SemaChecking.cpp revision 49badde06e066d058d6c7fcf4e628a72999b65a9
159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===--- SemaChecking.cpp - Extra Semantic Checking -----------------------===// 259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// The LLVM Compiler Infrastructure 459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 50bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// This file is distributed under the University of Illinois Open Source 60bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// License. See LICENSE.TXT for details. 759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// This file implements extra semantic analysis beyond what is enforced 1159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// by the C type system. 1259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 1459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 1559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "Sema.h" 1659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/ASTContext.h" 17c4a1dea2dc56bd1357ec91b829a0b9e68229a13eDaniel Dunbar#include "clang/AST/DeclObjC.h" 182324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek#include "clang/AST/ExprCXX.h" 197ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek#include "clang/AST/ExprObjC.h" 2059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Lex/Preprocessor.h" 2159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/Diagnostic.h" 22588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek#include "SemaUtil.h" 2359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnerusing namespace clang; 2459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 2559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckFunctionCall - Check a direct function call for various correctness 2659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// and safety properties not strictly enforced by the C type system. 27d38617c8a50f9729c254ab76cd359af797c6739bEli FriedmanAction::ExprResult 28e801870b638e47a5734a3ea63ddfb45f1711e078Eli FriedmanSema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCallRaw) { 29e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman llvm::OwningPtr<CallExpr> TheCall(TheCallRaw); 3059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Get the IdentifierInfo* for the called function. 3159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner IdentifierInfo *FnInfo = FDecl->getIdentifier(); 3259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 3330ce344307f8a8b00054021307015571f83c7364Chris Lattner switch (FnInfo->getBuiltinID()) { 3430ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin___CFStringMakeConstantString: 35925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner assert(TheCall->getNumArgs() == 1 && 361b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner "Wrong # arguments to builtin CFStringMakeConstantString"); 37e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (CheckBuiltinCFStringArgument(TheCall->getArg(0))) 38d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 39e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 4049ff7a1c8c67d56e62d3b4627463b705c0d5008cTed Kremenek case Builtin::BI__builtin_stdarg_start: 4130ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin_va_start: 42b7cfe88e88cb4f46308de89cf3f0c81bfe624128Chris Lattner if (SemaBuiltinVAStart(TheCall.get())) 43d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 44e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 451b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreater: 461b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreaterequal: 471b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isless: 481b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessequal: 491b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessgreater: 501b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isunordered: 51e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (SemaBuiltinUnorderedCompare(TheCall.get())) 52d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 53e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 546cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman case Builtin::BI__builtin_return_address: 556cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman case Builtin::BI__builtin_frame_address: 566cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman if (SemaBuiltinStackAddress(TheCall.get())) 576cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return true; 586cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return TheCall.take(); 59d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman case Builtin::BI__builtin_shufflevector: 60e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return SemaBuiltinShuffleVector(TheCall.get()); 614493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar case Builtin::BI__builtin_prefetch: 624493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (SemaBuiltinPrefetch(TheCall.get())) 634493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar return true; 644493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar return TheCall.take(); 65d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar case Builtin::BI__builtin_object_size: 66d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar if (SemaBuiltinObjectSize(TheCall.get())) 67d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar return true; 6871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 69de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar 70de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar // FIXME: This mechanism should be abstracted to be less fragile and 71de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar // more efficient. For example, just map function ids to custom 72de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar // handlers. 73de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar 7459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Search the KnownFunctionIDs for the identifier. 7559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner unsigned i = 0, e = id_num_known_functions; 7671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek for (; i != e; ++i) { if (KnownFunctionIDs[i] == FnInfo) break; } 77e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (i == e) return TheCall.take(); 7859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 7959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Printf checking. 8059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner if (i <= id_vprintf) { 8171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Retrieve the index of the format string parameter and determine 8271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // if the function is passed a va_arg argument. 8359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner unsigned format_idx = 0; 8471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek bool HasVAListArg = false; 8571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 8659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner switch (i) { 8730ce344307f8a8b00054021307015571f83c7364Chris Lattner default: assert(false && "No format string argument index."); 88de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_NSLog: format_idx = 0; break; 89de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_asprintf: format_idx = 1; break; 90de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_fprintf: format_idx = 1; break; 91de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_printf: format_idx = 0; break; 92de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_snprintf: format_idx = 2; break; 93de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_snprintf_chk: format_idx = 4; break; 94de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_sprintf: format_idx = 1; break; 95de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_sprintf_chk: format_idx = 3; break; 96de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_vasprintf: format_idx = 1; HasVAListArg = true; break; 97de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_vfprintf: format_idx = 1; HasVAListArg = true; break; 98de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_vsnprintf: format_idx = 2; HasVAListArg = true; break; 99de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_vsnprintf_chk: format_idx = 4; HasVAListArg = true; break; 100de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_vsprintf: format_idx = 1; HasVAListArg = true; break; 101de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_vsprintf_chk: format_idx = 3; HasVAListArg = true; break; 102de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar case id_vprintf: format_idx = 0; HasVAListArg = true; break; 10371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 10471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 105e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman CheckPrintfArguments(TheCall.get(), HasVAListArg, format_idx); 10659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner } 10771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 108e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 10971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson} 11071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 11171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson/// CheckBuiltinCFStringArgument - Checks that the argument to the builtin 11271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson/// CFString constructor is correct 113cc6f65d9f210efc56d7418753e93bf5a14f3ac59Chris Lattnerbool Sema::CheckBuiltinCFStringArgument(Expr* Arg) { 11456f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner Arg = Arg->IgnoreParenCasts(); 11571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 11671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson StringLiteral *Literal = dyn_cast<StringLiteral>(Arg); 11771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 11871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Literal || Literal->isWide()) { 11971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(Arg->getLocStart(), 12071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::err_cfstring_literal_not_string_constant, 12171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 1229cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return true; 12371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 12471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 12571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson const char *Data = Literal->getStrData(); 12671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson