[Cherry-pick][BoundsSafety][Sema] Allow counted_by and counted_by_or_null on pointers where the pointee type is incomplete but potentially completable

---

This is a cherry-pick of the change in llvm#106321.
It is being cherry-pick now so that the merge conflict is handled
upfront to minimize the work when the conflict from the upstream change
reaches the automerger.

Conflicts:
	clang/include/clang/AST/Type.h
	clang/include/clang/Sema/Sema.h
	clang/lib/AST/Type.cpp
	clang/lib/Sema/SemaBoundsSafety.cpp
	clang/lib/Sema/SemaExpr.cpp
	clang/lib/Sema/SemaInit.cpp

---

Previously using the `counted_by` or `counted_by_or_null` attribute on a
pointer with an incomplete pointee type was forbidden. Unfortunately
this prevented a situation like the following from being allowed.

Header file:

```
struct EltTy; // Incomplete type
struct Buffer {
  size_t count;
  struct EltTy* __counted_by(count) buffer; // error before this patch
};
```

Implementation file:

```
struct EltTy {
  // definition
};

void allocBuffer(struct Buffer* b) {
  b->buffer = malloc(sizeof(EltTy)* b->count);
}
```

To allow code like the above but still enforce that the pointee
type size is known in locations where `-fbounds-safety` needs to
emit bounds checks the following scheme is used.

* For incomplete pointee types that can never be completed (e.g. `void`)
  these are treated as error where the attribute is written (just like
  before this patch).
* For incomplete pointee types that might be completable later on
  (struct, union, and enum forward declarations)
  in the translation unit, writing the attribute on the incomplete
  pointee type is allowed on the FieldDecl declaration but "uses" of the
  declared pointer are forbidden if at the point of "use" the pointee
  type is still incomplete.

For this patch a "use" of a FieldDecl covers:

* Explicit and Implicit initialization (note see **Tentative Definition
  Initialization** for an exception to this)
* Assignment
* Conversion to an lvalue (e.g. for use in an expression)

In the swift lang fork of Clang the `counted_by` and
`counted_by_or_null` attribute are allowed in many more contexts. That
isn't the case for upstream Clang so the "use" checks for the attribute
on VarDecl, ParamVarDecl, and function return type have been omitted
from this patch because they can't be tested. However, the
`BoundsSafetyCheckAssignmentToCountAttrPtrWithIncompletePointeeTy` and
`BoundsSafetyCheckUseOfCountAttrPtrWithIncompletePointeeTy` functions
retain the ability to emit diagnostics for these other contexts to avoid
unnecessary divergence between upstream Clang and Apple's internal fork.
Support for checking "uses" will be upstreamed when upstream Clang
allows the `counted_by` and `counted_by_or_null` attribute in additional
contexts.

This patch has a few limitations:

** 1. Tentative Defition Initialization **

This patch currently allows something like:

```
struct IncompleteTy;
struct Buffer {
  int count;
  struct IncompleteTy* __counted_by(count) buf;
};

// Tentative definition
struct Buffer GlobalBuf;
```

The Tentative definition in this example becomes an actual definition
whose initialization **should be checked** but it currently isn't.
Addressing this problem will be done in a subseqent patch.

** 2. When the incomplete pointee type is a typedef diagnostics are slightly misleading **

For this situation:

```

struct IncompleteTy;
typedef struct IncompleteTy Incomplete_t;

struct Buffer {
  int count;
  struct IncompleteTy* __counted_by(count) buf;
};

void use(struct Buffer b) {
  b.buf = 0x0;
}
```

This code emits `note: forward declaration of 'Incomplete_t' (aka
'struct IncompleteTy')` but the location is on the `struct
IncompleteTy;` forward declaration.  This is misleading because
`Incomplete_t` isn't actually forward declared there (instead the
underlying type is). This could be resolved by additional diagnostics
that walk the chain of typedefs and explain each step of the walk.
However, that would be very verbose and didn't seem like a direction
worth pursuing.

rdar://133600117

Author: delcypher

clang/include/clang/AST/Type.h

@@ -2480,6 +2480,7 @@ class alignas(TypeAlignment) Type : public ExtQualsTypeCommonBase {
   bool isIncompleteOrSizelessType() const {
     return isIncompleteType() || isSizelessType() || isFunctionType();
   }
+  /* TO_UPSTREAM(BoundsSafety) OFF*/
 
   /// \returns True if the type is incomplete and it is also a type that
   /// cannot be completed by a later type definition.
@@ -2496,11 +2497,10 @@ class alignas(TypeAlignment) Type : public ExtQualsTypeCommonBase {
   /// // This decl has type 'char[]' which is incomplete and cannot be later
   /// // completed by another by another type declaration.
   /// extern char foo[];
-  /// // This decl how has complete type 'char[5]'.
+  /// // This decl now has complete type 'char[5]'.
   /// char foo[5]; // foo has a complete type
   /// \endcode
-  bool isIncompletableIncompleteType() const;
-  /* TO_UPSTREAM(BoundsSafety) OFF*/
+  bool isAlwaysIncompleteType() const;
 
