SemaChecking.cpp revision 53d0ea5f5bfa647ec23418bf3a3b7c183b51e4bd
159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===--- SemaChecking.cpp - Extra Semantic Checking -----------------------===// 259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// The LLVM Compiler Infrastructure 459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 50bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// This file is distributed under the University of Illinois Open Source 60bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// License. See LICENSE.TXT for details. 759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// This file implements extra semantic analysis beyond what is enforced 1159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// by the C type system. 1259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 1459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 1559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "Sema.h" 1659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/ASTContext.h" 1759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/Decl.h" 1859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/Expr.h" 192324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek#include "clang/AST/ExprCXX.h" 207ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek#include "clang/AST/ExprObjC.h" 2159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Lex/Preprocessor.h" 2259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Lex/LiteralSupport.h" 2359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/SourceManager.h" 2459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/Diagnostic.h" 2559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/LangOptions.h" 2659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/TargetInfo.h" 27e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman#include "llvm/ADT/OwningPtr.h" 2859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "llvm/ADT/SmallString.h" 2959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "llvm/ADT/StringExtras.h" 30588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek#include "SemaUtil.h" 3159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnerusing namespace clang; 3259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 3359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckFunctionCall - Check a direct function call for various correctness 3459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// and safety properties not strictly enforced by the C type system. 35d38617c8a50f9729c254ab76cd359af797c6739bEli FriedmanAction::ExprResult 36e801870b638e47a5734a3ea63ddfb45f1711e078Eli FriedmanSema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCallRaw) { 37e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman llvm::OwningPtr<CallExpr> TheCall(TheCallRaw); 3859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Get the IdentifierInfo* for the called function. 3959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner IdentifierInfo *FnInfo = FDecl->getIdentifier(); 4059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 4130ce344307f8a8b00054021307015571f83c7364Chris Lattner switch (FnInfo->getBuiltinID()) { 4230ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin___CFStringMakeConstantString: 43925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner assert(TheCall->getNumArgs() == 1 && 441b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner "Wrong # arguments to builtin CFStringMakeConstantString"); 45e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (CheckBuiltinCFStringArgument(TheCall->getArg(0))) 46d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 47e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 4830ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin_va_start: 49e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (SemaBuiltinVAStart(TheCall.get())) { 50d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 51d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 52e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 531b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreater: 541b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreaterequal: 551b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isless: 561b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessequal: 571b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessgreater: 581b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isunordered: 59e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (SemaBuiltinUnorderedCompare(TheCall.get())) 60d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 61e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 626cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman case Builtin::BI__builtin_return_address: 636cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman case Builtin::BI__builtin_frame_address: 646cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman if (SemaBuiltinStackAddress(TheCall.get())) 656cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return true; 666cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return TheCall.take(); 67d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman case Builtin::BI__builtin_shufflevector: 68e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return SemaBuiltinShuffleVector(TheCall.get()); 6971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 7071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 7159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Search the KnownFunctionIDs for the identifier. 7259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner unsigned i = 0, e = id_num_known_functions; 7371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek for (; i != e; ++i) { if (KnownFunctionIDs[i] == FnInfo) break; } 74e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (i == e) return TheCall.take(); 7559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 7659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Printf checking. 7759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner if (i <= id_vprintf) { 7871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Retrieve the index of the format string parameter and determine 7971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // if the function is passed a va_arg argument. 8059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner unsigned format_idx = 0; 8171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek bool HasVAListArg = false; 8271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 8359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner switch (i) { 8430ce344307f8a8b00054021307015571f83c7364Chris Lattner default: assert(false && "No format string argument index."); 8530ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_printf: format_idx = 0; break; 8630ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_fprintf: format_idx = 1; break; 8730ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_sprintf: format_idx = 1; break; 8830ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_snprintf: format_idx = 2; break; 8930ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_asprintf: format_idx = 1; break; 907ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek case id_NSLog: format_idx = 0; break; 9130ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vsnprintf: format_idx = 2; HasVAListArg = true; break; 9230ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vasprintf: format_idx = 1; HasVAListArg = true; break; 9330ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vfprintf: format_idx = 1; HasVAListArg = true; break; 9430ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vsprintf: format_idx = 1; HasVAListArg = true; break; 9530ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vprintf: format_idx = 0; HasVAListArg = true; break; 9671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 9771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 98e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman CheckPrintfArguments(TheCall.get(), HasVAListArg, format_idx); 9959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner } 10071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 101e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 10271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson} 10371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 10471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson/// CheckBuiltinCFStringArgument - Checks that the argument to the builtin 10571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson/// CFString constructor is correct 106cc6f65d9f210efc56d7418753e93bf5a14f3ac59Chris Lattnerbool Sema::CheckBuiltinCFStringArgument(Expr* Arg) { 10756f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner Arg = Arg->IgnoreParenCasts(); 10871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 10971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson StringLiteral *Literal = dyn_cast<StringLiteral>(Arg); 11071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 11171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Literal || Literal->isWide()) { 11271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(Arg->getLocStart(), 11371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::err_cfstring_literal_not_string_constant, 11471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 1159cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return true; 11671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 11771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 11871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson const char *Data = Literal->getStrData(); 11971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson unsigned Length = Literal->getByteLength(); 12071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 12171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson for (unsigned i = 0; i < Length; ++i) { 12271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!isascii(Data[i])) { 12371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(PP.AdvanceToTokenCharacter(Arg->getLocStart(), i + 1), 12471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::warn_cfstring_literal_contains_non_ascii_character, 12571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 12671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson break; 12771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 12871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 12971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Data[i]) { 13071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(PP.AdvanceToTokenCharacter(Arg->getLocStart(), i + 1), 13171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::warn_cfstring_literal_contains_nul_character, 13271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 13371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson break; 13471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 13571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 13671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 1379cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return false; 13859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner} 13959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 140c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// SemaBuiltinVAStart - Check the arguments to __builtin_va_start for validity. 141c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// Emit an error and return true on failure, return false on success. 142925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinVAStart(CallExpr *TheCall) { 143925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *Fn = TheCall->getCallee(); 144925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) { 145925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(2)->getLocStart(), 14630ce344307f8a8b00054021307015571f83c7364Chris Lattner diag::err_typecheck_call_too_many_args, Fn->getSourceRange(), 147925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(TheCall->getArg(2)->getLocStart(), 148925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd())); 14930ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 15030ce344307f8a8b00054021307015571f83c7364Chris Lattner } 15130ce344307f8a8b00054021307015571f83c7364Chris Lattner 152c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner // Determine whether the current function is variadic or not. 153c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner bool isVariadic; 15453d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis if (getCurFunctionDecl()) 155c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner isVariadic = 15653d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis cast<FunctionTypeProto>(getCurFunctionDecl()->getType())->isVariadic(); 15730ce344307f8a8b00054021307015571f83c7364Chris Lattner else 15853d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis isVariadic = getCurMethodDecl()->isVariadic(); 15930ce344307f8a8b00054021307015571f83c7364Chris Lattner 160c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner if (!isVariadic) { 16130ce344307f8a8b00054021307015571f83c7364Chris Lattner Diag(Fn->getLocStart(), diag::err_va_start_used_in_non_variadic_function); 16230ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 16330ce344307f8a8b00054021307015571f83c7364Chris Lattner } 16430ce344307f8a8b00054021307015571f83c7364Chris Lattner 16530ce344307f8a8b00054021307015571f83c7364Chris Lattner // Verify that the second argument to the builtin is the last argument of the 16630ce344307f8a8b00054021307015571f83c7364Chris Lattner // current function or method. 16730ce344307f8a8b00054021307015571f83c7364Chris Lattner bool SecondArgIsLastNamedArgument = false; 168e2c14103dec39cbd24dac9d7b3e91277b109c14fAnders Carlsson const Expr *Arg = TheCall->getArg(1)->IgnoreParenCasts(); 16988cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson 17088cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Arg)) { 17188cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(DR->getDecl())) { 17230ce344307f8a8b00054021307015571f83c7364Chris Lattner // FIXME: This isn't correct for methods (results in bogus warning). 17330ce344307f8a8b00054021307015571f83c7364Chris Lattner // Get the last formal in the current function. 17488cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson const ParmVarDecl *LastArg; 17553d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis if (getCurFunctionDecl()) 17653d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis LastArg = *(getCurFunctionDecl()->param_end()-1); 17730ce344307f8a8b00054021307015571f83c7364Chris Lattner else 17853d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis LastArg = *(getCurMethodDecl()->param_end()-1); 17930ce344307f8a8b00054021307015571f83c7364Chris Lattner SecondArgIsLastNamedArgument = PV == LastArg; 18030ce344307f8a8b00054021307015571f83c7364Chris Lattner } 18130ce344307f8a8b00054021307015571f83c7364Chris Lattner } 18230ce344307f8a8b00054021307015571f83c7364Chris Lattner 18330ce344307f8a8b00054021307015571f83c7364Chris Lattner if (!SecondArgIsLastNamedArgument) 184925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(1)->getLocStart(), 18530ce344307f8a8b00054021307015571f83c7364Chris Lattner diag::warn_second_parameter_of_va_start_not_last_named_argument); 18630ce344307f8a8b00054021307015571f83c7364Chris Lattner return false; 1876cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman} 18830ce344307f8a8b00054021307015571f83c7364Chris Lattner 1891b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isgreater and 1901b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// friends. This is declared to take (...), so we have to check everything. 191925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinUnorderedCompare(CallExpr *TheCall) { 192925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() < 2) 193925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args); 194925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) 195925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(TheCall->getArg(2)->getLocStart(), 196925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner diag::err_typecheck_call_too_many_args, 197925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(TheCall->getArg(2)->getLocStart(), 198925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd())); 1991b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 200925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg0 = TheCall->getArg(0); 201925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg1 = TheCall->getArg(1); 2021b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2031b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // Do standard promotions between the two arguments, returning their common 2041b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // type. 205925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner QualType Res = UsualArithmeticConversions(OrigArg0, OrigArg1, false); 2061b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2071b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // If the common type isn't a real floating type, then the arguments were 2081b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // invalid for this operation. 2091b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner if (!Res->isRealFloatingType()) 210925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(OrigArg0->getLocStart(), 2111b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner diag::err_typecheck_call_invalid_ordered_compare, 2121b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner OrigArg0->getType().getAsString(), 2131b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner OrigArg1->getType().getAsString(), 214925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(OrigArg0->getLocStart(), OrigArg1->getLocEnd())); 2151b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2161b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner return false; 2171b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner} 2181b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2196cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedmanbool Sema::SemaBuiltinStackAddress(CallExpr *TheCall) { 2206cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman // The signature for these builtins is exact; the only thing we need 2216cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman // to check is that the argument is a constant. 2226cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman SourceLocation Loc; 2236cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman if (!TheCall->getArg(0)->isIntegerConstantExpr(Context, &Loc)) { 2246cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return Diag(Loc, diag::err_stack_const_level, TheCall->getSourceRange()); 2256cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman } 2266cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return false; 2276cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman} 2286cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman 229d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman/// SemaBuiltinShuffleVector - Handle __builtin_shufflevector. 230d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman// This is declared to take (...), so we have to check everything. 