SemaChecking.cpp revision fd942628abfe30e30427875db953222ae99b4325
159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===--- SemaChecking.cpp - Extra Semantic Checking -----------------------===// 259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// The LLVM Compiler Infrastructure 459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 50bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// This file is distributed under the University of Illinois Open Source 60bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// License. See LICENSE.TXT for details. 759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 959907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// This file implements extra semantic analysis beyond what is enforced 1159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// by the C type system. 1259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner// 1359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner//===----------------------------------------------------------------------===// 1459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 1559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "Sema.h" 1659907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/AST/ASTContext.h" 17c4a1dea2dc56bd1357ec91b829a0b9e68229a13eDaniel Dunbar#include "clang/AST/DeclObjC.h" 182324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek#include "clang/AST/ExprCXX.h" 197ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek#include "clang/AST/ExprObjC.h" 20719e61573f27c11057ecfe0dd8f141621602c571Chris Lattner#include "clang/Lex/LiteralSupport.h" 2159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner#include "clang/Lex/Preprocessor.h" 2259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnerusing namespace clang; 2359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 2460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner/// getLocationOfStringLiteralByte - Return a source location that points to the 2560800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner/// specified byte of the specified string literal. 2660800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner/// 2760800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner/// Strings are amazingly complex. They can be formed from multiple tokens and 2860800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner/// can have escape sequences in them in addition to the usual trigraph and 2960800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner/// escaped newline business. This routine handles this complexity. 3060800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner/// 3160800081361b0ffc114877b8abbc81cb57b4edf6Chris LattnerSourceLocation Sema::getLocationOfStringLiteralByte(const StringLiteral *SL, 3260800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner unsigned ByteNo) const { 3360800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner assert(!SL->isWide() && "This doesn't work for wide strings yet"); 3460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 3560800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // Loop over all of the tokens in this string until we find the one that 3660800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // contains the byte we're looking for. 3760800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner unsigned TokNo = 0; 3860800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner while (1) { 3960800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner assert(TokNo < SL->getNumConcatenated() && "Invalid byte number!"); 4060800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation StrTokLoc = SL->getStrTokenLoc(TokNo); 4160800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 4260800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // Get the spelling of the string so that we can get the data that makes up 4360800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // the string literal, not the identifier for the macro it is potentially 4460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // expanded through. 4560800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation StrTokSpellingLoc = SourceMgr.getSpellingLoc(StrTokLoc); 4660800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 4760800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // Re-lex the token to get its length and original spelling. 4860800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner std::pair<FileID, unsigned> LocInfo = 4960800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceMgr.getDecomposedLoc(StrTokSpellingLoc); 5060800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner std::pair<const char *,const char *> Buffer = 5160800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceMgr.getBufferData(LocInfo.first); 5260800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner const char *StrData = Buffer.first+LocInfo.second; 5360800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 5460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // Create a langops struct and enable trigraphs. This is sufficient for 5560800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // relexing tokens. 5660800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner LangOptions LangOpts; 5760800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner LangOpts.Trigraphs = true; 5860800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 5960800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // Create a lexer starting at the beginning of this token. 