SemaChecking.cpp revision ba2561a0ab11afa64014828c759c491378ccc539
159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===--- SemaChecking.cpp - Extra Semantic Checking -----------------------===// 259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// The LLVM Compiler Infrastructure 459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 50bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// This file is distributed under the University of Illinois Open Source 60bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// License. See LICENSE.TXT for details. 759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// This file implements extra semantic analysis beyond what is enforced 1159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// by the C type system. 1259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 1459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 1559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "Sema.h" 1659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/ASTContext.h" 1759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/Decl.h" 1859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/Expr.h" 192324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek#include "clang/AST/ExprCXX.h" 2059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Lex/Preprocessor.h" 2159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Lex/LiteralSupport.h" 2259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/SourceManager.h" 2359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/Diagnostic.h" 2459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/LangOptions.h" 2559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Basic/TargetInfo.h" 26e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman#include "llvm/ADT/OwningPtr.h" 2759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "llvm/ADT/SmallString.h" 2859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "llvm/ADT/StringExtras.h" 29588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek#include "SemaUtil.h" 3059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnerusing namespace clang; 3159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 3259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckFunctionCall - Check a direct function call for various correctness 3359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// and safety properties not strictly enforced by the C type system. 34d38617c8a50f9729c254ab76cd359af797c6739bEli FriedmanAction::ExprResult 35e801870b638e47a5734a3ea63ddfb45f1711e078Eli FriedmanSema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCallRaw) { 36e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman llvm::OwningPtr<CallExpr> TheCall(TheCallRaw); 3759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Get the IdentifierInfo* for the called function. 3859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner IdentifierInfo *FnInfo = FDecl->getIdentifier(); 3959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 4030ce344307f8a8b00054021307015571f83c7364Chris Lattner switch (FnInfo->getBuiltinID()) { 4130ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin___CFStringMakeConstantString: 42925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner assert(TheCall->getNumArgs() == 1 && 431b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner "Wrong # arguments to builtin CFStringMakeConstantString"); 44e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (CheckBuiltinCFStringArgument(TheCall->getArg(0))) 45d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 46e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 4730ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin_va_start: 48e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (SemaBuiltinVAStart(TheCall.get())) { 49d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 50d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 51e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 521b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreater: 531b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreaterequal: 541b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isless: 551b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessequal: 561b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessgreater: 571b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isunordered: 58e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (SemaBuiltinUnorderedCompare(TheCall.get())) 59d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 60e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 61d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman case Builtin::BI__builtin_shufflevector: 62e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return SemaBuiltinShuffleVector(TheCall.get()); 6371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 6471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 6559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Search the KnownFunctionIDs for the identifier. 6659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner unsigned i = 0, e = id_num_known_functions; 6771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek for (; i != e; ++i) { if (KnownFunctionIDs[i] == FnInfo) break; } 68e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman if (i == e) return TheCall.take(); 6959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 7059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Printf checking. 7159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner if (i <= id_vprintf) { 7271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Retrieve the index of the format string parameter and determine 7371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // if the function is passed a va_arg argument. 7459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner unsigned format_idx = 0; 7571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek bool HasVAListArg = false; 7671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 7759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner switch (i) { 7830ce344307f8a8b00054021307015571f83c7364Chris Lattner default: assert(false && "No format string argument index."); 7930ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_printf: format_idx = 0; break; 8030ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_fprintf: format_idx = 1; break; 8130ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_sprintf: format_idx = 1; break; 8230ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_snprintf: format_idx = 2; break; 8330ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_asprintf: format_idx = 1; break; 8430ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vsnprintf: format_idx = 2; HasVAListArg = true; break; 8530ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vasprintf: format_idx = 1; HasVAListArg = true; break; 8630ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vfprintf: format_idx = 1; HasVAListArg = true; break; 8730ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vsprintf: format_idx = 1; HasVAListArg = true; break; 8830ce344307f8a8b00054021307015571f83c7364Chris Lattner case id_vprintf: format_idx = 0; HasVAListArg = true; break; 8971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 9071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 91e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman CheckPrintfArguments(TheCall.get(), HasVAListArg, format_idx); 9259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner } 9371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 94e801870b638e47a5734a3ea63ddfb45f1711e078Eli Friedman return TheCall.take(); 9571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson} 9671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 9771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson/// CheckBuiltinCFStringArgument - Checks that the argument to the builtin 9871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson/// CFString constructor is correct 99cc6f65d9f210efc56d7418753e93bf5a14f3ac59Chris Lattnerbool Sema::CheckBuiltinCFStringArgument(Expr* Arg) { 10056f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner Arg = Arg->IgnoreParenCasts(); 10171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 10271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson StringLiteral *Literal = dyn_cast<StringLiteral>(Arg); 10371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 10471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Literal || Literal->isWide()) { 10571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(Arg->getLocStart(), 10671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::err_cfstring_literal_not_string_constant, 10771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 1089cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return true; 10971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 11071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 11171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson const char *Data = Literal->getStrData(); 11271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson unsigned Length = Literal->getByteLength(); 