   /// Determine whether this type is an object type.
   bool isObjectType() const {
@@ -3705,9 +3705,7 @@ class CountAttributedType final
     return T->getTypeClass() == CountAttributed;
   }
 
-  /* TO_UPSTREAM(BoundsSafety) ON*/
-  StringRef GetAttributeName(bool WithMacroPrefix) const;
-  /* TO_UPSTREAM(BoundsSafety) OFF*/
+  StringRef getAttributeName(bool WithMacroPrefix) const;
 };
 
 /* TO_UPSTREAM(BoundsSafety) ON */

clang/include/clang/Basic/DiagnosticSemaKinds.td

@@ -6800,6 +6800,30 @@ def err_counted_by_attr_pointee_unknown_size : Error<
     "%select{|. This will be an error in a future compiler version}3"
     ""
   "}2">;
+def err_counted_by_on_incomplete_type_on_assign : Error <
+  "cannot %select{"
+    "assign to %select{object|'%1'}2 with|" // AA_Assigning,
+    "pass argument to %select{parameter|parameter '%1'}2 with|" // AA_Passing,
+    "return|" // AA_Returning,
+    "convert to|" // AA_Converting (UNUSED)
+    "%select{|implicitly }3initialize %select{object|'%1'}2 with|" // AA_Initializing,
+    "pass argument to parameter with|" // AA_Sending (UNUSED)
+    "cast to|" // AA_Casting (UNUSED)
+    "pass argument to parameter with" // AA_Passing_CFAudited (UNUSED)
+  "}0 '%5' attributed type %4 because the pointee type %6 is incomplete">;
+
+def err_counted_by_on_incomplete_type_on_use : Error <
+  "cannot %select{"
+    "use '%1' with '%4' attributed|" // Generic expr
+    "call '%1' with '%4' attributed return" // CallExpr
+  "}0 type %2 because the pointee type %3 is incomplete">;
+
+def note_counted_by_consider_completing_pointee_ty : Note<
+  "consider providing a complete definition for %0">;
+  
+def note_counted_by_consider_using_sized_by : Note<
+  "consider using '__sized_by%select{|_or_null}0' instead of "
+  "'__counted_by%select{|_or_null}0'">;
 
 def warn_counted_by_attr_elt_type_unknown_size :
   Warning<err_counted_by_attr_pointee_unknown_size.Summary>,
@@ -12912,8 +12936,7 @@ def err_bounds_safety_counted_by_on_incomplete_type_on_func_def : Error<
       " '%3'" // named parameter
     "}2 with"
   "}1 type %4 on a function definition because the pointee type %5 is "
-  "incomplete; consider providing a complete definition for %5 before the "
-  "function body or using the '__sized_by%select{|_or_null}6' attribute"
+  "incomplete"
 >;
 
 def err_bounds_safety_counted_by_on_incomplete_type_on_var_decl : Error<

clang/include/clang/Sema/Sema.h

@@ -2263,7 +2263,6 @@ class Sema final : public SemaBase {
   bool CheckCountedByAttrOnField(FieldDecl *FD, Expr *E, bool CountInBytes,
                                  bool OrNull);
 
-  /* TO_UPSTREAM(BoundsSafety) ON*/
   /// Perform Bounds Safety Semantic checks for assigning to a `__counted_by` or
   /// `__counted_by_or_null` pointer type \param LHSTy.
   ///
@@ -2285,28 +2284,6 @@ class Sema final : public SemaBase {
       SourceLocation Loc, const ValueDecl *Assignee,
       bool ShowFullyQualifiedAssigneeName);
 
-  /// Perform Checks for assigning to a `__counted_by` or
-  /// `__counted_by_or_null` pointer type \param LHSTy where the pointee type
-  /// is incomplete which is invalid.
-  ///
-  /// \param LHSTy The type being assigned to. Checks will only be performed if
-  ///              the type is a `counted_by` or `counted_by_or_null ` pointer.
-  /// \param RHSExpr The expression being assigned from.
-  /// \param Action The type assignment being performed
-  /// \param Loc The SourceLocation to use for error diagnostics
-  /// \param Assignee The ValueDecl being assigned. This is used to compute
-  ///        the name of the assignee. If the assignee isn't known this can
-  ///        be set to nullptr.
-  /// \param ShowFullyQualifiedAssigneeName If set to true when using \p
-  ///        Assignee to compute the name of the assignee use the fully
-  ///        qualified name, otherwise use the unqualified name.
-  ///
-  /// \returns True iff no diagnostic where emitted, false otherwise.
-  bool BoundsSafetyCheckAssignmentToCountAttrPtrWithIncompletePointeeTy(
-      QualType LHSTy, Expr *RHSExpr, AssignmentAction Action,
-      SourceLocation Loc, const ValueDecl *Assignee,
-      bool ShowFullyQualifiedAssigneeName);
-
   /// Perform Bounds Safety Semantic checks for initializing a Bounds Safety
   /// pointer.
   ///
@@ -2323,6 +2300,15 @@ class Sema final : public SemaBase {
                                        AssignmentAction Action,
                                        QualType LHSType, Expr *RHSExpr);
 
