplateDecl>(D) &&
1088 isa<CXXConstructorDecl>(
1089 cast<FunctionTemplateDecl>(D)->getTemplatedDecl()))) {
1090 return S.Diag(D->getLocation(),
1091 diag::note_access_protected_restricted_ctordtor)
1092 << isa<CXXDestructorDecl>(D->getAsFunction());
1093 }
1094
1095 // Otherwise, use the generic diagnostic.
1096 return S.Diag(D->getLocation(),
1097 diag::note_access_protected_restricted_object)
1098 << S.Context.getTypeDeclType(ECRecord);
1099 }
1100
1101 return false;
1102 }
1103
1104 /// We are unable to access a given declaration due to its direct
1105 /// access control; diagnose that.
1106 static void diagnoseBadDirectAccess(Sema &S,
1107 const EffectiveContext &EC,
1108 AccessTarget &entity) {
1109 assert(entity.isMemberAccess());
1110 NamedDecl *D = entity.getTargetDecl();
1111
1112 if (D->getAccess() == AS_protected &&
1113 TryDiagnoseProtectedAccess(S, EC, entity))
1114 return;
1115
1116 // Find an original declaration.
1117 while (D->isOutOfLine()) {
1118 NamedDecl *PrevDecl = nullptr;
1119 if (VarDecl *VD = dyn_cast<VarDecl>(D))
1120 PrevDecl = VD->getPreviousDecl();
1121 else if (FunctionDecl *FD = dyn_cast<FunctionDecl>(D))
1122 PrevDecl = FD->getPreviousDecl();
1123 else if (TypedefNameDecl *TND = dyn_cast<TypedefNameDecl>(D))
1124 PrevDecl = TND->getPreviousDecl();
1125 else if (TagDecl *TD = dyn_cast<TagDecl>(D)) {
1126 if (isa<RecordDecl>(D) && cast<RecordDecl>(D)->isInjectedClassName())
1127 break;
1128 PrevDecl = TD->getPreviousDecl();
1129 }
1130 if (!PrevDecl) break;
1131 D = PrevDecl;
1132 }
1133
1134 CXXRecordDecl *DeclaringClass = FindDeclaringClass(D);
1135 Decl *ImmediateChild;
1136 if (D->getDeclContext() == DeclaringClass)
1137 ImmediateChild = D;
1138 else {
1139 DeclContext *DC = D->getDeclContext();
1140 while (DC->getParent() != DeclaringClass)
1141 DC = DC->getParent();
1142 ImmediateChild = cast<Decl>(DC);
1143 }
1144
1145 // Check whether there's an AccessSpecDecl preceding this in the
1146 // chain of the DeclContext.
1147 bool isImplicit = true;
1148 for (const auto *I : DeclaringClass->decls()) {
1149 if (I == ImmediateChild) break;
1150 if (isa<AccessSpecDecl>(I)) {
1151 isImplicit = false;
1152 break;
1153 }
1154 }
1155
1156 S.Diag(D->getLocation(), diag::note_access_natural)
1157 << (unsigned) (D->getAccess() == AS_protected)
1158 << isImplicit;
1159 }
1160
1161 /// Diagnose the path which caused the given declaration or base class
1162 /// to become inaccessible.
1163 static void DiagnoseAccessPath(Sema &S,
1164 const EffectiveContext &EC,
1165 AccessTarget &entity) {
1166 // Save the instance context to preserve invariants.
1167 AccessTarget::SavedInstanceContext _ = entity.saveInstanceContext();
1168
1169 // This basically repeats the main algorithm but keeps some more
1170 // information.
1171
1172 // The natural access so far.
1173 AccessSpecifier accessSoFar = AS_public;
1174
1175 // Check whether we have special rights to the declaring class.
1176 if (entity.isMemberAccess()) {
1177 NamedDecl *D = entity.getTargetDecl();
1178 accessSoFar = D->getAccess();
1179 const CXXRecordDecl *declaringClass = entity.getDeclaringClass();
1180
1181 switch (HasAccess(S, EC, declaringClass, accessSoFar, entity)) {
1182 // If the declaration is accessible when named in its declaring
1183 // class, then we must be constrained by the path.
1184 case AR_accessible:
1185 accessSoFar = AS_public;
1186 entity.suppressInstanceContext();
1187 break;
1188
1189 case AR_inaccessible:
1190 if (accessSoFar == AS_private ||
1191 declaringClass == entity.getEffectiveNamingClass())
1192 return diagnoseBadDirectAccess(S, EC, entity);
1193 break;
1194
1195 case AR_dependent:
1196 llvm_unreachable("cannot diagnose dependent access");
1197 }
1198 }
1199
1200 CXXBasePaths paths;
1201 CXXBasePath &path = *FindBestPath(S, EC, entity, accessSoFar, paths);
1202 assert(path.Access != AS_public);
1203
1204 CXXBasePath::iterator i = path.end(), e = path.begin();
1205 CXXBasePath::iterator constrainingBase = i;
1206 while (i != e) {
1207 --i;
1208
1209 assert(accessSoFar != AS_none && accessSoFar != AS_private);
1210
1211 // Is the entity accessible when named in the deriving class, as
1212 // modified by the base specifier?