11371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 11471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson for (unsigned i = 0; i < Length; ++i) { 11571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!isascii(Data[i])) { 11671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(PP.AdvanceToTokenCharacter(Arg->getLocStart(), i + 1), 11771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::warn_cfstring_literal_contains_non_ascii_character, 11871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 11971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson break; 12071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 12171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 12271993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Data[i]) { 12371993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Diag(PP.AdvanceToTokenCharacter(Arg->getLocStart(), i + 1), 12471993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson diag::warn_cfstring_literal_contains_nul_character, 12571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson Arg->getSourceRange()); 12671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson break; 12771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 12871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 12971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 1309cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return false; 13159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner} 13259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 133c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// SemaBuiltinVAStart - Check the arguments to __builtin_va_start for validity. 134c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// Emit an error and return true on failure, return false on success. 135925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinVAStart(CallExpr *TheCall) { 136925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *Fn = TheCall->getCallee(); 137925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) { 138925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(2)->getLocStart(), 13930ce344307f8a8b00054021307015571f83c7364Chris Lattner diag::err_typecheck_call_too_many_args, Fn->getSourceRange(), 140925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(TheCall->getArg(2)->getLocStart(), 141925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd())); 14230ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 14330ce344307f8a8b00054021307015571f83c7364Chris Lattner } 14430ce344307f8a8b00054021307015571f83c7364Chris Lattner 145c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner // Determine whether the current function is variadic or not. 146c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner bool isVariadic; 14730ce344307f8a8b00054021307015571f83c7364Chris Lattner if (CurFunctionDecl) 148c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner isVariadic = 149c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner cast<FunctionTypeProto>(CurFunctionDecl->getType())->isVariadic(); 15030ce344307f8a8b00054021307015571f83c7364Chris Lattner else 151c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner isVariadic = CurMethodDecl->isVariadic(); 15230ce344307f8a8b00054021307015571f83c7364Chris Lattner 153c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner if (!isVariadic) { 15430ce344307f8a8b00054021307015571f83c7364Chris Lattner Diag(Fn->getLocStart(), diag::err_va_start_used_in_non_variadic_function); 15530ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 15630ce344307f8a8b00054021307015571f83c7364Chris Lattner } 15730ce344307f8a8b00054021307015571f83c7364Chris Lattner 15830ce344307f8a8b00054021307015571f83c7364Chris Lattner // Verify that the second argument to the builtin is the last argument of the 15930ce344307f8a8b00054021307015571f83c7364Chris Lattner // current function or method. 16030ce344307f8a8b00054021307015571f83c7364Chris Lattner bool SecondArgIsLastNamedArgument = false; 161e2c14103dec39cbd24dac9d7b3e91277b109c14fAnders Carlsson const Expr *Arg = TheCall->getArg(1)->IgnoreParenCasts(); 16288cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson 16388cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Arg)) { 16488cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(DR->getDecl())) { 16530ce344307f8a8b00054021307015571f83c7364Chris Lattner // FIXME: This isn't correct for methods (results in bogus warning). 16630ce344307f8a8b00054021307015571f83c7364Chris Lattner // Get the last formal in the current function. 16788cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson const ParmVarDecl *LastArg; 16830ce344307f8a8b00054021307015571f83c7364Chris Lattner if (CurFunctionDecl) 16930ce344307f8a8b00054021307015571f83c7364Chris Lattner LastArg = *(CurFunctionDecl->param_end()-1); 17030ce344307f8a8b00054021307015571f83c7364Chris Lattner else 17130ce344307f8a8b00054021307015571f83c7364Chris Lattner LastArg = *(CurMethodDecl->param_end()-1); 17230ce344307f8a8b00054021307015571f83c7364Chris Lattner SecondArgIsLastNamedArgument = PV == LastArg; 17330ce344307f8a8b00054021307015571f83c7364Chris Lattner } 17430ce344307f8a8b00054021307015571f83c7364Chris Lattner } 17530ce344307f8a8b00054021307015571f83c7364Chris Lattner 17630ce344307f8a8b00054021307015571f83c7364Chris Lattner if (!SecondArgIsLastNamedArgument) 177925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(1)->getLocStart(), 17830ce344307f8a8b00054021307015571f83c7364Chris Lattner diag::warn_second_parameter_of_va_start_not_last_named_argument); 17930ce344307f8a8b00054021307015571f83c7364Chris Lattner return false; 18030ce344307f8a8b00054021307015571f83c7364Chris Lattner} 18130ce344307f8a8b00054021307015571f83c7364Chris Lattner 1821b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isgreater and 1831b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// friends. This is declared to take (...), so we have to check everything. 184925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinUnorderedCompare(CallExpr *TheCall) { 185925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() < 2) 186925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args); 187925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) 188925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(TheCall->getArg(2)->getLocStart(), 189925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner diag::err_typecheck_call_too_many_args, 190925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(TheCall->getArg(2)->getLocStart(), 191925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd())); 1921b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 193925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg0 = TheCall->getArg(0); 194925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg1 = TheCall->getArg(1); 1951b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 1961b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // Do standard promotions between the two arguments, returning their common 1971b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // type. 198925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner QualType Res = UsualArithmeticConversions(OrigArg0, OrigArg1, false); 1991b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2001b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // If the common type isn't a real floating type, then the arguments were 2011b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // invalid for this operation. 2021b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner if (!Res->isRealFloatingType()) 203925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(OrigArg0->getLocStart(), 2041b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner diag::err_typecheck_call_invalid_ordered_compare, 2051b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner OrigArg0->getType().getAsString(), 2061b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner OrigArg1->getType().getAsString(), 207925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceRange(OrigArg0->getLocStart(), OrigArg1->getLocEnd())); 2081b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2091b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner return false; 2101b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner} 2111b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 212d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman/// SemaBuiltinShuffleVector - Handle __builtin_shufflevector. 213d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman// This is declared to take (...), so we have to check everything. 