unsigned Length = Literal->getByteLength(); 12771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 12871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson for (unsigned i = 0; i < Length; ++i) { 12971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!isascii(Data[i])) { 13071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(PP.AdvanceToTokenCharacter(Arg->getLocStart(), i + 1), 13171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::warn_cfstring_literal_contains_non_ascii_character, 13271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 13371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson break; 13471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 13571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 13671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Data[i]) { 13771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(PP.AdvanceToTokenCharacter(Arg->getLocStart(), i + 1), 13871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::warn_cfstring_literal_contains_nul_character, 13971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 14071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson break; 14171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 14271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 14371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 1449cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return false; 14559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner} 14659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 147c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// SemaBuiltinVAStart - Check the arguments to __builtin_va_start for validity. 148c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// Emit an error and return true on failure, return false on success. 149925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinVAStart(CallExpr *TheCall) { 150925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *Fn = TheCall->getCallee(); 151925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) { 152925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(2)->getLocStart(), 15330ce344307f8a8b00054021307015571f83c7364Chris Lattner diag::err_typecheck_call_too_many_args, Fn->getSourceRange(), 154925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(TheCall->getArg(2)->getLocStart(), 155925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd())); 15630ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 15730ce344307f8a8b00054021307015571f83c7364Chris Lattner } 15830ce344307f8a8b00054021307015571f83c7364Chris Lattner 159c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner // Determine whether the current function is variadic or not. 160c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner bool isVariadic; 16153d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis if (getCurFunctionDecl()) 162c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner isVariadic = 16353d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis cast<FunctionTypeProto>(getCurFunctionDecl()->getType())->isVariadic(); 16430ce344307f8a8b00054021307015571f83c7364Chris Lattner else 16553d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis isVariadic = getCurMethodDecl()->isVariadic(); 16630ce344307f8a8b00054021307015571f83c7364Chris Lattner 167c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner if (!isVariadic) { 16830ce344307f8a8b00054021307015571f83c7364Chris Lattner Diag(Fn->getLocStart(), diag::err_va_start_used_in_non_variadic_function); 16930ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 17030ce344307f8a8b00054021307015571f83c7364Chris Lattner } 17130ce344307f8a8b00054021307015571f83c7364Chris Lattner 17230ce344307f8a8b00054021307015571f83c7364Chris Lattner // Verify that the second argument to the builtin is the last argument of the 17330ce344307f8a8b00054021307015571f83c7364Chris Lattner // current function or method. 17430ce344307f8a8b00054021307015571f83c7364Chris Lattner bool SecondArgIsLastNamedArgument = false; 175e2c14103dec39cbd24dac9d7b3e91277b109c14fAnders Carlsson const Expr *Arg = TheCall->getArg(1)->IgnoreParenCasts(); 17688cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson 17788cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Arg)) { 17888cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(DR->getDecl())) { 17930ce344307f8a8b00054021307015571f83c7364Chris Lattner // FIXME: This isn't correct for methods (results in bogus warning). 18030ce344307f8a8b00054021307015571f83c7364Chris Lattner // Get the last formal in the current function. 18188cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson const ParmVarDecl *LastArg; 18253d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis if (getCurFunctionDecl()) 18353d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis LastArg = *(getCurFunctionDecl()->param_end()-1); 18430ce344307f8a8b00054021307015571f83c7364Chris Lattner else 18553d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis LastArg = *(getCurMethodDecl()->param_end()-1); 18630ce344307f8a8b00054021307015571f83c7364Chris Lattner SecondArgIsLastNamedArgument = PV == LastArg; 18730ce344307f8a8b00054021307015571f83c7364Chris Lattner } 18830ce344307f8a8b00054021307015571f83c7364Chris Lattner } 18930ce344307f8a8b00054021307015571f83c7364Chris Lattner 19030ce344307f8a8b00054021307015571f83c7364Chris Lattner if (!SecondArgIsLastNamedArgument) 191925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(1)->getLocStart(), 19230ce344307f8a8b00054021307015571f83c7364Chris Lattner diag::warn_second_parameter_of_va_start_not_last_named_argument); 19330ce344307f8a8b00054021307015571f83c7364Chris Lattner return false; 1946cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman} 19530ce344307f8a8b00054021307015571f83c7364Chris Lattner 1961b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isgreater and 1971b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// friends. This is declared to take (...), so we have to check everything. 198925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinUnorderedCompare(CallExpr *TheCall) { 199925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() < 2) 200925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args); 201925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) 202925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(TheCall->getArg(2)->getLocStart(), 203925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner diag::err_typecheck_call_too_many_args, 204925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(TheCall->getArg(2)->getLocStart(), 205925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd())); 2061b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 207925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg0 = TheCall->getArg(0); 208925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg1 = TheCall->getArg(1); 2091b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2101b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // Do standard promotions between the two arguments, returning their common 2111b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // type. 212925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner QualType Res = UsualArithmeticConversions(OrigArg0, OrigArg1, false); 2131b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2141b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // If the common type isn't a real floating type, then the arguments were 2151b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // invalid for this operation. 2161b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner if (!Res->isRealFloatingType()) 217925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(OrigArg0->getLocStart(), 2181b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner diag::err_typecheck_call_invalid_ordered_compare, 2191b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner OrigArg0->getType().getAsString(), 2201b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner OrigArg1->getType().getAsString(), 221925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(OrigArg0->getLocStart(), OrigArg1->getLocEnd())); 2221b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2231b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner return false; 2241b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner} 2251b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2266cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedmanbool Sema::SemaBuiltinStackAddress(CallExpr *TheCall) { 2276cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman // The signature for these builtins is exact; the only thing we need 2286cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman // to check is that the argument is a constant. 2296cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman SourceLocation Loc; 230d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner if (!TheCall->getArg(0)->isIntegerConstantExpr(Context, &Loc)) 2316cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return Diag(Loc, diag::err_stack_const_level, TheCall->getSourceRange()); 232d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner 2336cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return false; 2346cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman} 2356cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman 236d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman/// SemaBuiltinShuffleVector - Handle __builtin_shufflevector. 237d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman// This is declared to take (...), so we have to check everything. 