1213 const CXXRecordDecl *derivingClass = i->Class->getCanonicalDecl();
1214 const CXXBaseSpecifier *base = i->Base;
1215
1216 // If the access to this base is worse than the access we have to
1217 // the declaration, remember it.
1218 AccessSpecifier baseAccess = base->getAccessSpecifier();
1219 if (baseAccess > accessSoFar) {
1220 constrainingBase = i;
1221 accessSoFar = baseAccess;
1222 }
1223
1224 switch (HasAccess(S, EC, derivingClass, accessSoFar, entity)) {
1225 case AR_inaccessible: break;
1226 case AR_accessible:
1227 accessSoFar = AS_public;
1228 entity.suppressInstanceContext();
1229 constrainingBase = nullptr;
1230 break;
1231 case AR_dependent:
1232 llvm_unreachable("cannot diagnose dependent access");
1233 }
1234
1235 // If this was private inheritance, but we don't have access to
1236 // the deriving class, we're done.
1237 if (accessSoFar == AS_private) {
1238 assert(baseAccess == AS_private);
1239 assert(constrainingBase == i);
1240 break;
1241 }
1242 }
1243
1244 // If we don't have a constraining base, the access failure must be
1245 // due to the original declaration.
1246 if (constrainingBase == path.end())
1247 return diagnoseBadDirectAccess(S, EC, entity);
1248
1249 // We're constrained by inheritance, but we want to say
1250 // "declared private here" if we're diagnosing a hierarchy
1251 // conversion and this is the final step.
1252 unsigned diagnostic;
1253 if (entity.isMemberAccess() ||
1254 constrainingBase + 1 != path.end()) {
1255 diagnostic = diag::note_access_constrained_by_path;
1256 } else {
1257 diagnostic = diag::note_access_natural;
1258 }
1259
1260 const CXXBaseSpecifier *base = constrainingBase->Base;
1261
1262 S.Diag(base->getSourceRange().getBegin(), diagnostic)
1263 << base->getSourceRange()
1264 << (base->getAccessSpecifier() == AS_protected)
1265 << (base->getAccessSpecifierAsWritten() == AS_none);
1266
1267 if (entity.isMemberAccess())
1268 S.Diag(entity.getTargetDecl()->getLocation(),
1269 diag::note_member_declared_at);
1270 }
1271
1272 static void DiagnoseBadAccess(Sema &S, SourceLocation Loc,
1273 const EffectiveContext &EC,
1274 AccessTarget &Entity) {
1275 const CXXRecordDecl *NamingClass = Entity.getNamingClass();
1276 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1277 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : nullptr);
1278
1279 S.Diag(Loc, Entity.getDiag())
1280 << (Entity.getAccess() == AS_protected)
1281 << (D ? D->getDeclName() : DeclarationName())
1282 << S.Context.getTypeDeclType(NamingClass)
1283 << S.Context.getTypeDeclType(DeclaringClass);
1284 DiagnoseAccessPath(S, EC, Entity);
1285 }
1286
1287 /// MSVC has a bug where if during an using declaration name lookup,
1288 /// the declaration found is unaccessible (private) and that declaration
1289 /// was bring into scope via another using declaration whose target
1290 /// declaration is accessible (public) then no error is generated.
1291 /// Example:
1292 /// class A {
1293 /// public:
1294 /// int f();
1295 /// };
1296 /// class B : public A {
1297 /// private:
1298 /// using A::f;
1299 /// };
1300 /// class C : public B {
1301 /// private:
1302 /// using B::f;
1303 /// };
1304 ///
1305 /// Here, B::f is private so this should fail in Standard C++, but
1306 /// because B::f refers to A::f which is public MSVC accepts it.
1307 static bool IsMicrosoftUsingDeclarationAccessBug(Sema& S,
1308 SourceLocation AccessLoc,
1309 AccessTarget &Entity) {
1310 if (UsingShadowDecl *Shadow =
1311 dyn_cast<UsingShadowDecl>(Entity.getTargetDecl()))
1312 if (UsingDecl *UD = dyn_cast<UsingDecl>(Shadow->getIntroducer())) {
1313 const NamedDecl *OrigDecl = Entity.getTargetDecl()->getUnderlyingDecl();
1314 if (Entity.getTargetDecl()->getAccess() == AS_private &&
1315 (OrigDecl->getAccess() == AS_public ||
1316 OrigDecl->getAccess() == AS_protected)) {
1317 S.Diag(AccessLoc, diag::ext_ms_using_declaration_inaccessible)
1318 << UD->getQualifiedNameAsString()
1319 << OrigDecl->getQualifiedNameAsString();
1320 return true;
1321 }
1322 }
1323 return false;
1324 }
1325
1326 /// Determines whether the accessed entity is accessible. Public members
1327 /// have been weeded out by this point.