231d38617c8a50f9729c254ab76cd359af797c6739bEli FriedmanAction::ExprResult Sema::SemaBuiltinShuffleVector(CallExpr *TheCall) { 232d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < 3) 233d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args, 234d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getSourceRange()); 235d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 236d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType FAType = TheCall->getArg(0)->getType(); 237d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType SAType = TheCall->getArg(1)->getType(); 238d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 239d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (!FAType->isVectorType() || !SAType->isVectorType()) { 240d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), diag::err_shufflevector_non_vector, 241d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman SourceRange(TheCall->getArg(0)->getLocStart(), 242d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(1)->getLocEnd())); 243d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 244d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 245d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 246ba2561a0ab11afa64014828c759c491378ccc539Eli Friedman if (FAType.getCanonicalType().getUnqualifiedType() != 247ba2561a0ab11afa64014828c759c491378ccc539Eli Friedman SAType.getCanonicalType().getUnqualifiedType()) { 248d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), diag::err_shufflevector_incompatible_vector, 249d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman SourceRange(TheCall->getArg(0)->getLocStart(), 250d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(1)->getLocEnd())); 251d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 252d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 253d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 254d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman unsigned numElements = FAType->getAsVectorType()->getNumElements(); 255d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() != numElements+2) { 256d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < numElements+2) 257d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args, 258d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getSourceRange()); 259d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman else 260d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_many_args, 261d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getSourceRange()); 262d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 263d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 264d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 265d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman for (unsigned i = 2; i < TheCall->getNumArgs(); i++) { 266d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::APSInt Result(32); 267d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (!TheCall->getArg(i)->isIntegerConstantExpr(Result, Context)) { 268d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), 269d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman diag::err_shufflevector_nonconstant_argument, 270d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(i)->getSourceRange()); 271d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 272d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 273d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (Result.getActiveBits() > 64 || Result.getZExtValue() >= numElements*2) { 274d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), 275d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman diag::err_shufflevector_argument_too_large, 276d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(i)->getSourceRange()); 277d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 278d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 279d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 280d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 281d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::SmallVector<Expr*, 32> exprs; 282d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 283d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman for (unsigned i = 0; i < TheCall->getNumArgs(); i++) { 284d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman exprs.push_back(TheCall->getArg(i)); 285d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->setArg(i, 0); 286d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 287d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 288d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman ShuffleVectorExpr* E = new ShuffleVectorExpr( 289d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman exprs.begin(), numElements+2, FAType, 290d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getCallee()->getLocStart(), 291d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getRParenLoc()); 292d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 293d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return E; 294d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman} 29530ce344307f8a8b00054021307015571f83c7364Chris Lattner 29659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckPrintfArguments - Check calls to printf (and similar functions) for 29771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// correct use of format strings. 29871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 29971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// HasVAListArg - A predicate indicating whether the printf-like 30071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// function is passed an explicit va_arg argument (e.g., vprintf) 30171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 30271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// format_idx - The index into Args for the format string. 30371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 30471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Improper format strings to functions in the printf family can be 30571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// the source of bizarre bugs and very serious security holes. A 30671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// good source of information is available in the following paper 30771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (which includes additional references): 30859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// 30959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// FormatGuard: Automatic Protection From printf Format String 31059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// Vulnerabilities, Proceedings of the 10th USENIX Security Symposium, 2001. 31171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 31271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Functionality implemented: 31371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 31471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// We can statically check the following properties for string 31571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// literal format strings for non v.*printf functions (where the 31671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// arguments are passed directly): 31771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek// 31871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (1) Are the number of format conversions equal to the number of 31971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// data arguments? 32071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 32171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (2) Does each format conversion correctly match the type of the 32271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// corresponding data argument? (TODO) 32371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 32471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Moreover, for all printf functions we can: 32571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 32671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (3) Check for a missing format string (when not caught by type checking). 32771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 32871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (4) Check for no-operation flags; e.g. using "#" with format 32971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// conversion 'c' (TODO) 33071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 33171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (5) Check the use of '%n', a major source of security holes. 33271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 33371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (6) Check for malformed format conversions that don't specify anything. 33471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 33571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (7) Check for empty format strings. e.g: printf(""); 33671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 33771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (8) Check that the format string is a wide literal. 33871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 3396d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (9) Also check the arguments of functions with the __format__ attribute. 3406d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (TODO). 3416d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// 34271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// All of these checks can be done by parsing the format string. 34371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 34471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// For now, we ONLY do (1), (3), (5), (6), (7), and (8). 