238d38617c8a50f9729c254ab76cd359af797c6739bEli FriedmanAction::ExprResult Sema::SemaBuiltinShuffleVector(CallExpr *TheCall) { 239d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < 3) 240d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args, 241d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getSourceRange()); 242d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 243d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType FAType = TheCall->getArg(0)->getType(); 244d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType SAType = TheCall->getArg(1)->getType(); 245d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 246d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (!FAType->isVectorType() || !SAType->isVectorType()) { 247d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), diag::err_shufflevector_non_vector, 248d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman SourceRange(TheCall->getArg(0)->getLocStart(), 249d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(1)->getLocEnd())); 250d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 251d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 252d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 253b77792eabf5882cf9af8cc810599b20432fda6c2Chris Lattner if (Context.getCanonicalType(FAType).getUnqualifiedType() != 254b77792eabf5882cf9af8cc810599b20432fda6c2Chris Lattner Context.getCanonicalType(SAType).getUnqualifiedType()) { 255d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), diag::err_shufflevector_incompatible_vector, 256d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman SourceRange(TheCall->getArg(0)->getLocStart(), 257d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(1)->getLocEnd())); 258d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 259d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 260d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 261d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman unsigned numElements = FAType->getAsVectorType()->getNumElements(); 262d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() != numElements+2) { 263d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < numElements+2) 264d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args, 265d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner TheCall->getSourceRange()); 266d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_many_args, 267d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner TheCall->getSourceRange()); 268d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 269d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 270d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman for (unsigned i = 2; i < TheCall->getNumArgs(); i++) { 271d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::APSInt Result(32); 272d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner if (!TheCall->getArg(i)->isIntegerConstantExpr(Result, Context)) 273d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner return Diag(TheCall->getLocStart(), 274d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner diag::err_shufflevector_nonconstant_argument, 275d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner TheCall->getArg(i)->getSourceRange()); 276d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner 277d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner if (Result.getActiveBits() > 64 || Result.getZExtValue() >= numElements*2) 278d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner return Diag(TheCall->getLocStart(), 279d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner diag::err_shufflevector_argument_too_large, 280d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner TheCall->getArg(i)->getSourceRange()); 281d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 282d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 283d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::SmallVector<Expr*, 32> exprs; 284d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 285d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner for (unsigned i = 0, e = TheCall->getNumArgs(); i != e; i++) { 286d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman exprs.push_back(TheCall->getArg(i)); 287d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->setArg(i, 0); 288d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 289d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 290d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner return new ShuffleVectorExpr(exprs.begin(), numElements+2, FAType, 291d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner TheCall->getCallee()->getLocStart(), 292d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner TheCall->getRParenLoc()); 293d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman} 29430ce344307f8a8b00054021307015571f83c7364Chris Lattner 2954493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar/// SemaBuiltinPrefetch - Handle __builtin_prefetch. 2964493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar// This is declared to take (const void*, ...) and can take two 2974493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar// optional constant int args. 2984493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbarbool Sema::SemaBuiltinPrefetch(CallExpr *TheCall) { 2994493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar unsigned numArgs = TheCall->getNumArgs(); 3004493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar bool res = false; 3014493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3024493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (numArgs > 3) { 3034493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar res |= Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_many_args, 3044493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar TheCall->getSourceRange()); 3054493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } 3064493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3074493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // Argument 0 is checked for us and the remaining arguments must be 3084493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // constant integers. 3094493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar for (unsigned i=1; i<numArgs; ++i) { 3104493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar Expr *Arg = TheCall->getArg(i); 3114493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar QualType RWType = Arg->getType(); 3124493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3134493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar const BuiltinType *BT = RWType->getAsBuiltinType(); 314d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar llvm::APSInt Result; 3154493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (!BT || BT->getKind() != BuiltinType::Int || 3164493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar !Arg->isIntegerConstantExpr(Result, Context)) { 3174493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (Diag(TheCall->getLocStart(), diag::err_prefetch_invalid_argument, 3184493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar SourceRange(Arg->getLocStart(), Arg->getLocEnd()))) { 3194493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar res = true; 3204493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar continue; 3214493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } 3224493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } 3234493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3244493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // FIXME: gcc issues a warning and rewrites these to 0. These 3254493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // seems especially odd for the third argument since the default 3264493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // is 3. 3274493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (i==1) { 3284493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (Result.getSExtValue() < 0 || Result.getSExtValue() > 1) 329d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar res |= Diag(TheCall->getLocStart(), diag::err_argument_invalid_range, 3304493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar "0", "1", 3314493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar SourceRange(Arg->getLocStart(), Arg->getLocEnd())); 3324493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } else { 3334493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (Result.getSExtValue() < 0 || Result.getSExtValue() > 3) 334d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar res |= Diag(TheCall->getLocStart(), diag::err_argument_invalid_range, 3354493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar "0", "3", 3364493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar SourceRange(Arg->getLocStart(), Arg->getLocEnd())); 3374493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } 3384493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } 3394493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3404493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar return res; 3414493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar} 3424493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 343d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar/// SemaBuiltinObjectSize - Handle __builtin_object_size(void *ptr, 344d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar/// int type). This simply type checks that type is one of the defined 345d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar/// constants (0-3). 346d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbarbool Sema::SemaBuiltinObjectSize(CallExpr *TheCall) { 347d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar Expr *Arg = TheCall->getArg(1); 348d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar QualType ArgType = Arg->getType(); 349d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar const BuiltinType *BT = ArgType->getAsBuiltinType(); 350d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar llvm::APSInt Result(32); 351d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar if (!BT || BT->getKind() != BuiltinType::Int || 352d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar !Arg->isIntegerConstantExpr(Result, Context)) { 353d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar return Diag(TheCall->getLocStart(), diag::err_object_size_invalid_argument, 354d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar SourceRange(Arg->getLocStart(), Arg->getLocEnd())); 355d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar } 356d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar 357d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar if (Result.getSExtValue() < 0 || Result.getSExtValue() > 3) { 358d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range, 359d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar "0", "3", 360d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar SourceRange(Arg->getLocStart(), Arg->getLocEnd())); 361d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar } 362d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar 363d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar return false; 364d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar} 365d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar 36659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckPrintfArguments - Check calls to printf (and similar functions) for 36771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// correct use of format strings. 