214d38617c8a50f9729c254ab76cd359af797c6739bEli FriedmanAction::ExprResult Sema::SemaBuiltinShuffleVector(CallExpr *TheCall) { 215d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < 3) 216d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args, 217d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getSourceRange()); 218d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 219d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType FAType = TheCall->getArg(0)->getType(); 220d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType SAType = TheCall->getArg(1)->getType(); 221d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 222d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (!FAType->isVectorType() || !SAType->isVectorType()) { 223d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), diag::err_shufflevector_non_vector, 224d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman SourceRange(TheCall->getArg(0)->getLocStart(), 225d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(1)->getLocEnd())); 226d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 227d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 228d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 229ba2561a0ab11afa64014828c759c491378ccc539Eli Friedman if (FAType.getCanonicalType().getUnqualifiedType() != 230ba2561a0ab11afa64014828c759c491378ccc539Eli Friedman SAType.getCanonicalType().getUnqualifiedType()) { 231d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), diag::err_shufflevector_incompatible_vector, 232d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman SourceRange(TheCall->getArg(0)->getLocStart(), 233d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(1)->getLocEnd())); 234d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 235d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 236d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 237d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman unsigned numElements = FAType->getAsVectorType()->getNumElements(); 238d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() != numElements+2) { 239d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < numElements+2) 240d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args, 241d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getSourceRange()); 242d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman else 243d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_many_args, 244d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getSourceRange()); 245d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 246d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 247d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 248d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman for (unsigned i = 2; i < TheCall->getNumArgs(); i++) { 249d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::APSInt Result(32); 250d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (!TheCall->getArg(i)->isIntegerConstantExpr(Result, Context)) { 251d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), 252d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman diag::err_shufflevector_nonconstant_argument, 253d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(i)->getSourceRange()); 254d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 255d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 256d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (Result.getActiveBits() > 64 || Result.getZExtValue() >= numElements*2) { 257d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman Diag(TheCall->getLocStart(), 258d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman diag::err_shufflevector_argument_too_large, 259d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getArg(i)->getSourceRange()); 260d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return true; 261d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 262d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 263d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 264d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::SmallVector<Expr*, 32> exprs; 265d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 266d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman for (unsigned i = 0; i < TheCall->getNumArgs(); i++) { 267d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman exprs.push_back(TheCall->getArg(i)); 268d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->setArg(i, 0); 269d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 270d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 271d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman ShuffleVectorExpr* E = new ShuffleVectorExpr( 272d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman exprs.begin(), numElements+2, FAType, 273d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getCallee()->getLocStart(), 274d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->getRParenLoc()); 275d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 276d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman return E; 277d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman} 27830ce344307f8a8b00054021307015571f83c7364Chris Lattner 27959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckPrintfArguments - Check calls to printf (and similar functions) for 28071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// correct use of format strings. 28171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 28271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// HasVAListArg - A predicate indicating whether the printf-like 28371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// function is passed an explicit va_arg argument (e.g., vprintf) 28471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 28571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// format_idx - The index into Args for the format string. 28671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 28771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Improper format strings to functions in the printf family can be 28871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// the source of bizarre bugs and very serious security holes. A 28971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// good source of information is available in the following paper 29071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (which includes additional references): 29159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// 29259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// FormatGuard: Automatic Protection From printf Format String 29359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// Vulnerabilities, Proceedings of the 10th USENIX Security Symposium, 2001. 29471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 29571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Functionality implemented: 29671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 29771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// We can statically check the following properties for string 29871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// literal format strings for non v.*printf functions (where the 29971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// arguments are passed directly): 30071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek// 30171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (1) Are the number of format conversions equal to the number of 30271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// data arguments? 30371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 30471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (2) Does each format conversion correctly match the type of the 30571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// corresponding data argument? (TODO) 30671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 30771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Moreover, for all printf functions we can: 30871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 30971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (3) Check for a missing format string (when not caught by type checking). 31071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 31171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (4) Check for no-operation flags; e.g. using "#" with format 31271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// conversion 'c' (TODO) 31371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 31471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (5) Check the use of '%n', a major source of security holes. 31571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 31671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (6) Check for malformed format conversions that don't specify anything. 31771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 31871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (7) Check for empty format strings. e.g: printf(""); 31971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 32071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (8) Check that the format string is a wide literal. 32171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 3226d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (9) Also check the arguments of functions with the __format__ attribute. 3236d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (TODO). 3246d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// 32571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// All of these checks can be done by parsing the format string. 32671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 32771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// For now, we ONLY do (1), (3), (5), (6), (7), and (8). 