6060800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner Lexer TheLexer(StrTokSpellingLoc, LangOpts, Buffer.first, StrData, 6160800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner Buffer.second); 6260800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner Token TheTok; 6360800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner TheLexer.LexFromRawLexer(TheTok); 6460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 65443e53c7845f01c8ed693ccd137abb0bd76564f6Chris Lattner // Use the StringLiteralParser to compute the length of the string in bytes. 66443e53c7845f01c8ed693ccd137abb0bd76564f6Chris Lattner StringLiteralParser SLP(&TheTok, 1, PP); 67443e53c7845f01c8ed693ccd137abb0bd76564f6Chris Lattner unsigned TokNumBytes = SLP.GetStringLength(); 68d0d082f2eba4e3ed4eb467d76fd227c6dcd6cce7Chris Lattner 692197c963543397777919cec22b65feb31a9ddf79Chris Lattner // If the byte is in this token, return the location of the byte. 7060800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner if (ByteNo < TokNumBytes || 7160800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner (ByteNo == TokNumBytes && TokNo == SL->getNumConcatenated())) { 72719e61573f27c11057ecfe0dd8f141621602c571Chris Lattner unsigned Offset = 73719e61573f27c11057ecfe0dd8f141621602c571Chris Lattner StringLiteralParser::getOffsetOfStringByte(TheTok, ByteNo, PP); 74719e61573f27c11057ecfe0dd8f141621602c571Chris Lattner 75719e61573f27c11057ecfe0dd8f141621602c571Chris Lattner // Now that we know the offset of the token in the spelling, use the 76719e61573f27c11057ecfe0dd8f141621602c571Chris Lattner // preprocessor to get the offset in the original source. 77719e61573f27c11057ecfe0dd8f141621602c571Chris Lattner return PP.AdvanceToTokenCharacter(StrTokLoc, Offset); 7860800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner } 7960800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 8060800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner // Move to the next string token. 8160800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner ++TokNo; 8260800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner ByteNo -= TokNumBytes; 8360800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner } 8460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner} 8560800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 8660800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner 8759907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckFunctionCall - Check a direct function call for various correctness 8859907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// and safety properties not strictly enforced by the C type system. 890eb23307222bda7ad95d968eac4e1ab30864b213Sebastian RedlAction::OwningExprResult 900eb23307222bda7ad95d968eac4e1ab30864b213Sebastian RedlSema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCall) { 910eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl OwningExprResult TheCallResult(Owned(TheCall)); 9259907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Get the IdentifierInfo* for the called function. 9359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner IdentifierInfo *FnInfo = FDecl->getIdentifier(); 942def48394f6d48bde0dec2b514193c2b533265b5Douglas Gregor 952def48394f6d48bde0dec2b514193c2b533265b5Douglas Gregor // None of the checks below are needed for functions that don't have 962def48394f6d48bde0dec2b514193c2b533265b5Douglas Gregor // simple names (e.g., C++ conversion functions). 972def48394f6d48bde0dec2b514193c2b533265b5Douglas Gregor if (!FnInfo) 980eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return move(TheCallResult); 992def48394f6d48bde0dec2b514193c2b533265b5Douglas Gregor 1003c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor switch (FDecl->getBuiltinID(Context)) { 10130ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin___CFStringMakeConstantString: 102925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner assert(TheCall->getNumArgs() == 1 && 1031b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner "Wrong # arguments to builtin CFStringMakeConstantString"); 104690398188ea5b428f06aa13c7d4ce6eb741ad4f9Chris Lattner if (CheckObjCString(TheCall->getArg(0))) 1050eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 1060eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return move(TheCallResult); 10749ff7a1c8c67d56e62d3b4627463b705c0d5008cTed Kremenek case Builtin::BI__builtin_stdarg_start: 10830ce344307f8a8b00054021307015571f83c7364Chris Lattner case Builtin::BI__builtin_va_start: 1090eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl if (SemaBuiltinVAStart(TheCall)) 1100eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 1110eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return move(TheCallResult); 1121b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreater: 1131b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isgreaterequal: 1141b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isless: 1151b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessequal: 1161b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_islessgreater: 1171b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner case Builtin::BI__builtin_isunordered: 1180eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl if (SemaBuiltinUnorderedCompare(TheCall)) 1190eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 1200eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return move(TheCallResult); 1216cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman case Builtin::BI__builtin_return_address: 1226cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman case Builtin::BI__builtin_frame_address: 1230eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl if (SemaBuiltinStackAddress(TheCall)) 1240eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 1250eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return move(TheCallResult); 