1328 static AccessResult IsAccessible(Sema &S,
1329 const EffectiveContext &EC,
1330 AccessTarget &Entity) {
1331 // Determine the actual naming class.
1332 const CXXRecordDecl *NamingClass = Entity.getEffectiveNamingClass();
1333
1334 AccessSpecifier UnprivilegedAccess = Entity.getAccess();
1335 assert(UnprivilegedAccess != AS_public && "public access not weeded out");
1336
1337 // Before we try to recalculate access paths, try to white-list
1338 // accesses which just trade in on the final step, i.e. accesses
1339 // which don't require [M4] or [B4]. These are by far the most
1340 // common forms of privileged access.
1341 if (UnprivilegedAccess != AS_none) {
1342 switch (HasAccess(S, EC, NamingClass, UnprivilegedAccess, Entity)) {
1343 case AR_dependent:
1344 // This is actually an interesting policy decision. We don't
1345 // *have* to delay immediately here: we can do the full access
1346 // calculation in the hope that friendship on some intermediate
1347 // class will make the declaration accessible non-dependently.
1348 // But that's not cheap, and odds are very good (note: assertion
1349 // made without data) that the friend declaration will determine
1350 // access.
1351 return AR_dependent;
1352
1353 case AR_accessible: return AR_accessible;
1354 case AR_inaccessible: break;
1355 }
1356 }
1357
1358 AccessTarget::SavedInstanceContext _ = Entity.saveInstanceContext();
1359
1360 // We lower member accesses to base accesses by pretending that the
1361 // member is a base class of its declaring class.
1362 AccessSpecifier FinalAccess;
1363
1364 if (Entity.isMemberAccess()) {
1365 // Determine if the declaration is accessible from EC when named
1366 // in its declaring class.
1367 NamedDecl *Target = Entity.getTargetDecl();
1368 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1369
1370 FinalAccess = Target->getAccess();
1371 switch (HasAccess(S, EC, DeclaringClass, FinalAccess, Entity)) {
1372 case AR_accessible:
1373 // Target is accessible at EC when named in its declaring class.
1374 // We can now hill-climb and simply check whether the declaring
1375 // class is accessible as a base of the naming class. This is
1376 // equivalent to checking the access of a notional public
1377 // member with no instance context.
1378 FinalAccess = AS_public;
1379 Entity.suppressInstanceContext();
1380 break;
1381 case AR_inaccessible: break;
1382 case AR_dependent: return AR_dependent; // see above
1383 }
1384
1385 if (DeclaringClass == NamingClass)
1386 return (FinalAccess == AS_public ? AR_accessible : AR_inaccessible);
1387 } else {
1388 FinalAccess = AS_public;
1389 }
1390
1391 assert(Entity.getDeclaringClass() != NamingClass);
1392
1393 // Append the declaration's access if applicable.
1394 CXXBasePaths Paths;
1395 CXXBasePath *Path = FindBestPath(S, EC, Entity, FinalAccess, Paths);
1396 if (!Path)
1397 return AR_dependent;
1398
1399 assert(Path->Access <= UnprivilegedAccess &&
1400 "access along best path worse than direct?");
1401 if (Path->Access == AS_public)
1402 return AR_accessible;
1403 return AR_inaccessible;
1404 }
1405
1406 static void DelayDependentAccess(Sema &S,
1407 const EffectiveContext &EC,
1408 SourceLocation Loc,
1409 const AccessTarget &Entity) {
1410 assert(EC.isDependent() && "delaying non-dependent access");
1411 DeclContext *DC = EC.getInnerContext();
1412 assert(DC->isDependentContext() && "delaying non-dependent access");
1413 DependentDiagnostic::Create(S.Context, DC, DependentDiagnostic::Access,
1414 Loc,
1415 Entity.isMemberAccess(),
1416 Entity.getAccess(),
1417 Entity.getTargetDecl(),
1418 Entity.getNamingClass(),
1419 Entity.getBaseObjectType(),
1420 Entity.getDiag());
1421 }
1422
1423 /// Checks access to an entity from the given effective context.