32859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnervoid 329925e60d3fa706f31886027c876989af79eb0e0d2Chris LattnerSema::CheckPrintfArguments(CallExpr *TheCall, bool HasVAListArg, 330925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner unsigned format_idx) { 331925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *Fn = TheCall->getCallee(); 332925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner 33371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: printf-like function is called with no format string. 334925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (format_idx >= TheCall->getNumArgs()) { 335925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getRParenLoc(), diag::warn_printf_missing_format_string, 33671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 33771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 33871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 33971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 34056f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner Expr *OrigFormatExpr = TheCall->getArg(format_idx)->IgnoreParenCasts(); 341459e8488046be5df0bf57f0a8677316abf253167Chris Lattner 34259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // CHECK: format string is not a string literal. 34359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // 34471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Dynamically generated format strings are difficult to 34571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // automatically vet at compile time. Requiring that format strings 34671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // are string literals: (1) permits the checking of format strings by 34771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the compiler and thereby (2) can practically remove the source of 34871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // many format string exploits. 349459e8488046be5df0bf57f0a8677316abf253167Chris Lattner StringLiteral *FExpr = dyn_cast<StringLiteral>(OrigFormatExpr); 35071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (FExpr == NULL) { 3514a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // For vprintf* functions (i.e., HasVAListArg==true), we add a 3524a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // special check to see if the format string is a function parameter 3534a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // of the function calling the printf function. If the function 3544a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // has an attribute indicating it is a printf-like function, then we 3554a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // should suppress warnings concerning non-literals being used in a call 3564a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // to a vprintf function. For example: 3574a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 3584a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // void 3594a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // logmessage(char const *fmt __attribute__ (format (printf, 1, 2)), ...) { 3604a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_list ap; 3614a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_start(ap, fmt); 3624a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // vprintf(fmt, ap); // Do NOT emit a warning about "fmt". 3634a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // ... 3644a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 3654a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 3664a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // FIXME: We don't have full attribute support yet, so just check to see 3674a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // if the argument is a DeclRefExpr that references a parameter. We'll 3684a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // add proper support for checking the attribute later. 3694a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek if (HasVAListArg) 370998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner if (DeclRefExpr* DR = dyn_cast<DeclRefExpr>(OrigFormatExpr)) 371998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner if (isa<ParmVarDecl>(DR->getDecl())) 3724a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek return; 3734a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek 374925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx)->getLocStart(), 375925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner diag::warn_printf_not_string_constant, Fn->getSourceRange()); 37671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 37771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 37871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 37971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: is the format string a wide literal? 38071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (FExpr->isWide()) { 381925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(FExpr->getLocStart(), 382925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner diag::warn_printf_format_string_is_wide_literal, Fn->getSourceRange()); 38371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 38471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 38571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 38671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Str - The format string. NOTE: this is NOT null-terminated! 38771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const char * const Str = FExpr->getStrData(); 38871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 38971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: empty format string? 39071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const unsigned StrLen = FExpr->getByteLength(); 39171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 39271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (StrLen == 0) { 393925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(FExpr->getLocStart(), diag::warn_printf_empty_format_string, 394925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Fn->getSourceRange()); 39571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 39671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 39771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 39871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // We process the format string using a binary state machine. The 39971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // current state is stored in CurrentState. 40071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek enum { 40171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_OrdChr, 40271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_Conversion 40371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } CurrentState = state_OrdChr; 40471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 40571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numConversions - The number of conversions seen so far. This is 40671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // incremented as we traverse the format string. 40771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned numConversions = 0; 40871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 40971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numDataArgs - The number of data arguments after the format 41071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // string. This can only be determined for non vprintf-like 41171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // functions. For those functions, this value is 1 (the sole 41271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // va_arg argument). 413925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner unsigned numDataArgs = TheCall->getNumArgs()-(format_idx+1); 41471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 41571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Inspect the format string. 41671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned StrIdx = 0; 41771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 41871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // LastConversionIdx - Index within the format string where we last saw 41971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // a '%' character that starts a new format conversion. 42071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned LastConversionIdx = 0; 42171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 422925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner for (; StrIdx < StrLen; ++StrIdx) { 423998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner 42471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Is the number of detected conversion conversions greater than 42571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the number of matching data arguments? If so, stop. 42671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg && numConversions > numDataArgs) break; 42771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 42871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Handle "\0" 429925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (Str[StrIdx] == '\0') { 43071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // The string returned by getStrData() is not null-terminated, 43171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // so the presence of a null character is likely an error. 