126d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman case Builtin::BI__builtin_shufflevector: 1270eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return SemaBuiltinShuffleVector(TheCall); 1280eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl // TheCall will be freed by the smart pointer here, but that's fine, since 1290eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl // SemaBuiltinShuffleVector guts it, but then doesn't release it. 1304493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar case Builtin::BI__builtin_prefetch: 1310eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl if (SemaBuiltinPrefetch(TheCall)) 1320eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 1330eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return move(TheCallResult); 134d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar case Builtin::BI__builtin_object_size: 1350eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl if (SemaBuiltinObjectSize(TheCall)) 1360eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 13771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 138de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar 139de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar // FIXME: This mechanism should be abstracted to be less fragile and 140de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar // more efficient. For example, just map function ids to custom 141de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar // handlers. 142de45428f923b38d80407dbb9ede0df504256f9f6Daniel Dunbar 14359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // Printf checking. 1443c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor if (const FormatAttr *Format = FDecl->getAttr<FormatAttr>()) { 1453c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor if (Format->getType() == "printf") { 1463d692df4b9c58895f9843b03543ec57447c93679Ted Kremenek bool HasVAListArg = Format->getFirstArg() == 0; 1473d692df4b9c58895f9843b03543ec57447c93679Ted Kremenek if (!HasVAListArg) { 1483d692df4b9c58895f9843b03543ec57447c93679Ted Kremenek if (const FunctionProtoType *Proto 1493d692df4b9c58895f9843b03543ec57447c93679Ted Kremenek = FDecl->getType()->getAsFunctionProtoType()) 1503c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor HasVAListArg = !Proto->isVariadic(); 1513d692df4b9c58895f9843b03543ec57447c93679Ted Kremenek } 1523c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor CheckPrintfArguments(TheCall, HasVAListArg, Format->getFormatIdx() - 1, 1533d692df4b9c58895f9843b03543ec57447c93679Ted Kremenek HasVAListArg ? 0 : Format->getFirstArg() - 1); 1543c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor } 15559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner } 1560eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl 1570eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return move(TheCallResult); 15871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson} 15971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 160690398188ea5b428f06aa13c7d4ce6eb741ad4f9Chris Lattner/// CheckObjCString - Checks that the argument to the builtin 16171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson/// CFString constructor is correct 162fd942628abfe30e30427875db953222ae99b4325Steve Naroff/// FIXME: GCC currently emits the following warning: 163fd942628abfe30e30427875db953222ae99b4325Steve Naroff/// "warning: input conversion stopped due to an input byte that does not 164fd942628abfe30e30427875db953222ae99b4325Steve Naroff/// belong to the input codeset UTF-8" 165fd942628abfe30e30427875db953222ae99b4325Steve Naroff/// Note: It might also make sense to do the UTF-16 conversion here (would 166fd942628abfe30e30427875db953222ae99b4325Steve Naroff/// simplify the backend). 167690398188ea5b428f06aa13c7d4ce6eb741ad4f9Chris Lattnerbool Sema::CheckObjCString(Expr *Arg) { 16856f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner Arg = Arg->IgnoreParenCasts(); 16971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson StringLiteral *Literal = dyn_cast<StringLiteral>(Arg); 17071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 17171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Literal || Literal->isWide()) { 172fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner Diag(Arg->getLocStart(), diag::err_cfstring_literal_not_string_constant) 173fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << Arg->getSourceRange(); 1749cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return true; 17571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 17671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 17771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson const char *Data = Literal->getStrData(); 17871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson unsigned Length = Literal->getByteLength(); 17971993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 18071993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson for (unsigned i = 0; i < Length; ++i) { 18171993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson if (!Data[i]) { 18260800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner Diag(getLocationOfStringLiteralByte(Literal, i), 183fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner diag::warn_cfstring_literal_contains_nul_character) 184fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << Arg->getSourceRange(); 18571993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson break; 18671993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 18771993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson } 18871993dd85eed9cc42c6b2fa61ee5c53026b74817Anders Carlsson 1899cdc4d3834f203dcde3ff274b8928e4620a914d5Anders Carlsson return false; 19059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner} 19159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner 192c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// SemaBuiltinVAStart - Check the arguments to __builtin_va_start for validity. 