1424 static AccessResult CheckEffectiveAccess(Sema &S,
1425 const EffectiveContext &EC,
1426 SourceLocation Loc,
1427 AccessTarget &Entity) {
1428 assert(Entity.getAccess() != AS_public && "called for public access!");
1429
1430 switch (IsAccessible(S, EC, Entity)) {
1431 case AR_dependent:
1432 DelayDependentAccess(S, EC, Loc, Entity);
1433 return AR_dependent;
1434
1435 case AR_inaccessible:
1436 if (S.getLangOpts().MSVCCompat &&
1437 IsMicrosoftUsingDeclarationAccessBug(S, Loc, Entity))
1438 return AR_accessible;
1439 if (!Entity.isQuiet())
1440 DiagnoseBadAccess(S, Loc, EC, Entity);
1441 return AR_inaccessible;
1442
1443 case AR_accessible:
1444 return AR_accessible;
1445 }
1446
1447 // silence unnecessary warning
1448 llvm_unreachable("invalid access result");
1449 }
1450
1451 static Sema::AccessResult CheckAccess(Sema &S, SourceLocation Loc,
1452 AccessTarget &Entity) {
1453 // If the access path is public, it's accessible everywhere.
1454 if (Entity.getAccess() == AS_public)
1455 return Sema::AR_accessible;
1456
1457 // If we're currently parsing a declaration, we may need to delay
1458 // access control checking, because our effective context might be
1459 // different based on what the declaration comes out as.
1460 //
1461 // For example, we might be parsing a declaration with a scope
1462 // specifier, like this:
1463 // A::private_type A::foo() { ... }
1464 //
1465 // Or we might be parsing something that will turn out to be a friend:
1466 // void foo(A::private_type);
1467 // void B::foo(A::private_type);
1468 if (S.DelayedDiagnostics.shouldDelayDiagnostics()) {
1469 S.DelayedDiagnostics.add(DelayedDiagnostic::makeAccess(Loc, Entity));
1470 return Sema::AR_delayed;
1471 }
1472
1473 EffectiveContext EC(S.CurContext);
1474 switch (CheckEffectiveAccess(S, EC, Loc, Entity)) {
1475 case AR_accessible: return Sema::AR_accessible;
1476 case AR_inaccessible: return Sema::AR_inaccessible;
1477 case AR_dependent: return Sema::AR_dependent;
1478 }
1479 llvm_unreachable("invalid access result");
1480 }
1481
1482 void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *D) {
1483 // Access control for names used in the declarations of functions
1484 // and function templates should normally be evaluated in the context
1485 // of the declaration, just in case it's a friend of something.
1486 // However, this does not apply to local extern declarations.
1487
1488 DeclContext *DC = D->getDeclContext();
1489 if (D->isLocalExternDecl()) {
1490 DC = D->getLexicalDeclContext();
1491 } else if (FunctionDecl *FN = dyn_cast<FunctionDecl>(D)) {
1492 DC = FN;
1493 } else if (TemplateDecl *TD = dyn_cast<TemplateDecl>(D)) {
1494 if (isa<DeclContext>(TD->getTemplatedDecl()))
1495 DC = cast<DeclContext>(TD->getTemplatedDecl());
1496 }
1497
1498 EffectiveContext EC(DC);
1499
1500 AccessTarget Target(DD.getAccessData());
1501
1502 if (CheckEffectiveAccess(*this, EC, DD.Loc, Target) == ::AR_inaccessible)
1503 DD.Triggered = true;
1504 }
1505
1506 void Sema::HandleDependentAccessCheck(const DependentDiagnostic &DD,
1507 const MultiLevelTemplateArgumentList &TemplateArgs) {
1508 SourceLocation Loc = DD.getAccessLoc();
1509 AccessSpecifier Access = DD.getAccess();
1510
1511 Decl *NamingD = FindInstantiatedDecl(Loc, DD.getAccessNamingClass(),
1512 TemplateArgs);
1513 if (!NamingD) return;
1514 Decl *TargetD = FindInstantiatedDecl(Loc, DD.getAccessTarget(),
1515 TemplateArgs);
1516 if (!TargetD) return;
1517
1518 if (DD.isAccessToMember()) {
1519 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(NamingD);
1520 NamedDecl *TargetDecl = cast<NamedDecl>(TargetD);
1521 QualType BaseObjectType = DD.getAccessBaseObjectType();
1522 if (!BaseObjectType.isNull()) {
1523 BaseObjectType = SubstType(BaseObjectType, TemplateArgs, Loc,
1524 DeclarationName());
1525 if (BaseObjectType.isNull()) return;
1526 }
1527
1528 AccessTarget Entity(Context,
1529 AccessTarget::Member,
1530 NamingClass,
1531 DeclAccessPair::make(TargetDecl, Access),
1532 BaseObjectType);
1533 Entity.setDiag(DD.getDiagnostic());
1534 CheckAccess(*this, Loc, Entity);
1535 } else {
1536 AccessTarget Entity(Context,
1537 AccessTarget::Base,
1538 cast<CXXRecordDecl>(TargetD),
1539 cast<CXXRecordDecl>(NamingD),
1540 Access);
1541 Entity.setDiag(DD.getDiagnostic());
1542 CheckAccess(*this, Loc, Entity);
1543 }
1544 }
1545
1546 Sema::AccessResult Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E,
1547 DeclAccessPair Found) {
1548 if (!getLangOpts().AccessControl ||
1549 !E->getNamingClass() ||
1550 Found.getAccess() == AS_public)
1551 return AR_accessible;
1552
1553 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1554 Found, QualType());
1555 Entity.setDiag(diag::err_access) << E->getSourceRange();
1556
1557 return CheckAccess(*this, E->getNameLoc(), Entity);
1558 }
1559
1560 /// Perform access-control checking on a previously-unresolved member
1561 /// access which has now been resolved to a member.