36871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 36971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// HasVAListArg - A predicate indicating whether the printf-like 37071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// function is passed an explicit va_arg argument (e.g., vprintf) 37171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 37271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// format_idx - The index into Args for the format string. 37371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 37471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Improper format strings to functions in the printf family can be 37571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// the source of bizarre bugs and very serious security holes. A 37671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// good source of information is available in the following paper 37771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (which includes additional references): 37859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// 37959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// FormatGuard: Automatic Protection From printf Format String 38059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// Vulnerabilities, Proceedings of the 10th USENIX Security Symposium, 2001. 38171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 38271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Functionality implemented: 38371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 38471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// We can statically check the following properties for string 38571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// literal format strings for non v.*printf functions (where the 38671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// arguments are passed directly): 38771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek// 38871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (1) Are the number of format conversions equal to the number of 38971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// data arguments? 39071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 39171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (2) Does each format conversion correctly match the type of the 39271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// corresponding data argument? (TODO) 39371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 39471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Moreover, for all printf functions we can: 39571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 39671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (3) Check for a missing format string (when not caught by type checking). 39771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 39871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (4) Check for no-operation flags; e.g. using "#" with format 39971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// conversion 'c' (TODO) 40071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 40171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (5) Check the use of '%n', a major source of security holes. 40271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 40371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (6) Check for malformed format conversions that don't specify anything. 40471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 40571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (7) Check for empty format strings. e.g: printf(""); 40671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 40771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (8) Check that the format string is a wide literal. 40871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 4096d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (9) Also check the arguments of functions with the __format__ attribute. 4106d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (TODO). 4116d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// 41271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// All of these checks can be done by parsing the format string. 41371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 41471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// For now, we ONLY do (1), (3), (5), (6), (7), and (8). 41559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnervoid 416925e60d3fa706f31886027c876989af79eb0e0d2Chris LattnerSema::CheckPrintfArguments(CallExpr *TheCall, bool HasVAListArg, 417925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner unsigned format_idx) { 418925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *Fn = TheCall->getCallee(); 419925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner 42071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: printf-like function is called with no format string. 421925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (format_idx >= TheCall->getNumArgs()) { 422925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getRParenLoc(), diag::warn_printf_missing_format_string, 42371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 42471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 42571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 42671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 42756f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner Expr *OrigFormatExpr = TheCall->getArg(format_idx)->IgnoreParenCasts(); 428459e8488046be5df0bf57f0a8677316abf253167Chris Lattner 42959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // CHECK: format string is not a string literal. 43059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // 43171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Dynamically generated format strings are difficult to 43271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // automatically vet at compile time. Requiring that format strings 43371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // are string literals: (1) permits the checking of format strings by 43471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the compiler and thereby (2) can practically remove the source of 43571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // many format string exploits. 4367ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 4377ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Format string can be either ObjC string (e.g. @"%d") or 4387ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // C string (e.g. "%d") 4397ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // ObjC string uses the same format specifiers as C string, so we can use 4407ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // the same format string checking logic for both ObjC and C strings. 4417ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(OrigFormatExpr); 4427ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek StringLiteral *FExpr = NULL; 4437ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 4447ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek if(ObjCFExpr != NULL) 4457ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek FExpr = ObjCFExpr->getString(); 4467ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek else 4477ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek FExpr = dyn_cast<StringLiteral>(OrigFormatExpr); 4487ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 44971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (FExpr == NULL) { 4504a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // For vprintf* functions (i.e., HasVAListArg==true), we add a 4514a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // special check to see if the format string is a function parameter 4524a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // of the function calling the printf function. If the function 4534a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // has an attribute indicating it is a printf-like function, then we 4544a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // should suppress warnings concerning non-literals being used in a call 4554a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // to a vprintf function. For example: 4564a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 4574a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // void 4584a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // logmessage(char const *fmt __attribute__ (format (printf, 1, 2)), ...) { 4594a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_list ap; 4604a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_start(ap, fmt); 4614a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // vprintf(fmt, ap); // Do NOT emit a warning about "fmt". 4624a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // ... 4634a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 4644a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 4654a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // FIXME: We don't have full attribute support yet, so just check to see 4664a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // if the argument is a DeclRefExpr that references a parameter. We'll 4674a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // add proper support for checking the attribute later. 4684a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek if (HasVAListArg) 469998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner if (DeclRefExpr* DR = dyn_cast<DeclRefExpr>(OrigFormatExpr)) 470998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner if (isa<ParmVarDecl>(DR->getDecl())) 4714a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek return; 4724a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek 473925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx)->getLocStart(), 4749801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek diag::warn_printf_not_string_constant, 4759801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 47671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 47771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 47871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 47971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: is the format string a wide literal? 48071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (FExpr->isWide()) { 481925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(FExpr->getLocStart(), 4829801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek diag::warn_printf_format_string_is_wide_literal, 4839801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 48471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 48571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 48671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 48771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Str - The format string. NOTE: this is NOT null-terminated! 