34559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnervoid 346925e60d3fa706f31886027c876989af79eb0e0d2Chris LattnerSema::CheckPrintfArguments(CallExpr *TheCall, bool HasVAListArg, 347925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner unsigned format_idx) { 348925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *Fn = TheCall->getCallee(); 349925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner 35071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: printf-like function is called with no format string. 351925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (format_idx >= TheCall->getNumArgs()) { 352925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getRParenLoc(), diag::warn_printf_missing_format_string, 35371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 35471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 35571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 35671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 35756f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner Expr *OrigFormatExpr = TheCall->getArg(format_idx)->IgnoreParenCasts(); 358459e8488046be5df0bf57f0a8677316abf253167Chris Lattner 35959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // CHECK: format string is not a string literal. 36059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // 36171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Dynamically generated format strings are difficult to 36271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // automatically vet at compile time. Requiring that format strings 36371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // are string literals: (1) permits the checking of format strings by 36471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the compiler and thereby (2) can practically remove the source of 36571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // many format string exploits. 3667ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 3677ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Format string can be either ObjC string (e.g. @"%d") or 3687ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // C string (e.g. "%d") 3697ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // ObjC string uses the same format specifiers as C string, so we can use 3707ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // the same format string checking logic for both ObjC and C strings. 3717ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(OrigFormatExpr); 3727ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek StringLiteral *FExpr = NULL; 3737ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 3747ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek if(ObjCFExpr != NULL) 3757ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek FExpr = ObjCFExpr->getString(); 3767ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek else 3777ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek FExpr = dyn_cast<StringLiteral>(OrigFormatExpr); 3787ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 37971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (FExpr == NULL) { 3804a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // For vprintf* functions (i.e., HasVAListArg==true), we add a 3814a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // special check to see if the format string is a function parameter 3824a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // of the function calling the printf function. If the function 3834a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // has an attribute indicating it is a printf-like function, then we 3844a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // should suppress warnings concerning non-literals being used in a call 3854a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // to a vprintf function. For example: 3864a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 3874a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // void 3884a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // logmessage(char const *fmt __attribute__ (format (printf, 1, 2)), ...) { 3894a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_list ap; 3904a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_start(ap, fmt); 3914a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // vprintf(fmt, ap); // Do NOT emit a warning about "fmt". 3924a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // ... 3934a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 3944a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 3954a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // FIXME: We don't have full attribute support yet, so just check to see 3964a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // if the argument is a DeclRefExpr that references a parameter. We'll 3974a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // add proper support for checking the attribute later. 3984a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek if (HasVAListArg) 399998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner if (DeclRefExpr* DR = dyn_cast<DeclRefExpr>(OrigFormatExpr)) 400998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner if (isa<ParmVarDecl>(DR->getDecl())) 4014a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek return; 4024a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek 403925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx)->getLocStart(), 404925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner diag::warn_printf_not_string_constant, Fn->getSourceRange()); 40571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 40671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 40771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 40871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: is the format string a wide literal? 40971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (FExpr->isWide()) { 410925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(FExpr->getLocStart(), 411925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner diag::warn_printf_format_string_is_wide_literal, Fn->getSourceRange()); 41271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 41371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 41471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 41571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Str - The format string. NOTE: this is NOT null-terminated! 41671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const char * const Str = FExpr->getStrData(); 41771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 41871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: empty format string? 41971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const unsigned StrLen = FExpr->getByteLength(); 42071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 42171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (StrLen == 0) { 422925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(FExpr->getLocStart(), diag::warn_printf_empty_format_string, 423925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Fn->getSourceRange()); 42471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 42571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 42671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 42771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // We process the format string using a binary state machine. The 42871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // current state is stored in CurrentState. 42971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek enum { 43071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_OrdChr, 43171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_Conversion 43271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } CurrentState = state_OrdChr; 43371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 43471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numConversions - The number of conversions seen so far. This is 43571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // incremented as we traverse the format string. 43671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned numConversions = 0; 43771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 43871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numDataArgs - The number of data arguments after the format 43971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // string. This can only be determined for non vprintf-like 44071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // functions. For those functions, this value is 1 (the sole 44171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // va_arg argument). 442925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner unsigned numDataArgs = TheCall->getNumArgs()-(format_idx+1); 44371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 44471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Inspect the format string. 44571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned StrIdx = 0; 44671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 44771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // LastConversionIdx - Index within the format string where we last saw 44871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // a '%' character that starts a new format conversion. 