1562 Sema::AccessResult Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E,
1563 DeclAccessPair Found) {
1564 if (!getLangOpts().AccessControl ||
1565 Found.getAccess() == AS_public)
1566 return AR_accessible;
1567
1568 QualType BaseType = E->getBaseType();
1569 if (E->isArrow())
1570 BaseType = BaseType->castAs<PointerType>()->getPointeeType();
1571
1572 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1573 Found, BaseType);
1574 Entity.setDiag(diag::err_access) << E->getSourceRange();
1575
1576 return CheckAccess(*this, E->getMemberLoc(), Entity);
1577 }
1578
1579 /// Is the given member accessible for the purposes of deciding whether to
1580 /// define a special member function as deleted?
1581 bool Sema::isMemberAccessibleForDeletion(CXXRecordDecl *NamingClass,
1582 DeclAccessPair Found,
1583 QualType ObjectType,
1584 SourceLocation Loc,
1585 const PartialDiagnostic &Diag) {
1586 // Fast path.
1587 if (Found.getAccess() == AS_public || !getLangOpts().AccessControl)
1588 return true;
1589
1590 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1591 ObjectType);
1592
1593 // Suppress diagnostics.
1594 Entity.setDiag(Diag);
1595
1596 switch (CheckAccess(*this, Loc, Entity)) {
1597 case AR_accessible: return true;
1598 case AR_inaccessible: return false;
1599 case AR_dependent: llvm_unreachable("dependent for =delete computation");
1600 case AR_delayed: llvm_unreachable("cannot delay =delete computation");
1601 }
1602 llvm_unreachable("bad access result");
1603 }
1604
1605 Sema::AccessResult Sema::CheckDestructorAccess(SourceLocation Loc,
1606 CXXDestructorDecl *Dtor,
1607 const PartialDiagnostic &PDiag,
1608 QualType ObjectTy) {
1609 if (!getLangOpts().AccessControl)
1610 return AR_accessible;
1611
1612 // There's never a path involved when checking implicit destructor access.
1613 AccessSpecifier Access = Dtor->getAccess();
1614 if (Access == AS_public)
1615 return AR_accessible;
1616
1617 CXXRecordDecl *NamingClass = Dtor->getParent();
1618 if (ObjectTy.isNull()) ObjectTy = Context.getTypeDeclType(NamingClass);
1619
1620 AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1621 DeclAccessPair::make(Dtor, Access),
1622 ObjectTy);
1623 Entity.setDiag(PDiag); // TODO: avoid copy
1624
1625 return CheckAccess(*this, Loc, Entity);
1626 }
1627
1628 /// Checks access to a constructor.
1629 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1630 CXXConstructorDecl *Constructor,
1631 DeclAccessPair Found,
1632 const InitializedEntity &Entity,
1633 bool IsCopyBindingRefToTemp) {
1634 if (!getLangOpts().AccessControl || Found.getAccess() == AS_public)
1635 return AR_accessible;
1636
1637 PartialDiagnostic PD(PDiag());
1638 switch (Entity.getKind()) {
1639 default:
1640 PD = PDiag(IsCopyBindingRefToTemp
1641 ? diag::ext_rvalue_to_reference_access_ctor
1642 : diag::err_access_ctor);
1643
1644 break;
1645
1646 case InitializedEntity::EK_Base:
1647 PD = PDiag(diag::err_access_base_ctor);
1648 PD << Entity.isInheritedVirtualBase()
1649 << Entity.getBaseSpecifier()->getType() << getSpecialMember(Constructor);
1650 break;
1651
1652 case InitializedEntity::EK_Member: {
1653 const FieldDecl *Field = cast<FieldDecl>(Entity.getDecl());
1654 PD = PDiag(diag::err_access_field_ctor);
1655 PD << Field->getType() << getSpecialMember(Constructor);
1656 break;
1657 }
1658
1659 case InitializedEntity::EK_LambdaCapture: {
1660 StringRef VarName = Entity.getCapturedVarName();
1661 PD = PDiag(diag::err_access_lambda_capture);
1662 PD << VarName << Entity.getType() << getSpecialMember(Constructor);
1663 break;
1664 }
1665
1666 }
1667
1668 return CheckConstructorAccess(UseLoc, Constructor, Found, Entity, PD);
1669 }
1670
1671 /// Checks access to a constructor.