432998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner Diag(PP.AdvanceToTokenCharacter(FExpr->getLocStart(), StrIdx+1), 433998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner diag::warn_printf_format_string_contains_null_char, 43471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 43571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 43671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 43771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 43871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Ordinary characters (not processing a format conversion). 43971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_OrdChr) { 44071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (Str[StrIdx] == '%') { 44171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek CurrentState = state_Conversion; 44271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek LastConversionIdx = StrIdx; 44371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 44471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek continue; 44571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 44671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 44771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Seen '%'. Now processing a format conversion. 44871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek switch (Str[StrIdx]) { 449fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle dynamic precision or width specifier. 450fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '*': { 451fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 452fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 453fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!HasVAListArg && numConversions > numDataArgs) { 454fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = FExpr->getLocStart(); 455fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Loc = PP.AdvanceToTokenCharacter(Loc, StrIdx+1); 456580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 457580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek if (Str[StrIdx-1] == '.') 458fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_missing_arg, 459fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Fn->getSourceRange()); 460580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek else 461fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_width_missing_arg, 462fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Fn->getSourceRange()); 463580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 464fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Don't do any more checking. We'll just emit spurious errors. 465fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return; 466580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek } 467fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 468fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Perform type checking on width/precision specifier. 469fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *E = TheCall->getArg(format_idx+numConversions); 470fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (const BuiltinType *BT = E->getType()->getAsBuiltinType()) 471fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (BT->getKind() == BuiltinType::Int) 472fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 473fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 474fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = 475fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner PP.AdvanceToTokenCharacter(FExpr->getLocStart(), StrIdx+1); 476fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 477fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Str[StrIdx-1] == '.') 478fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_wrong_type, 479fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner E->getType().getAsString(), E->getSourceRange()); 480fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 481fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_asterisk_width_wrong_type, 482fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner E->getType().getAsString(), E->getSourceRange()); 483fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 484fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 485fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 486fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 487fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Characters which can terminate a format conversion 488fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // (e.g. "%d"). Characters that specify length modifiers or 489fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // other flags are handled by the default case below. 490fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // 491fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // FIXME: additional checks will go into the following cases. 492fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'i': 493fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'd': 494fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'o': 495fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'u': 496fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'x': 497fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'X': 498fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'D': 499fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'O': 500fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'U': 501fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'e': 502fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'E': 503fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'f': 504fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'F': 505fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'g': 506fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'G': 507fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'a': 508fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'A': 509fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'c': 510fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'C': 511fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'S': 512fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 's': 513fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'p': 514fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 515fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 516fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 51771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 518fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // CHECK: Are we using "%n"? Issue a warning. 519fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'n': { 520fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 521fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 522fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 523fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner LastConversionIdx+1); 524fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 525fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_write_back, Fn->getSourceRange()); 526fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 527fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 528fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 529fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle "%%" 530fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '%': 531fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Sanity check: Was the first "%" character the previous one? 532fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // If not, we will assume that we have a malformed format 533fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion, and that the current "%" character is the start 534fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // of a new conversion. 535fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (StrIdx - LastConversionIdx == 1) 536fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 537fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else { 538fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Issue a warning: invalid format conversion. 539925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 540925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx+1); 541fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 542fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Diag(Loc, diag::warn_printf_invalid_conversion, 543fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner std::string(Str+LastConversionIdx, Str+StrIdx), 544fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Fn->getSourceRange()); 545fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 546fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This conversion is broken. Advance to the next format 547fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion. 548fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner LastConversionIdx = StrIdx; 549fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 55071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 551fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 55271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 553fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 554fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This case catches all other characters: flags, widths, etc. 555fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // We should eventually process those as well. 556fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 55771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 55871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 55971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 56071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_Conversion) { 56171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Issue a warning: invalid format conversion. 