48871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const char * const Str = FExpr->getStrData(); 48971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 49071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: empty format string? 49171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const unsigned StrLen = FExpr->getByteLength(); 49271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 49371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (StrLen == 0) { 494925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(FExpr->getLocStart(), diag::warn_printf_empty_format_string, 4959801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 49671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 49771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 49871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 49971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // We process the format string using a binary state machine. The 50071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // current state is stored in CurrentState. 50171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek enum { 50271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_OrdChr, 50371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_Conversion 50471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } CurrentState = state_OrdChr; 50571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 50671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numConversions - The number of conversions seen so far. This is 50771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // incremented as we traverse the format string. 50871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned numConversions = 0; 50971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 51071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numDataArgs - The number of data arguments after the format 51171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // string. This can only be determined for non vprintf-like 51271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // functions. For those functions, this value is 1 (the sole 51371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // va_arg argument). 514925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner unsigned numDataArgs = TheCall->getNumArgs()-(format_idx+1); 51571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 51671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Inspect the format string. 51771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned StrIdx = 0; 51871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 51971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // LastConversionIdx - Index within the format string where we last saw 52071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // a '%' character that starts a new format conversion. 52171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned LastConversionIdx = 0; 52271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 523925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner for (; StrIdx < StrLen; ++StrIdx) { 524998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner 52571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Is the number of detected conversion conversions greater than 52671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the number of matching data arguments? If so, stop. 52771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg && numConversions > numDataArgs) break; 52871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 52971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Handle "\0" 530925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (Str[StrIdx] == '\0') { 53171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // The string returned by getStrData() is not null-terminated, 53271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // so the presence of a null character is likely an error. 533998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner Diag(PP.AdvanceToTokenCharacter(FExpr->getLocStart(), StrIdx+1), 534998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner diag::warn_printf_format_string_contains_null_char, 5359801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 53671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 53771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 53871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 53971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Ordinary characters (not processing a format conversion). 54071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_OrdChr) { 54171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (Str[StrIdx] == '%') { 54271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek CurrentState = state_Conversion; 54371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek LastConversionIdx = StrIdx; 54471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 54571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek continue; 54671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 54771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 54871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Seen '%'. Now processing a format conversion. 54971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek switch (Str[StrIdx]) { 550fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle dynamic precision or width specifier. 551fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '*': { 552fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 553fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 554fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!HasVAListArg && numConversions > numDataArgs) { 555fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = FExpr->getLocStart(); 556fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Loc = PP.AdvanceToTokenCharacter(Loc, StrIdx+1); 557580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 558580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek if (Str[StrIdx-1] == '.') 559fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_missing_arg, 5609801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 561580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek else 562fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_width_missing_arg, 5639801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 564580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 565fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Don't do any more checking. We'll just emit spurious errors. 566fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return; 567580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek } 568fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 569fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Perform type checking on width/precision specifier. 570fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *E = TheCall->getArg(format_idx+numConversions); 571fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (const BuiltinType *BT = E->getType()->getAsBuiltinType()) 572fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (BT->getKind() == BuiltinType::Int) 573fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 574fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 575fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = 576fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner PP.AdvanceToTokenCharacter(FExpr->getLocStart(), StrIdx+1); 577fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 578fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Str[StrIdx-1] == '.') 579fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_wrong_type, 580fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner E->getType().getAsString(), E->getSourceRange()); 581fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 582fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_width_wrong_type, 583fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner E->getType().getAsString(), E->getSourceRange()); 584fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 585fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 586fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 587fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 588fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Characters which can terminate a format conversion 589fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // (e.g. "%d"). Characters that specify length modifiers or 590fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // other flags are handled by the default case below. 591fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // 592fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // FIXME: additional checks will go into the following cases. 593fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'i': 594fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'd': 595fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'o': 596fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'u': 597fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'x': 598fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'X': 599fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'D': 600fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'O': 601fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'U': 602fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'e': 603fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'E': 604fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'f': 605fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'F': 606fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'g': 607fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'G': 608fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'a': 609fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'A': 610fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'c': 611fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'C': 612fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'S': 613fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 's': 614fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'p': 615fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 616fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 617fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 61871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 619fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // CHECK: Are we using "%n"? Issue a warning. 620fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'n': { 621fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 622fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 623fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 624fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner LastConversionIdx+1); 625fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 6269801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek Diag(Loc, diag::warn_printf_write_back, OrigFormatExpr->getSourceRange()); 627fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 628fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 6297ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 6307ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Handle "%@" 6317ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek case '@': 6327ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // %@ is allowed in ObjC format strings only. 6337ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek if(ObjCFExpr != NULL) 6347ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek CurrentState = state_OrdChr; 6357ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek else { 6367ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Issue a warning: invalid format conversion. 6377ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 6387ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek LastConversionIdx+1); 6397ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 6407ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek Diag(Loc, diag::warn_printf_invalid_conversion, 6417ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek std::string(Str+LastConversionIdx, 6427ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek Str+std::min(LastConversionIdx+2, StrLen)), 6439801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 6447ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek } 6457ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek ++numConversions; 6467ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek break; 6477ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 648fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle "%%" 649fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '%': 650fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Sanity check: Was the first "%" character the previous one? 651fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // If not, we will assume that we have a malformed format 652fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion, and that the current "%" character is the start 653fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // of a new conversion. 654fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (StrIdx - LastConversionIdx == 1) 655fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 656fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else { 657fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Issue a warning: invalid format conversion. 658925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 659925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx+1); 660fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 661fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_invalid_conversion, 662fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner std::string(Str+LastConversionIdx, Str+StrIdx), 6639801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 664fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 665fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This conversion is broken. Advance to the next format 666fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion. 667fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner LastConversionIdx = StrIdx; 668fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 66971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 670fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 67171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 672fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 673fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This case catches all other characters: flags, widths, etc. 674fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // We should eventually process those as well. 675fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 67671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 67771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 67871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 67971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_Conversion) { 68071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Issue a warning: invalid format conversion. 681925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 682925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx+1); 68371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 68471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Diag(Loc, diag::warn_printf_invalid_conversion, 685a9e2ea107d9419a6406f01e513679327032da193Chris Lattner std::string(Str+LastConversionIdx, 686a9e2ea107d9419a6406f01e513679327032da193Chris Lattner Str+std::min(LastConversionIdx+2, StrLen)), 6879801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 68871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 68971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 69071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 69171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg) { 69271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of format conversions exceed the number 69371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // of data arguments? 69471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (numConversions > numDataArgs) { 695925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 696925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx); 69771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 69871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Diag(Loc, diag::warn_printf_insufficient_data_args, 6999801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 70071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 70171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of data arguments exceed the number of 70271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // format conversions in the format string? 70371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek else if (numConversions < numDataArgs) 704925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx+numConversions+1)->getLocStart(), 7059801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek diag::warn_printf_too_many_data_args, 7069801c8b47a689c0633f7cb4df984aa8c1a52a658Ted Kremenek OrigFormatExpr->getSourceRange()); 70771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 70871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek} 70906de276fff91264437fa75111ed76de43097e089Ted Kremenek 71006de276fff91264437fa75111ed76de43097e089Ted Kremenek//===--- CHECK: Return Address of Stack Variable --------------------------===// 71106de276fff91264437fa75111ed76de43097e089Ted Kremenek 71206de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E); 71306de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr* E); 71406de276fff91264437fa75111ed76de43097e089Ted Kremenek 71506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// CheckReturnStackAddr - Check if a return statement returns the address 71606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable. 71706de276fff91264437fa75111ed76de43097e089Ted Kremenekvoid 71806de276fff91264437fa75111ed76de43097e089Ted KremenekSema::CheckReturnStackAddr(Expr *RetValExp, QualType lhsType, 71906de276fff91264437fa75111ed76de43097e089Ted Kremenek SourceLocation ReturnLoc) { 72056f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner 72106de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for returned stack addresses. 722dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff if (lhsType->isPointerType() || lhsType->isBlockPointerType()) { 72306de276fff91264437fa75111ed76de43097e089Ted Kremenek if (DeclRefExpr *DR = EvalAddr(RetValExp)) 72406de276fff91264437fa75111ed76de43097e089Ted Kremenek Diag(DR->getLocStart(), diag::warn_ret_stack_addr, 72506de276fff91264437fa75111ed76de43097e089Ted Kremenek DR->getDecl()->getIdentifier()->getName(), 72606de276fff91264437fa75111ed76de43097e089Ted Kremenek RetValExp->getSourceRange()); 727c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff 728c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff // Skip over implicit cast expressions when checking for block expressions. 729c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff if (ImplicitCastExpr *IcExpr = 730c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff dyn_cast_or_null<ImplicitCastExpr>(RetValExp)) 731c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff RetValExp = IcExpr->getSubExpr(); 732c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff 73361f40a2b67fc2046768e14f66b617e564cbcc3d8Steve Naroff if (BlockExpr *C = dyn_cast_or_null<BlockExpr>(RetValExp)) 734dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff Diag(C->getLocStart(), diag::err_ret_local_block, 735dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff C->getSourceRange()); 73606de276fff91264437fa75111ed76de43097e089Ted Kremenek } 73706de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for stack values returned by reference. 73806de276fff91264437fa75111ed76de43097e089Ted Kremenek else if (lhsType->isReferenceType()) { 73949badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // Check for a reference to the stack 74049badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor if (DeclRefExpr *DR = EvalVal(RetValExp)) 74149badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor Diag(DR->getLocStart(), diag::warn_ret_stack_ref, 74249badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor DR->getDecl()->getIdentifier()->getName(), 74349badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor RetValExp->getSourceRange()); 74406de276fff91264437fa75111ed76de43097e089Ted Kremenek } 74506de276fff91264437fa75111ed76de43097e089Ted Kremenek} 74606de276fff91264437fa75111ed76de43097e089Ted Kremenek 74706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalAddr - EvalAddr and EvalVal are mutually recursive functions that 74806de276fff91264437fa75111ed76de43097e089Ted Kremenek/// check if the expression in a return statement evaluates to an address 74906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// to a location on the stack. The recursion is used to traverse the 75006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// AST of the return expression, with recursion backtracking when we 75106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// encounter a subexpression that (1) clearly does not lead to the address 75206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable or (2) is something we cannot determine leads to 75306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the address of a stack variable based on such local checking. 