1672 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1673 CXXConstructorDecl *Constructor,
1674 DeclAccessPair Found,
1675 const InitializedEntity &Entity,
1676 const PartialDiagnostic &PD) {
1677 if (!getLangOpts().AccessControl ||
1678 Found.getAccess() == AS_public)
1679 return AR_accessible;
1680
1681 CXXRecordDecl *NamingClass = Constructor->getParent();
1682
1683 // Initializing a base sub-object is an instance method call on an
1684 // object of the derived class. Otherwise, we have an instance method
1685 // call on an object of the constructed type.
1686 //
1687 // FIXME: If we have a parent, we're initializing the base class subobject
1688 // in aggregate initialization. It's not clear whether the object class
1689 // should be the base class or the derived class in that case.
1690 CXXRecordDecl *ObjectClass;
1691 if ((Entity.getKind() == InitializedEntity::EK_Base ||
1692 Entity.getKind() == InitializedEntity::EK_Delegating) &&
1693 !Entity.getParent()) {
1694 ObjectClass = cast<CXXConstructorDecl>(CurContext)->getParent();
1695 } else if (auto *Shadow =
1696 dyn_cast<ConstructorUsingShadowDecl>(Found.getDecl())) {
1697 // If we're using an inheriting constructor to construct an object,
1698 // the object class is the derived class, not the base class.
1699 ObjectClass = Shadow->getParent();
1700 } else {
1701 ObjectClass = NamingClass;
1702 }
1703
1704 AccessTarget AccessEntity(
1705 Context, AccessTarget::Member, NamingClass,
1706 DeclAccessPair::make(Constructor, Found.getAccess()),
1707 Context.getTypeDeclType(ObjectClass));
1708 AccessEntity.setDiag(PD);
1709
1710 return CheckAccess(*this, UseLoc, AccessEntity);
1711 }
1712
1713 /// Checks access to an overloaded operator new or delete.
1714 Sema::AccessResult Sema::CheckAllocationAccess(SourceLocation OpLoc,
1715 SourceRange PlacementRange,
1716 CXXRecordDecl *NamingClass,
1717 DeclAccessPair Found,
1718 bool Diagnose) {
1719 if (!getLangOpts().AccessControl ||
1720 !NamingClass ||
1721 Found.getAccess() == AS_public)
1722 return AR_accessible;
1723
1724 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1725 QualType());
1726 if (Diagnose)
1727 Entity.setDiag(diag::err_access)
1728 << PlacementRange;
1729
1730 return CheckAccess(*this, OpLoc, Entity);
1731 }
1732
1733 /// Checks access to a member.
1734 Sema::AccessResult Sema::CheckMemberAccess(SourceLocation UseLoc,
1735 CXXRecordDecl *NamingClass,
1736 DeclAccessPair Found) {
1737 if (!getLangOpts().AccessControl ||
1738 !NamingClass ||
1739 Found.getAccess() == AS_public)
1740 return AR_accessible;
1741
1742 AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1743 Found, QualType());
1744
1745 return CheckAccess(*this, UseLoc, Entity);
1746 }
1747
1748 /// Checks implicit access to a member in a structured binding.
1749 Sema::AccessResult
1750 Sema::CheckStructuredBindingMemberAccess(SourceLocation UseLoc,
1751 CXXRecordDecl *DecomposedClass,
1752 DeclAccessPair Field) {
1753 if (!getLangOpts().AccessControl ||
1754 Field.getAccess() == AS_public)
1755 return AR_accessible;
1756
1757 AccessTarget Entity(Context, AccessTarget::Member, DecomposedClass, Field,
1758 Context.getRecordType(DecomposedClass));
1759 Entity.setDiag(diag::err_decomp_decl_inaccessible_field);
1760
1761 return CheckAccess(*this, UseLoc, Entity);
1762 }
1763
1764 Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc,
1765 Expr *ObjectExpr,
1766 const SourceRange &Range,
1767 DeclAccessPair Found) {
1768 if (!getLangOpts().AccessControl || Found.getAccess() == AS_public)
1769 return AR_accessible;
1770
1771 const RecordType *RT = ObjectExpr->getType()->castAs<RecordType>();
1772 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(RT->getDecl());
1773
1774 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1775 ObjectExpr->getType());
1776 Entity.setDiag(diag::err_access) << ObjectExpr->getSourceRange() << Range;
1777
1778 return CheckAccess(*this, OpLoc, Entity);
1779 }
1780
1781 /// Checks access to an overloaded member operator, including
1782 /// conversion operators.