44971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned LastConversionIdx = 0; 45071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 451925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner for (; StrIdx < StrLen; ++StrIdx) { 452998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner 45371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Is the number of detected conversion conversions greater than 45471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the number of matching data arguments? If so, stop. 45571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg && numConversions > numDataArgs) break; 45671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 45771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Handle "\0" 458925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (Str[StrIdx] == '\0') { 45971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // The string returned by getStrData() is not null-terminated, 46071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // so the presence of a null character is likely an error. 461998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner Diag(PP.AdvanceToTokenCharacter(FExpr->getLocStart(), StrIdx+1), 462998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner diag::warn_printf_format_string_contains_null_char, 46371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 46471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 46571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 46671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 46771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Ordinary characters (not processing a format conversion). 46871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_OrdChr) { 46971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (Str[StrIdx] == '%') { 47071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek CurrentState = state_Conversion; 47171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek LastConversionIdx = StrIdx; 47271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 47371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek continue; 47471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 47571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 47671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Seen '%'. Now processing a format conversion. 47771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek switch (Str[StrIdx]) { 478fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle dynamic precision or width specifier. 479fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '*': { 480fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 481fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 482fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!HasVAListArg && numConversions > numDataArgs) { 483fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = FExpr->getLocStart(); 484fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Loc = PP.AdvanceToTokenCharacter(Loc, StrIdx+1); 485580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 486580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek if (Str[StrIdx-1] == '.') 487fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_missing_arg, 488fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Fn->getSourceRange()); 489580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek else 490fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_width_missing_arg, 491fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Fn->getSourceRange()); 492580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 493fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Don't do any more checking. We'll just emit spurious errors. 494fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return; 495580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek } 496fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 497fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Perform type checking on width/precision specifier. 498fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *E = TheCall->getArg(format_idx+numConversions); 499fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (const BuiltinType *BT = E->getType()->getAsBuiltinType()) 500fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (BT->getKind() == BuiltinType::Int) 501fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 502fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 503fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = 504fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner PP.AdvanceToTokenCharacter(FExpr->getLocStart(), StrIdx+1); 505fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 506fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Str[StrIdx-1] == '.') 507fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_wrong_type, 508fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner E->getType().getAsString(), E->getSourceRange()); 509fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 510fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_width_wrong_type, 511fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner E->getType().getAsString(), E->getSourceRange()); 512fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 513fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 514fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 515fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 516fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Characters which can terminate a format conversion 517fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // (e.g. "%d"). Characters that specify length modifiers or 518fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // other flags are handled by the default case below. 519fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // 520fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // FIXME: additional checks will go into the following cases. 521fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'i': 522fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'd': 523fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'o': 524fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'u': 525fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'x': 526fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'X': 527fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'D': 528fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'O': 529fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'U': 530fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'e': 531fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'E': 532fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'f': 533fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'F': 534fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'g': 535fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'G': 536fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'a': 537fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'A': 538fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'c': 539fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'C': 540fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'S': 541fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 's': 542fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'p': 543fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 544fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 545fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 54671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 547fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // CHECK: Are we using "%n"? Issue a warning. 548fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'n': { 549fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 550fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 551fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 552fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner LastConversionIdx+1); 553fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 554fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_write_back, Fn->getSourceRange()); 555fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 556fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 5577ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 5587ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Handle "%@" 5597ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek case '@': 5607ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // %@ is allowed in ObjC format strings only. 5617ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek if(ObjCFExpr != NULL) 5627ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek CurrentState = state_OrdChr; 5637ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek else { 5647ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Issue a warning: invalid format conversion. 5657ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 5667ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek LastConversionIdx+1); 5677ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 5687ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek Diag(Loc, diag::warn_printf_invalid_conversion, 5697ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek std::string(Str+LastConversionIdx, 5707ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek Str+std::min(LastConversionIdx+2, StrLen)), 5717ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek Fn->getSourceRange()); 5727ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek } 5737ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek ++numConversions; 5747ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek break; 5757ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 576fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle "%%" 577fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '%': 578fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Sanity check: Was the first "%" character the previous one? 579fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // If not, we will assume that we have a malformed format 580fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion, and that the current "%" character is the start 581fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // of a new conversion. 582fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (StrIdx - LastConversionIdx == 1) 583fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 584fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else { 585fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Issue a warning: invalid format conversion. 586925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 587925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx+1); 588fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 589fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_invalid_conversion, 590fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner std::string(Str+LastConversionIdx, Str+StrIdx), 591fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Fn->getSourceRange()); 592fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 593fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This conversion is broken. Advance to the next format 594fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion. 595fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner LastConversionIdx = StrIdx; 596fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 59771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 598fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 59971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 600fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 601fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This case catches all other characters: flags, widths, etc. 602fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // We should eventually process those as well. 603fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 60471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 60571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 60671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 60771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_Conversion) { 60871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Issue a warning: invalid format conversion. 609925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 610925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx+1); 61171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 61271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Diag(Loc, diag::warn_printf_invalid_conversion, 613a9e2ea107d9419a6406f01e513679327032da193Chris Lattner std::string(Str+LastConversionIdx, 614a9e2ea107d9419a6406f01e513679327032da193Chris Lattner Str+std::min(LastConversionIdx+2, StrLen)), 61571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 61671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 61771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 61871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 61971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg) { 62071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of format conversions exceed the number 62171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // of data arguments? 62271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (numConversions > numDataArgs) { 623925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 624925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx); 62571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 62671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Diag(Loc, diag::warn_printf_insufficient_data_args, 62771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 62871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 62971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of data arguments exceed the number of 63071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // format conversions in the format string? 63171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek else if (numConversions < numDataArgs) 632925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx+numConversions+1)->getLocStart(), 63371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek diag::warn_printf_too_many_data_args, Fn->getSourceRange()); 63471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 63571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek} 63606de276fff91264437fa75111ed76de43097e089Ted Kremenek 63706de276fff91264437fa75111ed76de43097e089Ted Kremenek//===--- CHECK: Return Address of Stack Variable --------------------------===// 63806de276fff91264437fa75111ed76de43097e089Ted Kremenek 63906de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E); 64006de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr* E); 64106de276fff91264437fa75111ed76de43097e089Ted Kremenek 64206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// CheckReturnStackAddr - Check if a return statement returns the address 64306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable. 64406de276fff91264437fa75111ed76de43097e089Ted Kremenekvoid 64506de276fff91264437fa75111ed76de43097e089Ted KremenekSema::CheckReturnStackAddr(Expr *RetValExp, QualType lhsType, 64606de276fff91264437fa75111ed76de43097e089Ted Kremenek SourceLocation ReturnLoc) { 64756f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner 64806de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for returned stack addresses. 64906de276fff91264437fa75111ed76de43097e089Ted Kremenek if (lhsType->isPointerType()) { 65006de276fff91264437fa75111ed76de43097e089Ted Kremenek if (DeclRefExpr *DR = EvalAddr(RetValExp)) 65106de276fff91264437fa75111ed76de43097e089Ted Kremenek Diag(DR->getLocStart(), diag::warn_ret_stack_addr, 65206de276fff91264437fa75111ed76de43097e089Ted Kremenek DR->getDecl()->getIdentifier()->getName(), 65306de276fff91264437fa75111ed76de43097e089Ted Kremenek RetValExp->getSourceRange()); 65406de276fff91264437fa75111ed76de43097e089Ted Kremenek } 65506de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for stack values returned by reference. 65606de276fff91264437fa75111ed76de43097e089Ted Kremenek else if (lhsType->isReferenceType()) { 65796eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek // Check for an implicit cast to a reference. 65896eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek if (ImplicitCastExpr *I = dyn_cast<ImplicitCastExpr>(RetValExp)) 65996eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek if (DeclRefExpr *DR = EvalVal(I->getSubExpr())) 66096eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek Diag(DR->getLocStart(), diag::warn_ret_stack_ref, 66196eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek DR->getDecl()->getIdentifier()->getName(), 66296eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek RetValExp->getSourceRange()); 66306de276fff91264437fa75111ed76de43097e089Ted Kremenek } 66406de276fff91264437fa75111ed76de43097e089Ted Kremenek} 66506de276fff91264437fa75111ed76de43097e089Ted Kremenek 66606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalAddr - EvalAddr and EvalVal are mutually recursive functions that 66706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// check if the expression in a return statement evaluates to an address 66806de276fff91264437fa75111ed76de43097e089Ted Kremenek/// to a location on the stack. The recursion is used to traverse the 66906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// AST of the return expression, with recursion backtracking when we 67006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// encounter a subexpression that (1) clearly does not lead to the address 67106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable or (2) is something we cannot determine leads to 67206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the address of a stack variable based on such local checking. 67306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 674e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// EvalAddr processes expressions that are pointers that are used as 675e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// references (and not L-values). EvalVal handles all other values. 67606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// At the base case of the recursion is a check for a DeclRefExpr* in 67706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the refers to a stack variable. 67806de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 67906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// This implementation handles: 68006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 68106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer-to-pointer casts 68206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * implicit conversions from array references to pointers 68306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of fields 68406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * arbitrary interplay between "&" and "*" operators 68506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer arithmetic from an address of a stack variable 68606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of an array element where the array is on the stack 68706de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr *E) { 68806de276fff91264437fa75111ed76de43097e089Ted Kremenek // We should only be called for evaluating pointer expressions. 689fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner assert((E->getType()->isPointerType() || 690a526c5c67e5a0473c340903ee542ce570119665fTed Kremenek E->getType()->isObjCQualifiedIdType()) && 691fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner "EvalAddr only works on pointers"); 69206de276fff91264437fa75111ed76de43097e089Ted Kremenek 69306de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 69406de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 69506de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 69606de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 697fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ParenExprClass: 698fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Ignore parentheses. 699fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(cast<ParenExpr>(E)->getSubExpr()); 70006de276fff91264437fa75111ed76de43097e089Ted Kremenek 701fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::UnaryOperatorClass: { 702fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // The only unary operator that make sense to handle here 703fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // is AddrOf. All others don't make sense as pointers. 704fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner UnaryOperator *U = cast<UnaryOperator>(E); 70506de276fff91264437fa75111ed76de43097e089Ted Kremenek 706fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (U->getOpcode() == UnaryOperator::AddrOf) 707fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalVal(U->getSubExpr()); 708fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 709fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 710fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 711fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 712fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::BinaryOperatorClass: { 713fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle pointer arithmetic. All other binary operators are not valid 714fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // in this context. 715fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator *B = cast<BinaryOperator>(E); 716fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator::Opcode op = B->getOpcode(); 71706de276fff91264437fa75111ed76de43097e089Ted Kremenek 718fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (op != BinaryOperator::Add && op != BinaryOperator::Sub) 719fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 72006de276fff91264437fa75111ed76de43097e089Ted Kremenek 721fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *Base = B->getLHS(); 7223907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 723fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Determine which argument is the real pointer base. It could be 724fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // the RHS argument instead of the LHS. 725fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!Base->getType()->isPointerType()) Base = B->getRHS(); 72606de276fff91264437fa75111ed76de43097e089Ted Kremenek 727fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner assert (Base->getType()->isPointerType()); 728fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(Base); 729fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 730fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 731fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For conditional operators we need to see if either the LHS or RHS are 732fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // valid DeclRefExpr*s. If one of them is valid, we return it. 733fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ConditionalOperatorClass: { 734fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ConditionalOperator *C = cast<ConditionalOperator>(E); 735fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 736fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle the GNU extension for missing LHS. 737fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Expr *lhsExpr = C->getLHS()) 738fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (DeclRefExpr* LHS = EvalAddr(lhsExpr)) 739fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return LHS; 74006de276fff91264437fa75111ed76de43097e089Ted Kremenek 741fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(C->getRHS()); 742fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 743fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 744fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For implicit casts, we need to handle conversions from arrays to 745fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // pointer values, and implicit pointer-to-pointer conversions. 746fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ImplicitCastExprClass: { 747fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ImplicitCastExpr *IE = cast<ImplicitCastExpr>(E); 748fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr* SubExpr = IE->getSubExpr(); 749fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 750fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (SubExpr->getType()->isPointerType() || 751a526c5c67e5a0473c340903ee542ce570119665fTed Kremenek SubExpr->getType()->isObjCQualifiedIdType()) 752fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(SubExpr); 753fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 754fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalVal(SubExpr); 755fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 756fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 757fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For casts, we handle pointer-to-pointer conversions (which 758fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // is essentially a no-op from our mini-interpreter's standpoint). 759fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For other casts we abort. 760fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::CastExprClass: { 761fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CastExpr *C = cast<CastExpr>(E); 762fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *SubExpr = C->getSubExpr(); 763fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 764fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (SubExpr->getType()->isPointerType()) 765fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(SubExpr); 766fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 767fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 768fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 769fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 770fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // C++ casts. For dynamic casts, static casts, and const casts, we 771fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // are always converting from a pointer-to-pointer, so we just blow 772fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // through the cast. In the case the dynamic cast doesn't fail 773fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // (and return NULL), we take the conservative route and report cases 774fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // where we return the address of a stack variable. For Reinterpre 775fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::CXXCastExprClass: { 776fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CXXCastExpr *C = cast<CXXCastExpr>(E); 777fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 778fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (C->getOpcode() == CXXCastExpr::ReinterpretCast) { 779fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *S = C->getSubExpr(); 780fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (S->getType()->isPointerType()) 781fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(S); 78206de276fff91264437fa75111ed76de43097e089Ted Kremenek else 78306de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 78406de276fff91264437fa75111ed76de43097e089Ted Kremenek } 785fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 786fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(C->getSubExpr()); 787fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 788fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 789fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Everything else: we simply don't reason about them. 790fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 791fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 79206de276fff91264437fa75111ed76de43097e089Ted Kremenek } 79306de276fff91264437fa75111ed76de43097e089Ted Kremenek} 79406de276fff91264437fa75111ed76de43097e089Ted Kremenek 79506de276fff91264437fa75111ed76de43097e089Ted Kremenek 79606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalVal - This function is complements EvalAddr in the mutual recursion. 79706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// See the comments for EvalAddr for more details. 79806de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E) { 79906de276fff91264437fa75111ed76de43097e089Ted Kremenek 800e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // We should only be called for evaluating non-pointer expressions, or 801e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // expressions with a pointer type that are not used as references but instead 802e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // are l-values (e.g., DeclRefExpr with a pointer type). 803e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek 80406de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 80506de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 80606de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 80706de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 80806de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::DeclRefExprClass: { 80906de276fff91264437fa75111ed76de43097e089Ted Kremenek // DeclRefExpr: the base case. When we hit a DeclRefExpr we are looking 81006de276fff91264437fa75111ed76de43097e089Ted Kremenek // at code that refers to a variable's name. We check if it has local 81106de276fff91264437fa75111ed76de43097e089Ted Kremenek // storage within the function, and if so, return the expression. 