+  /// Perform Bounds Safety semantic checks for uses of invalid uses counted_by
+  /// or counted_by_or_null pointers in \param E.
+  ///
+  /// \param E the expression to check
+  ///
+  /// \returns True iff no diagnostic where emitted, false otherwise.
+  bool BoundsSafetyCheckUseOfCountAttrPtr(const Expr *E);
+
+  /* TO_UPSTREAM(BoundsSafety) ON*/
   /// Perform Bounds Safety semantic checks on function parameters on a function
   /// definition. This only performs checks that can be made by looking at
   /// \param PVD in isolation (i.e. not looking at other parameters in the
@@ -2351,14 +2337,6 @@ class Sema final : public SemaBase {
   ///  \returns True iff no diagnostic where emitted, false otherwise.
   bool BoundsSafetyCheckReturnTyForFunctionDef(FunctionDecl *FD);
 
-  /// Perform Bounds Safety semantic checks for uses of invalid uses counted_by
-  /// or counted_by_or_null pointers in \param E.
-  ///
-  /// \param E the expression to check
-  ///
-  /// \returns True iff no diagnostic where emitted, false otherwise.
-  bool BoundsSafetyCheckUseOfCountAttrPtr(Expr *E);
-
   /// Perform Bounds Safety semantic checks on variable declaration \param VD.
   ///
   ///  \param VD The VarDecl to check

clang/lib/AST/Type.cpp

@@ -2599,6 +2599,22 @@ bool Type::isIncompleteType(NamedDecl **Def) const {
   }
 }
 
+bool Type::isAlwaysIncompleteType() const {
+  if (!isIncompleteType())
+    return false;
+
+  // Forward declarations of structs, classes, enums, and unions could be later
+  // completed in a compilation unit by providing a type definition.
+  if (getAsTagDecl())
+    return false;
+
+  // Other types are incompletable.
+  //
+  // E.g. `char[]` and `void`. The type is incomplete and no future
+  // type declarations can make the type complete.
+  return true;
+}
+
 bool Type::isSizelessBuiltinType() const {
   if (isSizelessVectorType())
     return true;
@@ -2716,22 +2732,6 @@ bool Type::isSizeMeaningless() const {
       return true;
   return false;
 }
-
-bool Type::isIncompletableIncompleteType() const {
-  if (!isIncompleteType())
-    return false;
-
-  // Forward declarations of structs, classes, enums, and unions could be later
-  // completed in a compilation unit by providing a definition.
-  if (isStructureOrClassType() || isEnumeralType() || isUnionType())
-    return false;
-
-  // Other types are incompletable.
-  //
-  // E.g. `char[]` and `void`. The type is incomplete and no future
-  // type declarations can make the type complete.
-  return true;
-}
 /* TO_UPSTREAM(BoundsSafety) OFF*/
 
 QualType Type::getSizelessVectorEltType(const ASTContext &Ctx) const {
@@ -4080,8 +4080,11 @@ CountAttributedType::CountAttributedType(
     DeclSlot[i] = CoupledDecls[i];
 }
 
-/* TO_UPSTREAM(BoundsSafety) ON*/
-StringRef CountAttributedType::GetAttributeName(bool WithMacroPrefix) const {
+StringRef CountAttributedType::getAttributeName(bool WithMacroPrefix) const {
+// TODO: This method isn't really ideal because it doesn't return the spelling
+// of the attribute that was used in the user's code. This method is used for
+// diagnostics so the fact it doesn't use the spelling of the attribute in
+// the user's code could be confusing (#113585).
 #define ENUMERATE_ATTRS(PREFIX)                                                \
   do {                                                                         \
     if (isCountInBytes()) {                                                    \
@@ -4102,6 +4105,7 @@ StringRef CountAttributedType::GetAttributeName(bool WithMacroPrefix) const {
 #undef ENUMERATE_ATTRS
 }
 
+/* TO_UPSTREAM(BoundsSafety) ON*/
 DynamicRangePointerType::DynamicRangePointerType(
     QualType PointerTy, QualType CanPointerTy, Expr *StartPtr, Expr *EndPtr,
     ArrayRef<TypeCoupledDeclRefInfo> StartPtrDecls,