75406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 755e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// EvalAddr processes expressions that are pointers that are used as 756e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// references (and not L-values). EvalVal handles all other values. 75706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// At the base case of the recursion is a check for a DeclRefExpr* in 75806de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the refers to a stack variable. 75906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 76006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// This implementation handles: 76106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 76206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer-to-pointer casts 76306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * implicit conversions from array references to pointers 76406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of fields 76506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * arbitrary interplay between "&" and "*" operators 76606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer arithmetic from an address of a stack variable 76706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of an array element where the array is on the stack 76806de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr *E) { 76906de276fff91264437fa75111ed76de43097e089Ted Kremenek // We should only be called for evaluating pointer expressions. 770dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff assert((E->getType()->isPointerType() || 771dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff E->getType()->isBlockPointerType() || 772a526c5c67e5a0473c340903ee542ce570119665fTed Kremenek E->getType()->isObjCQualifiedIdType()) && 773fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner "EvalAddr only works on pointers"); 77406de276fff91264437fa75111ed76de43097e089Ted Kremenek 77506de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 77606de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 77706de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 77806de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 779fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ParenExprClass: 780fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Ignore parentheses. 781fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(cast<ParenExpr>(E)->getSubExpr()); 78206de276fff91264437fa75111ed76de43097e089Ted Kremenek 783fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::UnaryOperatorClass: { 784fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // The only unary operator that make sense to handle here 785fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // is AddrOf. All others don't make sense as pointers. 786fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner UnaryOperator *U = cast<UnaryOperator>(E); 78706de276fff91264437fa75111ed76de43097e089Ted Kremenek 788fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (U->getOpcode() == UnaryOperator::AddrOf) 789fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalVal(U->getSubExpr()); 790fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 791fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 792fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 793fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 794fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::BinaryOperatorClass: { 795fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle pointer arithmetic. All other binary operators are not valid 796fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // in this context. 797fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator *B = cast<BinaryOperator>(E); 798fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator::Opcode op = B->getOpcode(); 79906de276fff91264437fa75111ed76de43097e089Ted Kremenek 800fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (op != BinaryOperator::Add && op != BinaryOperator::Sub) 801fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 80206de276fff91264437fa75111ed76de43097e089Ted Kremenek 803fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *Base = B->getLHS(); 8043907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 805fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Determine which argument is the real pointer base. It could be 806fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // the RHS argument instead of the LHS. 807fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!Base->getType()->isPointerType()) Base = B->getRHS(); 80806de276fff91264437fa75111ed76de43097e089Ted Kremenek 809fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner assert (Base->getType()->isPointerType()); 810fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(Base); 811fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 81261f40a2b67fc2046768e14f66b617e564cbcc3d8Steve Naroff 813fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For conditional operators we need to see if either the LHS or RHS are 814fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // valid DeclRefExpr*s. If one of them is valid, we return it. 815fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ConditionalOperatorClass: { 816fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ConditionalOperator *C = cast<ConditionalOperator>(E); 817fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 818fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle the GNU extension for missing LHS. 819fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Expr *lhsExpr = C->getLHS()) 820fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (DeclRefExpr* LHS = EvalAddr(lhsExpr)) 821fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return LHS; 82206de276fff91264437fa75111ed76de43097e089Ted Kremenek 823fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(C->getRHS()); 824fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 825fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 82654b5274f2c190331438375ad114dad12ae098b57Ted Kremenek // For casts, we need to handle conversions from arrays to 82754b5274f2c190331438375ad114dad12ae098b57Ted Kremenek // pointer values, and pointer-to-pointer conversions. 82849badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::ImplicitCastExprClass: 82949badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::ExplicitCCastExprClass: 83049badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXFunctionalCastExprClass: { 8310835a3cdeefe714b4959d31127ea155e56393125Argyrios Kyrtzidis Expr* SubExpr = cast<CastExpr>(E)->getSubExpr(); 83254b5274f2c190331438375ad114dad12ae098b57Ted Kremenek QualType T = SubExpr->getType(); 833fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 834dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff if (SubExpr->getType()->isPointerType() || 835dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff SubExpr->getType()->isBlockPointerType() || 836dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff SubExpr->getType()->isObjCQualifiedIdType()) 837fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(SubExpr); 83854b5274f2c190331438375ad114dad12ae098b57Ted Kremenek else if (T->isArrayType()) 83954b5274f2c190331438375ad114dad12ae098b57Ted Kremenek return EvalVal(SubExpr); 840fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 84154b5274f2c190331438375ad114dad12ae098b57Ted Kremenek return 0; 842fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 843fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 844fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // C++ casts. For dynamic casts, static casts, and const casts, we 845fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // are always converting from a pointer-to-pointer, so we just blow 84649badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // through the cast. In the case the dynamic cast doesn't fail (and 84749badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // return NULL), we take the conservative route and report cases 848fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // where we return the address of a stack variable. For Reinterpre 84949badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // FIXME: The comment about is wrong; we're not always converting 85049badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // from pointer to pointer. I'm guessing that this code should also 85149badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // handle references to objects. 85249badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXStaticCastExprClass: 85349badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXDynamicCastExprClass: 85449badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXConstCastExprClass: 85549badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXReinterpretCastExprClass: { 85649badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor Expr *S = cast<CXXNamedCastExpr>(E)->getSubExpr(); 857dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff if (S->getType()->isPointerType() || S->getType()->isBlockPointerType()) 858fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(S); 85906de276fff91264437fa75111ed76de43097e089Ted Kremenek else 86006de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 861fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 862fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 863fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Everything else: we simply don't reason about them. 864fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 865fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 86606de276fff91264437fa75111ed76de43097e089Ted Kremenek } 86706de276fff91264437fa75111ed76de43097e089Ted Kremenek} 86806de276fff91264437fa75111ed76de43097e089Ted Kremenek 86906de276fff91264437fa75111ed76de43097e089Ted Kremenek 87006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalVal - This function is complements EvalAddr in the mutual recursion. 87106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// See the comments for EvalAddr for more details. 