562925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 563925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx+1); 56471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 56571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Diag(Loc, diag::warn_printf_invalid_conversion, 566a9e2ea107d9419a6406f01e513679327032da193Chris Lattner std::string(Str+LastConversionIdx, 567a9e2ea107d9419a6406f01e513679327032da193Chris Lattner Str+std::min(LastConversionIdx+2, StrLen)), 56871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 56971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 57071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 57171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 57271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg) { 57371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of format conversions exceed the number 57471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // of data arguments? 57571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (numConversions > numDataArgs) { 576925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner SourceLocation Loc = PP.AdvanceToTokenCharacter(FExpr->getLocStart(), 577925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner LastConversionIdx); 57871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 57971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Diag(Loc, diag::warn_printf_insufficient_data_args, 58071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek Fn->getSourceRange()); 58171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 58271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of data arguments exceed the number of 58371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // format conversions in the format string? 58471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek else if (numConversions < numDataArgs) 585925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx+numConversions+1)->getLocStart(), 58671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek diag::warn_printf_too_many_data_args, Fn->getSourceRange()); 58771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 58871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek} 58906de276fff91264437fa75111ed76de43097e089Ted Kremenek 59006de276fff91264437fa75111ed76de43097e089Ted Kremenek//===--- CHECK: Return Address of Stack Variable --------------------------===// 59106de276fff91264437fa75111ed76de43097e089Ted Kremenek 59206de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E); 59306de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr* E); 59406de276fff91264437fa75111ed76de43097e089Ted Kremenek 59506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// CheckReturnStackAddr - Check if a return statement returns the address 59606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable. 59706de276fff91264437fa75111ed76de43097e089Ted Kremenekvoid 59806de276fff91264437fa75111ed76de43097e089Ted KremenekSema::CheckReturnStackAddr(Expr *RetValExp, QualType lhsType, 59906de276fff91264437fa75111ed76de43097e089Ted Kremenek SourceLocation ReturnLoc) { 60056f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner 60106de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for returned stack addresses. 60206de276fff91264437fa75111ed76de43097e089Ted Kremenek if (lhsType->isPointerType()) { 60306de276fff91264437fa75111ed76de43097e089Ted Kremenek if (DeclRefExpr *DR = EvalAddr(RetValExp)) 60406de276fff91264437fa75111ed76de43097e089Ted Kremenek Diag(DR->getLocStart(), diag::warn_ret_stack_addr, 60506de276fff91264437fa75111ed76de43097e089Ted Kremenek DR->getDecl()->getIdentifier()->getName(), 60606de276fff91264437fa75111ed76de43097e089Ted Kremenek RetValExp->getSourceRange()); 60706de276fff91264437fa75111ed76de43097e089Ted Kremenek } 60806de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for stack values returned by reference. 60906de276fff91264437fa75111ed76de43097e089Ted Kremenek else if (lhsType->isReferenceType()) { 61096eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek // Check for an implicit cast to a reference. 61196eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek if (ImplicitCastExpr *I = dyn_cast<ImplicitCastExpr>(RetValExp)) 61296eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek if (DeclRefExpr *DR = EvalVal(I->getSubExpr())) 61396eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek Diag(DR->getLocStart(), diag::warn_ret_stack_ref, 61496eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek DR->getDecl()->getIdentifier()->getName(), 61596eabe0838ccd1d5a5d24a648b932763cdf3fa31Ted Kremenek RetValExp->getSourceRange()); 61606de276fff91264437fa75111ed76de43097e089Ted Kremenek } 61706de276fff91264437fa75111ed76de43097e089Ted Kremenek} 61806de276fff91264437fa75111ed76de43097e089Ted Kremenek 61906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalAddr - EvalAddr and EvalVal are mutually recursive functions that 62006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// check if the expression in a return statement evaluates to an address 62106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// to a location on the stack. The recursion is used to traverse the 62206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// AST of the return expression, with recursion backtracking when we 62306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// encounter a subexpression that (1) clearly does not lead to the address 62406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable or (2) is something we cannot determine leads to 62506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the address of a stack variable based on such local checking. 62606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 627e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// EvalAddr processes expressions that are pointers that are used as 628e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// references (and not L-values). EvalVal handles all other values. 62906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// At the base case of the recursion is a check for a DeclRefExpr* in 63006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the refers to a stack variable. 63106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 63206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// This implementation handles: 63306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 63406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer-to-pointer casts 63506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * implicit conversions from array references to pointers 63606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of fields 63706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * arbitrary interplay between "&" and "*" operators 63806de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer arithmetic from an address of a stack variable 63906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of an array element where the array is on the stack 64006de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr *E) { 64106de276fff91264437fa75111ed76de43097e089Ted Kremenek // We should only be called for evaluating pointer expressions. 642fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner assert((E->getType()->isPointerType() || 643a526c5c67e5a0473c340903ee542ce570119665fTed Kremenek E->getType()->isObjCQualifiedIdType()) && 644fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner "EvalAddr only works on pointers"); 64506de276fff91264437fa75111ed76de43097e089Ted Kremenek 64606de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 64706de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 64806de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 64906de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 650fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ParenExprClass: 651fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Ignore parentheses. 652fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(cast<ParenExpr>(E)->getSubExpr()); 65306de276fff91264437fa75111ed76de43097e089Ted Kremenek 654fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::UnaryOperatorClass: { 655fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // The only unary operator that make sense to handle here 656fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // is AddrOf. All others don't make sense as pointers. 657fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner UnaryOperator *U = cast<UnaryOperator>(E); 65806de276fff91264437fa75111ed76de43097e089Ted Kremenek 659fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (U->getOpcode() == UnaryOperator::AddrOf) 660fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalVal(U->getSubExpr()); 661fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 662fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 663fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 664fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 665fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::BinaryOperatorClass: { 666fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle pointer arithmetic. All other binary operators are not valid 667fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // in this context. 668fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator *B = cast<BinaryOperator>(E); 669fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator::Opcode op = B->getOpcode(); 67006de276fff91264437fa75111ed76de43097e089Ted Kremenek 671fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (op != BinaryOperator::Add && op != BinaryOperator::Sub) 672fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 67306de276fff91264437fa75111ed76de43097e089Ted Kremenek 674fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *Base = B->getLHS(); 6753907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 676fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Determine which argument is the real pointer base. It could be 677fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // the RHS argument instead of the LHS. 678fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!Base->getType()->isPointerType()) Base = B->getRHS(); 67906de276fff91264437fa75111ed76de43097e089Ted Kremenek 680fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner assert (Base->getType()->isPointerType()); 681fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(Base); 682fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 683fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 684fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For conditional operators we need to see if either the LHS or RHS are 685fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // valid DeclRefExpr*s. If one of them is valid, we return it. 686fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ConditionalOperatorClass: { 687fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ConditionalOperator *C = cast<ConditionalOperator>(E); 688fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 689fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle the GNU extension for missing LHS. 690fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Expr *lhsExpr = C->getLHS()) 691fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (DeclRefExpr* LHS = EvalAddr(lhsExpr)) 692fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return LHS; 69306de276fff91264437fa75111ed76de43097e089Ted Kremenek 694fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(C->getRHS()); 695fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 696fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 697fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For implicit casts, we need to handle conversions from arrays to 698fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // pointer values, and implicit pointer-to-pointer conversions. 699fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ImplicitCastExprClass: { 700fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ImplicitCastExpr *IE = cast<ImplicitCastExpr>(E); 701fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr* SubExpr = IE->getSubExpr(); 702fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 703fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (SubExpr->getType()->isPointerType() || 704a526c5c67e5a0473c340903ee542ce570119665fTed Kremenek SubExpr->getType()->isObjCQualifiedIdType()) 705fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(SubExpr); 706fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 707fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalVal(SubExpr); 708fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 709fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 710fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For casts, we handle pointer-to-pointer conversions (which 711fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // is essentially a no-op from our mini-interpreter's standpoint). 712fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For other casts we abort. 713fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::CastExprClass: { 714fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CastExpr *C = cast<CastExpr>(E); 715fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *SubExpr = C->getSubExpr(); 716fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 717fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (SubExpr->getType()->isPointerType()) 718fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(SubExpr); 719fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 720fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 721fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 722fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 723fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // C++ casts. For dynamic casts, static casts, and const casts, we 724fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // are always converting from a pointer-to-pointer, so we just blow 725fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // through the cast. In the case the dynamic cast doesn't fail 726fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // (and return NULL), we take the conservative route and report cases 727fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // where we return the address of a stack variable. For Reinterpre 728fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::CXXCastExprClass: { 729fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CXXCastExpr *C = cast<CXXCastExpr>(E); 730fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 731fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (C->getOpcode() == CXXCastExpr::ReinterpretCast) { 732fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *S = C->getSubExpr(); 733fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (S->getType()->isPointerType()) 734fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(S); 73506de276fff91264437fa75111ed76de43097e089Ted Kremenek else 73606de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 73706de276fff91264437fa75111ed76de43097e089Ted Kremenek } 738fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 739fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(C->getSubExpr()); 740fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 741fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 742fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Everything else: we simply don't reason about them. 743fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 744fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 74506de276fff91264437fa75111ed76de43097e089Ted Kremenek } 74606de276fff91264437fa75111ed76de43097e089Ted Kremenek} 74706de276fff91264437fa75111ed76de43097e089Ted Kremenek 74806de276fff91264437fa75111ed76de43097e089Ted Kremenek 74906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalVal - This function is complements EvalAddr in the mutual recursion. 75006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// See the comments for EvalAddr for more details. 75106de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E) { 75206de276fff91264437fa75111ed76de43097e089Ted Kremenek 753e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // We should only be called for evaluating non-pointer expressions, or 754e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // expressions with a pointer type that are not used as references but instead 755e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // are l-values (e.g., DeclRefExpr with a pointer type). 756e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek 75706de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 75806de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 75906de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 76006de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 76106de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::DeclRefExprClass: { 76206de276fff91264437fa75111ed76de43097e089Ted Kremenek // DeclRefExpr: the base case. When we hit a DeclRefExpr we are looking 76306de276fff91264437fa75111ed76de43097e089Ted Kremenek // at code that refers to a variable's name. We check if it has local 76406de276fff91264437fa75111ed76de43097e089Ted Kremenek // storage within the function, and if so, return the expression. 