1783 Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc,
1784 Expr *ObjectExpr,
1785 Expr *ArgExpr,
1786 DeclAccessPair Found) {
1787 return CheckMemberOperatorAccess(
1788 OpLoc, ObjectExpr, ArgExpr ? ArgExpr->getSourceRange() : SourceRange(),
1789 Found);
1790 }
1791
1792 Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc,
1793 Expr *ObjectExpr,
1794 ArrayRef<Expr *> ArgExprs,
1795 DeclAccessPair FoundDecl) {
1796 SourceRange R;
1797 if (!ArgExprs.empty()) {
1798 R = SourceRange(ArgExprs.front()->getBeginLoc(),
1799 ArgExprs.back()->getEndLoc());
1800 }
1801
1802 return CheckMemberOperatorAccess(OpLoc, ObjectExpr, R, FoundDecl);
1803 }
1804
1805 /// Checks access to the target of a friend declaration.
1806 Sema::AccessResult Sema::CheckFriendAccess(NamedDecl *target) {
1807 assert(isa<CXXMethodDecl>(target->getAsFunction()));
1808
1809 // Friendship lookup is a redeclaration lookup, so there's never an
1810 // inheritance path modifying access.
1811 AccessSpecifier access = target->getAccess();
1812
1813 if (!getLangOpts().AccessControl || access == AS_public)
1814 return AR_accessible;
1815
1816 CXXMethodDecl *method = cast<CXXMethodDecl>(target->getAsFunction());
1817
1818 AccessTarget entity(Context, AccessTarget::Member,
1819 cast<CXXRecordDecl>(target->getDeclContext()),
1820 DeclAccessPair::make(target, access),
1821 /*no instance context*/ QualType());
1822 entity.setDiag(diag::err_access_friend_function)
1823 << (method->getQualifier() ? method->getQualifierLoc().getSourceRange()
1824 : method->getNameInfo().getSourceRange());
1825
1826 // We need to bypass delayed-diagnostics because we might be called
1827 // while the ParsingDeclarator is active.
1828 EffectiveContext EC(CurContext);
1829 switch (CheckEffectiveAccess(*this, EC, target->getLocation(), entity)) {
1830 case ::AR_accessible: return Sema::AR_accessible;
1831 case ::AR_inaccessible: return Sema::AR_inaccessible;
1832 case ::AR_dependent: return Sema::AR_dependent;
1833 }
1834 llvm_unreachable("invalid access result");
1835 }
1836
1837 Sema::AccessResult Sema::CheckAddressOfMemberAccess(Expr *OvlExpr,
1838 DeclAccessPair Found) {
1839 if (!getLangOpts().AccessControl ||
1840 Found.getAccess() == AS_none ||
1841 Found.getAccess() == AS_public)
1842 return AR_accessible;
1843
1844 OverloadExpr *Ovl = OverloadExpr::find(OvlExpr).Expression;
1845 CXXRecordDecl *NamingClass = Ovl->getNamingClass();
1846
1847 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1848 /*no instance context*/ QualType());
1849 Entity.setDiag(diag::err_access)
1850 << Ovl->getSourceRange();
1851
1852 return CheckAccess(*this, Ovl->getNameLoc(), Entity);
1853 }
1854
1855 /// Checks access for a hierarchy conversion.
1856 ///
1857 /// \param ForceCheck true if this check should be performed even if access
1858 /// control is disabled; some things rely on this for semantics
1859 /// \param ForceUnprivileged true if this check should proceed as if the
1860 /// context had no special privileges
1861 Sema::AccessResult Sema::CheckBaseClassAccess(SourceLocation AccessLoc,
1862 QualType Base,
1863 QualType Derived,
1864 const CXXBasePath &Path,
1865 unsigned DiagID,
1866 bool ForceCheck,
1867 bool ForceUnprivileged) {
1868 if (!ForceCheck && !getLangOpts().AccessControl)
1869 return AR_accessible;
1870
1871 if (Path.Access == AS_public)
1872 return AR_accessible;
1873
1874 CXXRecordDecl *BaseD, *DerivedD;
1875 BaseD = cast<CXXRecordDecl>(Base->castAs<RecordType>()->getDecl());
1876 DerivedD = cast<CXXRecordDecl>(Derived->castAs<RecordType>()->getDecl());
1877
1878 AccessTarget Entity(Context, AccessTarget::Base, BaseD, DerivedD,
1879 Path.Access);
1880 if (DiagID)
1881 Entity.setDiag(DiagID) << Derived << Base;
1882
1883 if (ForceUnprivileged) {
1884 switch (CheckEffectiveAccess(*this, EffectiveContext(),
1885 AccessLoc, Entity)) {
1886 case ::AR_accessible: return Sema::AR_accessible;
1887 case ::AR_inaccessible: return Sema::AR_inaccessible;
1888 case ::AR_dependent: return Sema::AR_dependent;
1889 }
1890 llvm_unreachable("unexpected result from CheckEffectiveAccess");
1891 }
1892 return CheckAccess(*this, AccessLoc, Entity);
1893 }
1894
1895 /// Checks access to all the declarations in the given result set.