87206de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E) { 87306de276fff91264437fa75111ed76de43097e089Ted Kremenek 874e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // We should only be called for evaluating non-pointer expressions, or 875e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // expressions with a pointer type that are not used as references but instead 876e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // are l-values (e.g., DeclRefExpr with a pointer type). 877e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek 87806de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 87906de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 88006de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 88106de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 88206de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::DeclRefExprClass: { 88306de276fff91264437fa75111ed76de43097e089Ted Kremenek // DeclRefExpr: the base case. When we hit a DeclRefExpr we are looking 88406de276fff91264437fa75111ed76de43097e089Ted Kremenek // at code that refers to a variable's name. We check if it has local 88506de276fff91264437fa75111ed76de43097e089Ted Kremenek // storage within the function, and if so, return the expression. 88606de276fff91264437fa75111ed76de43097e089Ted Kremenek DeclRefExpr *DR = cast<DeclRefExpr>(E); 88706de276fff91264437fa75111ed76de43097e089Ted Kremenek 88806de276fff91264437fa75111ed76de43097e089Ted Kremenek if (VarDecl *V = dyn_cast<VarDecl>(DR->getDecl())) 88906de276fff91264437fa75111ed76de43097e089Ted Kremenek if(V->hasLocalStorage()) return DR; 89006de276fff91264437fa75111ed76de43097e089Ted Kremenek 89106de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 89206de276fff91264437fa75111ed76de43097e089Ted Kremenek } 89306de276fff91264437fa75111ed76de43097e089Ted Kremenek 89406de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ParenExprClass: 89506de276fff91264437fa75111ed76de43097e089Ted Kremenek // Ignore parentheses. 89606de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(cast<ParenExpr>(E)->getSubExpr()); 89706de276fff91264437fa75111ed76de43097e089Ted Kremenek 89806de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::UnaryOperatorClass: { 89906de276fff91264437fa75111ed76de43097e089Ted Kremenek // The only unary operator that make sense to handle here 90006de276fff91264437fa75111ed76de43097e089Ted Kremenek // is Deref. All others don't resolve to a "name." This includes 90106de276fff91264437fa75111ed76de43097e089Ted Kremenek // handling all sorts of rvalues passed to a unary operator. 90206de276fff91264437fa75111ed76de43097e089Ted Kremenek UnaryOperator *U = cast<UnaryOperator>(E); 90306de276fff91264437fa75111ed76de43097e089Ted Kremenek 90406de276fff91264437fa75111ed76de43097e089Ted Kremenek if (U->getOpcode() == UnaryOperator::Deref) 90506de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalAddr(U->getSubExpr()); 90606de276fff91264437fa75111ed76de43097e089Ted Kremenek 90706de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 90806de276fff91264437fa75111ed76de43097e089Ted Kremenek } 90906de276fff91264437fa75111ed76de43097e089Ted Kremenek 91006de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ArraySubscriptExprClass: { 91106de276fff91264437fa75111ed76de43097e089Ted Kremenek // Array subscripts are potential references to data on the stack. We 91206de276fff91264437fa75111ed76de43097e089Ted Kremenek // retrieve the DeclRefExpr* for the array variable if it indeed 91306de276fff91264437fa75111ed76de43097e089Ted Kremenek // has local storage. 9142324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek return EvalAddr(cast<ArraySubscriptExpr>(E)->getBase()); 91506de276fff91264437fa75111ed76de43097e089Ted Kremenek } 91606de276fff91264437fa75111ed76de43097e089Ted Kremenek 91706de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ConditionalOperatorClass: { 91806de276fff91264437fa75111ed76de43097e089Ted Kremenek // For conditional operators we need to see if either the LHS or RHS are 91906de276fff91264437fa75111ed76de43097e089Ted Kremenek // non-NULL DeclRefExpr's. If one is non-NULL, we return it. 92006de276fff91264437fa75111ed76de43097e089Ted Kremenek ConditionalOperator *C = cast<ConditionalOperator>(E); 92106de276fff91264437fa75111ed76de43097e089Ted Kremenek 9223907323dd6665c0c4e383435cb145233f4533406Anders Carlsson // Handle the GNU extension for missing LHS. 9233907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (Expr *lhsExpr = C->getLHS()) 9243907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (DeclRefExpr *LHS = EvalVal(lhsExpr)) 9253907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return LHS; 9263907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 9273907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return EvalVal(C->getRHS()); 92806de276fff91264437fa75111ed76de43097e089Ted Kremenek } 92906de276fff91264437fa75111ed76de43097e089Ted Kremenek 93006de276fff91264437fa75111ed76de43097e089Ted Kremenek // Accesses to members are potential references to data on the stack. 93106de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::MemberExprClass: { 93206de276fff91264437fa75111ed76de43097e089Ted Kremenek MemberExpr *M = cast<MemberExpr>(E); 93306de276fff91264437fa75111ed76de43097e089Ted Kremenek 93406de276fff91264437fa75111ed76de43097e089Ted Kremenek // Check for indirect access. We only want direct field accesses. 93506de276fff91264437fa75111ed76de43097e089Ted Kremenek if (!M->isArrow()) 93606de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(M->getBase()); 93706de276fff91264437fa75111ed76de43097e089Ted Kremenek else 93806de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 93906de276fff91264437fa75111ed76de43097e089Ted Kremenek } 94006de276fff91264437fa75111ed76de43097e089Ted Kremenek 94106de276fff91264437fa75111ed76de43097e089Ted Kremenek // Everything else: we simply don't reason about them. 94206de276fff91264437fa75111ed76de43097e089Ted Kremenek default: 94306de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 94406de276fff91264437fa75111ed76de43097e089Ted Kremenek } 94506de276fff91264437fa75111ed76de43097e089Ted Kremenek} 946588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 947588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek//===--- CHECK: Floating-Point comparisons (-Wfloat-equal) ---------------===// 948588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 949588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Check for comparisons of floating point operands using != and ==. 950588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Issue a warning if these are no self-comparisons, as they are not likely 951588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// to do what the programmer intended. 952588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenekvoid Sema::CheckFloatComparison(SourceLocation loc, Expr* lex, Expr *rex) { 953588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek bool EmitWarning = true; 954588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 9554e99a5fc3b203397a91136c6e695e405fb8fc606Ted Kremenek Expr* LeftExprSansParen = lex->IgnoreParens(); 95632e97b66bbce16c9e81c877794fb7a0aeeb66ccbTed Kremenek Expr* RightExprSansParen = rex->IgnoreParens(); 957588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 958588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Special case: check for x == x (which is OK). 959588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Do not emit warnings for such cases. 960588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRL = dyn_cast<DeclRefExpr>(LeftExprSansParen)) 961588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRR = dyn_cast<DeclRefExpr>(RightExprSansParen)) 962588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DRL->getDecl() == DRR->getDecl()) 963588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 964588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 9651b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 9661b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // Special case: check for comparisons against literals that can be exactly 9671b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // represented by APFloat. In such cases, do not emit a warning. This 9681b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // is a heuristic: often comparison against such literals are used to 9691b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // detect if a value in a variable has not changed. This clearly can 9701b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // lead to false negatives. 9711b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (EmitWarning) { 9721b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLL = dyn_cast<FloatingLiteral>(LeftExprSansParen)) { 9731b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLL->isExact()) 9741b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 9751b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 9761b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek else 9771b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLR = dyn_cast<FloatingLiteral>(RightExprSansParen)){ 9781b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLR->isExact()) 9791b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 9801b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 9811b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 9821b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 983588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Check for comparisons with builtin types. 984588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 985588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CL = dyn_cast<CallExpr>(LeftExprSansParen)) 986588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (isCallBuiltin(CL)) 987588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 988588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 989588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 990588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CR = dyn_cast<CallExpr>(RightExprSansParen)) 991588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (isCallBuiltin(CR)) 992588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 993588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 994588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Emit the diagnostic. 995588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 996588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek Diag(loc, diag::warn_floatingpoint_eq, 997588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek lex->getSourceRange(),rex->getSourceRange()); 998588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek} 999