81206de276fff91264437fa75111ed76de43097e089Ted Kremenek DeclRefExpr *DR = cast<DeclRefExpr>(E); 81306de276fff91264437fa75111ed76de43097e089Ted Kremenek 81406de276fff91264437fa75111ed76de43097e089Ted Kremenek if (VarDecl *V = dyn_cast<VarDecl>(DR->getDecl())) 81506de276fff91264437fa75111ed76de43097e089Ted Kremenek if(V->hasLocalStorage()) return DR; 81606de276fff91264437fa75111ed76de43097e089Ted Kremenek 81706de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 81806de276fff91264437fa75111ed76de43097e089Ted Kremenek } 81906de276fff91264437fa75111ed76de43097e089Ted Kremenek 82006de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ParenExprClass: 82106de276fff91264437fa75111ed76de43097e089Ted Kremenek // Ignore parentheses. 82206de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(cast<ParenExpr>(E)->getSubExpr()); 82306de276fff91264437fa75111ed76de43097e089Ted Kremenek 82406de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::UnaryOperatorClass: { 82506de276fff91264437fa75111ed76de43097e089Ted Kremenek // The only unary operator that make sense to handle here 82606de276fff91264437fa75111ed76de43097e089Ted Kremenek // is Deref. All others don't resolve to a "name." This includes 82706de276fff91264437fa75111ed76de43097e089Ted Kremenek // handling all sorts of rvalues passed to a unary operator. 82806de276fff91264437fa75111ed76de43097e089Ted Kremenek UnaryOperator *U = cast<UnaryOperator>(E); 82906de276fff91264437fa75111ed76de43097e089Ted Kremenek 83006de276fff91264437fa75111ed76de43097e089Ted Kremenek if (U->getOpcode() == UnaryOperator::Deref) 83106de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalAddr(U->getSubExpr()); 83206de276fff91264437fa75111ed76de43097e089Ted Kremenek 83306de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 83406de276fff91264437fa75111ed76de43097e089Ted Kremenek } 83506de276fff91264437fa75111ed76de43097e089Ted Kremenek 83606de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ArraySubscriptExprClass: { 83706de276fff91264437fa75111ed76de43097e089Ted Kremenek // Array subscripts are potential references to data on the stack. We 83806de276fff91264437fa75111ed76de43097e089Ted Kremenek // retrieve the DeclRefExpr* for the array variable if it indeed 83906de276fff91264437fa75111ed76de43097e089Ted Kremenek // has local storage. 8402324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek return EvalAddr(cast<ArraySubscriptExpr>(E)->getBase()); 84106de276fff91264437fa75111ed76de43097e089Ted Kremenek } 84206de276fff91264437fa75111ed76de43097e089Ted Kremenek 84306de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ConditionalOperatorClass: { 84406de276fff91264437fa75111ed76de43097e089Ted Kremenek // For conditional operators we need to see if either the LHS or RHS are 84506de276fff91264437fa75111ed76de43097e089Ted Kremenek // non-NULL DeclRefExpr's. If one is non-NULL, we return it. 84606de276fff91264437fa75111ed76de43097e089Ted Kremenek ConditionalOperator *C = cast<ConditionalOperator>(E); 84706de276fff91264437fa75111ed76de43097e089Ted Kremenek 8483907323dd6665c0c4e383435cb145233f4533406Anders Carlsson // Handle the GNU extension for missing LHS. 8493907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (Expr *lhsExpr = C->getLHS()) 8503907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (DeclRefExpr *LHS = EvalVal(lhsExpr)) 8513907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return LHS; 8523907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 8533907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return EvalVal(C->getRHS()); 85406de276fff91264437fa75111ed76de43097e089Ted Kremenek } 85506de276fff91264437fa75111ed76de43097e089Ted Kremenek 85606de276fff91264437fa75111ed76de43097e089Ted Kremenek // Accesses to members are potential references to data on the stack. 85706de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::MemberExprClass: { 85806de276fff91264437fa75111ed76de43097e089Ted Kremenek MemberExpr *M = cast<MemberExpr>(E); 85906de276fff91264437fa75111ed76de43097e089Ted Kremenek 86006de276fff91264437fa75111ed76de43097e089Ted Kremenek // Check for indirect access. We only want direct field accesses. 86106de276fff91264437fa75111ed76de43097e089Ted Kremenek if (!M->isArrow()) 86206de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(M->getBase()); 86306de276fff91264437fa75111ed76de43097e089Ted Kremenek else 86406de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 86506de276fff91264437fa75111ed76de43097e089Ted Kremenek } 86606de276fff91264437fa75111ed76de43097e089Ted Kremenek 86706de276fff91264437fa75111ed76de43097e089Ted Kremenek // Everything else: we simply don't reason about them. 86806de276fff91264437fa75111ed76de43097e089Ted Kremenek default: 86906de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 87006de276fff91264437fa75111ed76de43097e089Ted Kremenek } 87106de276fff91264437fa75111ed76de43097e089Ted Kremenek} 872588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 873588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek//===--- CHECK: Floating-Point comparisons (-Wfloat-equal) ---------------===// 874588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 875588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Check for comparisons of floating point operands using != and ==. 876588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Issue a warning if these are no self-comparisons, as they are not likely 877588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// to do what the programmer intended. 878588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenekvoid Sema::CheckFloatComparison(SourceLocation loc, Expr* lex, Expr *rex) { 879588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek bool EmitWarning = true; 880588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 8814e99a5fc3b203397a91136c6e695e405fb8fc606Ted Kremenek Expr* LeftExprSansParen = lex->IgnoreParens(); 88232e97b66bbce16c9e81c877794fb7a0aeeb66ccbTed Kremenek Expr* RightExprSansParen = rex->IgnoreParens(); 883588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 884588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Special case: check for x == x (which is OK). 885588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Do not emit warnings for such cases. 886588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRL = dyn_cast<DeclRefExpr>(LeftExprSansParen)) 887588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRR = dyn_cast<DeclRefExpr>(RightExprSansParen)) 888588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DRL->getDecl() == DRR->getDecl()) 889588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 890588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 8911b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 8921b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // Special case: check for comparisons against literals that can be exactly 8931b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // represented by APFloat. In such cases, do not emit a warning. This 8941b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // is a heuristic: often comparison against such literals are used to 8951b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // detect if a value in a variable has not changed. This clearly can 8961b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // lead to false negatives. 8971b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (EmitWarning) { 8981b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLL = dyn_cast<FloatingLiteral>(LeftExprSansParen)) { 8991b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLL->isExact()) 9001b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 9011b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 9021b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek else 9031b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLR = dyn_cast<FloatingLiteral>(RightExprSansParen)){ 9041b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLR->isExact()) 9051b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 9061b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 9071b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 9081b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 909588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Check for comparisons with builtin types. 910588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 911588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CL = dyn_cast<CallExpr>(LeftExprSansParen)) 912588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (isCallBuiltin(CL)) 913588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 914588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 915588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 916588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CR = dyn_cast<CallExpr>(RightExprSansParen)) 917588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (isCallBuiltin(CR)) 918588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 919588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 920588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Emit the diagnostic. 921588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 922588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek Diag(loc, diag::warn_floatingpoint_eq, 923588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek lex->getSourceRange(),rex->getSourceRange()); 924588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek} 925