1896 void Sema::CheckLookupAccess(const LookupResult &R) {
1897 assert(getLangOpts().AccessControl
1898 && "performing access check without access control");
1899 assert(R.getNamingClass() && "performing access check without naming class");
1900
1901 for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) {
1902 if (I.getAccess() != AS_public) {
1903 AccessTarget Entity(Context, AccessedEntity::Member,
1904 R.getNamingClass(), I.getPair(),
1905 R.getBaseObjectType());
1906 Entity.setDiag(diag::err_access);
1907 CheckAccess(*this, R.getNameLoc(), Entity);
1908 }
1909 }
1910 }
1911
1912 /// Checks access to Target from the given class. The check will take access
1913 /// specifiers into account, but no member access expressions and such.
1914 ///
1915 /// \param Target the declaration to check if it can be accessed
1916 /// \param NamingClass the class in which the lookup was started.
1917 /// \param BaseType type of the left side of member access expression.
1918 /// \p BaseType and \p NamingClass are used for C++ access control.
1919 /// Depending on the lookup case, they should be set to the following:
1920 /// - lhs.target (member access without a qualifier):
1921 /// \p BaseType and \p NamingClass are both the type of 'lhs'.
1922 /// - lhs.X::target (member access with a qualifier):
1923 /// BaseType is the type of 'lhs', NamingClass is 'X'
1924 /// - X::target (qualified lookup without member access):
1925 /// BaseType is null, NamingClass is 'X'.
1926 /// - target (unqualified lookup).
1927 /// BaseType is null, NamingClass is the parent class of 'target'.
1928 /// \return true if the Target is accessible from the Class, false otherwise.
1929 bool Sema::IsSimplyAccessible(NamedDecl *Target, CXXRecordDecl *NamingClass,
1930 QualType BaseType) {
1931 // Perform the C++ accessibility checks first.
1932 if (Target->isCXXClassMember() && NamingClass) {
1933 if (!getLangOpts().CPlusPlus)
1934 return false;
1935 // The unprivileged access is AS_none as we don't know how the member was
1936 // accessed, which is described by the access in DeclAccessPair.
1937 // `IsAccessible` will examine the actual access of Target (i.e.
1938 // Decl->getAccess()) when calculating the access.
1939 AccessTarget Entity(Context, AccessedEntity::Member, NamingClass,
1940 DeclAccessPair::make(Target, AS_none), BaseType);
1941 EffectiveContext EC(CurContext);
1942 return ::IsAccessible(*this, EC, Entity) != ::AR_inaccessible;
1943 }
1944
1945 if (ObjCIvarDecl *Ivar = dyn_cast<ObjCIvarDecl>(Target)) {
1946 // @public and @package ivars are always accessible.
1947 if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Public ||
1948 Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Package)
1949 return true;
1950
1951 // If we are inside a class or category implementation, determine the
1952 // interface we're in.
1953 ObjCInterfaceDecl *ClassOfMethodDecl = nullptr;
1954 if (ObjCMethodDecl *MD = getCurMethodDecl())
1955 ClassOfMethodDecl = MD->getClassInterface();
1956 else if (FunctionDecl *FD = getCurFunctionDecl()) {
1957 if (ObjCImplDecl *Impl
1958 = dyn_cast<ObjCImplDecl>(FD->getLexicalDeclContext())) {
1959 if (ObjCImplementationDecl *IMPD
1960 = dyn_cast<ObjCImplementationDecl>(Impl))
1961 ClassOfMethodDecl = IMPD->getClassInterface();
1962 else if (ObjCCategoryImplDecl* CatImplClass
1963 = dyn_cast<ObjCCategoryImplDecl>(Impl))
1964 ClassOfMethodDecl = CatImplClass->getClassInterface();
1965 }
1966 }
1967
1968 // If we're not in an interface, this ivar is inaccessible.
1969 if (!ClassOfMethodDecl)
1970 return false;
1971
1972 // If we're inside the same interface that owns the ivar, we're fine.
1973 if (declaresSameEntity(ClassOfMethodDecl, Ivar->getContainingInterface()))
1974 return true;
1975
1976 // If the ivar is private, it's inaccessible.
1977 if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Private)
1978 return false;
1979
1980 return Ivar->getContainingInterface()->isSuperClassOf(ClassOfMethodDecl);
1981 }
1982
1983 return true;
1984 }
LLVM monorepo