76506de276fff91264437fa75111ed76de43097e089Ted Kremenek DeclRefExpr *DR = cast<DeclRefExpr>(E); 76606de276fff91264437fa75111ed76de43097e089Ted Kremenek 76706de276fff91264437fa75111ed76de43097e089Ted Kremenek if (VarDecl *V = dyn_cast<VarDecl>(DR->getDecl())) 76806de276fff91264437fa75111ed76de43097e089Ted Kremenek if(V->hasLocalStorage()) return DR; 76906de276fff91264437fa75111ed76de43097e089Ted Kremenek 77006de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 77106de276fff91264437fa75111ed76de43097e089Ted Kremenek } 77206de276fff91264437fa75111ed76de43097e089Ted Kremenek 77306de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ParenExprClass: 77406de276fff91264437fa75111ed76de43097e089Ted Kremenek // Ignore parentheses. 77506de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(cast<ParenExpr>(E)->getSubExpr()); 77606de276fff91264437fa75111ed76de43097e089Ted Kremenek 77706de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::UnaryOperatorClass: { 77806de276fff91264437fa75111ed76de43097e089Ted Kremenek // The only unary operator that make sense to handle here 77906de276fff91264437fa75111ed76de43097e089Ted Kremenek // is Deref. All others don't resolve to a "name." This includes 78006de276fff91264437fa75111ed76de43097e089Ted Kremenek // handling all sorts of rvalues passed to a unary operator. 78106de276fff91264437fa75111ed76de43097e089Ted Kremenek UnaryOperator *U = cast<UnaryOperator>(E); 78206de276fff91264437fa75111ed76de43097e089Ted Kremenek 78306de276fff91264437fa75111ed76de43097e089Ted Kremenek if (U->getOpcode() == UnaryOperator::Deref) 78406de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalAddr(U->getSubExpr()); 78506de276fff91264437fa75111ed76de43097e089Ted Kremenek 78606de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 78706de276fff91264437fa75111ed76de43097e089Ted Kremenek } 78806de276fff91264437fa75111ed76de43097e089Ted Kremenek 78906de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ArraySubscriptExprClass: { 79006de276fff91264437fa75111ed76de43097e089Ted Kremenek // Array subscripts are potential references to data on the stack. We 79106de276fff91264437fa75111ed76de43097e089Ted Kremenek // retrieve the DeclRefExpr* for the array variable if it indeed 79206de276fff91264437fa75111ed76de43097e089Ted Kremenek // has local storage. 7932324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek return EvalAddr(cast<ArraySubscriptExpr>(E)->getBase()); 79406de276fff91264437fa75111ed76de43097e089Ted Kremenek } 79506de276fff91264437fa75111ed76de43097e089Ted Kremenek 79606de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ConditionalOperatorClass: { 79706de276fff91264437fa75111ed76de43097e089Ted Kremenek // For conditional operators we need to see if either the LHS or RHS are 79806de276fff91264437fa75111ed76de43097e089Ted Kremenek // non-NULL DeclRefExpr's. If one is non-NULL, we return it. 79906de276fff91264437fa75111ed76de43097e089Ted Kremenek ConditionalOperator *C = cast<ConditionalOperator>(E); 80006de276fff91264437fa75111ed76de43097e089Ted Kremenek 8013907323dd6665c0c4e383435cb145233f4533406Anders Carlsson // Handle the GNU extension for missing LHS. 8023907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (Expr *lhsExpr = C->getLHS()) 8033907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (DeclRefExpr *LHS = EvalVal(lhsExpr)) 8043907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return LHS; 8053907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 8063907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return EvalVal(C->getRHS()); 80706de276fff91264437fa75111ed76de43097e089Ted Kremenek } 80806de276fff91264437fa75111ed76de43097e089Ted Kremenek 80906de276fff91264437fa75111ed76de43097e089Ted Kremenek // Accesses to members are potential references to data on the stack. 81006de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::MemberExprClass: { 81106de276fff91264437fa75111ed76de43097e089Ted Kremenek MemberExpr *M = cast<MemberExpr>(E); 81206de276fff91264437fa75111ed76de43097e089Ted Kremenek 81306de276fff91264437fa75111ed76de43097e089Ted Kremenek // Check for indirect access. We only want direct field accesses. 81406de276fff91264437fa75111ed76de43097e089Ted Kremenek if (!M->isArrow()) 81506de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(M->getBase()); 81606de276fff91264437fa75111ed76de43097e089Ted Kremenek else 81706de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 81806de276fff91264437fa75111ed76de43097e089Ted Kremenek } 81906de276fff91264437fa75111ed76de43097e089Ted Kremenek 82006de276fff91264437fa75111ed76de43097e089Ted Kremenek // Everything else: we simply don't reason about them. 82106de276fff91264437fa75111ed76de43097e089Ted Kremenek default: 82206de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 82306de276fff91264437fa75111ed76de43097e089Ted Kremenek } 82406de276fff91264437fa75111ed76de43097e089Ted Kremenek} 825588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 826588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek//===--- CHECK: Floating-Point comparisons (-Wfloat-equal) ---------------===// 827588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 828588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Check for comparisons of floating point operands using != and ==. 829588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Issue a warning if these are no self-comparisons, as they are not likely 830588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// to do what the programmer intended. 831588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenekvoid Sema::CheckFloatComparison(SourceLocation loc, Expr* lex, Expr *rex) { 832588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek bool EmitWarning = true; 833588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 8344e99a5fc3b203397a91136c6e695e405fb8fc606Ted Kremenek Expr* LeftExprSansParen = lex->IgnoreParens(); 83532e97b66bbce16c9e81c877794fb7a0aeeb66ccbTed Kremenek Expr* RightExprSansParen = rex->IgnoreParens(); 836588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 837588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Special case: check for x == x (which is OK). 838588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Do not emit warnings for such cases. 839588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRL = dyn_cast<DeclRefExpr>(LeftExprSansParen)) 840588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRR = dyn_cast<DeclRefExpr>(RightExprSansParen)) 841588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DRL->getDecl() == DRR->getDecl()) 842588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 843588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 8441b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 8451b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // Special case: check for comparisons against literals that can be exactly 8461b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // represented by APFloat. In such cases, do not emit a warning. This 8471b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // is a heuristic: often comparison against such literals are used to 8481b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // detect if a value in a variable has not changed. This clearly can 8491b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // lead to false negatives. 8501b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (EmitWarning) { 8511b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLL = dyn_cast<FloatingLiteral>(LeftExprSansParen)) { 8521b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLL->isExact()) 8531b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 8541b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 8551b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek else 8561b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLR = dyn_cast<FloatingLiteral>(RightExprSansParen)){ 8571b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLR->isExact()) 8581b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 8591b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 8601b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 8611b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 862588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Check for comparisons with builtin types. 863588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 864588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CL = dyn_cast<CallExpr>(LeftExprSansParen)) 865588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (isCallBuiltin(CL)) 866588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 867588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 868588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 869588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CR = dyn_cast<CallExpr>(RightExprSansParen)) 870588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (isCallBuiltin(CR)) 871588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 872588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 873588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Emit the diagnostic. 874588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 875588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek Diag(loc, diag::warn_floatingpoint_eq, 876588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek lex->getSourceRange(),rex->getSourceRange()); 877588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek} 878