193c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner/// Emit an error and return true on failure, return false on success. 194925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinVAStart(CallExpr *TheCall) { 195925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *Fn = TheCall->getCallee(); 196925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) { 1972c21a073525cdfa68e4439b7af551385dc2796abChris Lattner Diag(TheCall->getArg(2)->getLocStart(), 198fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner diag::err_typecheck_call_too_many_args) 1992c21a073525cdfa68e4439b7af551385dc2796abChris Lattner << 0 /*function call*/ << Fn->getSourceRange() 200fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << SourceRange(TheCall->getArg(2)->getLocStart(), 201fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd()); 20230ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 20330ce344307f8a8b00054021307015571f83c7364Chris Lattner } 20456f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman 20556f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman if (TheCall->getNumArgs() < 2) { 20656f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args) 20756f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman << 0 /*function call*/; 20856f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman } 20956f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman 210c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner // Determine whether the current function is variadic or not. 211c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner bool isVariadic; 21256f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman if (getCurFunctionDecl()) { 21372564e73277e29f6db3305d1f27ba408abb7ed88Douglas Gregor if (FunctionProtoType* FTP = 21472564e73277e29f6db3305d1f27ba408abb7ed88Douglas Gregor dyn_cast<FunctionProtoType>(getCurFunctionDecl()->getType())) 21556f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman isVariadic = FTP->isVariadic(); 21656f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman else 21756f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman isVariadic = false; 21856f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman } else { 21953d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis isVariadic = getCurMethodDecl()->isVariadic(); 22056f20ae1010aa71defd7572f660b41288c56cdd1Eli Friedman } 22130ce344307f8a8b00054021307015571f83c7364Chris Lattner 222c27c665c88b49dfb212aedc7bab8b9bf67658b9eChris Lattner if (!isVariadic) { 22330ce344307f8a8b00054021307015571f83c7364Chris Lattner Diag(Fn->getLocStart(), diag::err_va_start_used_in_non_variadic_function); 22430ce344307f8a8b00054021307015571f83c7364Chris Lattner return true; 22530ce344307f8a8b00054021307015571f83c7364Chris Lattner } 22630ce344307f8a8b00054021307015571f83c7364Chris Lattner 22730ce344307f8a8b00054021307015571f83c7364Chris Lattner // Verify that the second argument to the builtin is the last argument of the 22830ce344307f8a8b00054021307015571f83c7364Chris Lattner // current function or method. 22930ce344307f8a8b00054021307015571f83c7364Chris Lattner bool SecondArgIsLastNamedArgument = false; 230e2c14103dec39cbd24dac9d7b3e91277b109c14fAnders Carlsson const Expr *Arg = TheCall->getArg(1)->IgnoreParenCasts(); 23188cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson 23288cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Arg)) { 23388cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(DR->getDecl())) { 23430ce344307f8a8b00054021307015571f83c7364Chris Lattner // FIXME: This isn't correct for methods (results in bogus warning). 23530ce344307f8a8b00054021307015571f83c7364Chris Lattner // Get the last formal in the current function. 23688cf226caee50956ef47edd4d44cf7b80703a26cAnders Carlsson const ParmVarDecl *LastArg; 237371f258e61e1365b951b17931a3c5ac1530fd1a0Chris Lattner if (FunctionDecl *FD = getCurFunctionDecl()) 238371f258e61e1365b951b17931a3c5ac1530fd1a0Chris Lattner LastArg = *(FD->param_end()-1); 23930ce344307f8a8b00054021307015571f83c7364Chris Lattner else 24053d0ea5f5bfa647ec23418bf3a3b7c183b51e4bdArgyrios Kyrtzidis LastArg = *(getCurMethodDecl()->param_end()-1); 24130ce344307f8a8b00054021307015571f83c7364Chris Lattner SecondArgIsLastNamedArgument = PV == LastArg; 24230ce344307f8a8b00054021307015571f83c7364Chris Lattner } 24330ce344307f8a8b00054021307015571f83c7364Chris Lattner } 24430ce344307f8a8b00054021307015571f83c7364Chris Lattner 24530ce344307f8a8b00054021307015571f83c7364Chris Lattner if (!SecondArgIsLastNamedArgument) 246925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(1)->getLocStart(), 24730ce344307f8a8b00054021307015571f83c7364Chris Lattner diag::warn_second_parameter_of_va_start_not_last_named_argument); 24830ce344307f8a8b00054021307015571f83c7364Chris Lattner return false; 2496cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman} 25030ce344307f8a8b00054021307015571f83c7364Chris Lattner 2511b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isgreater and 2521b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner/// friends. This is declared to take (...), so we have to check everything. 253925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattnerbool Sema::SemaBuiltinUnorderedCompare(CallExpr *TheCall) { 254925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() < 2) 2552c21a073525cdfa68e4439b7af551385dc2796abChris Lattner return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args) 2562c21a073525cdfa68e4439b7af551385dc2796abChris Lattner << 0 /*function call*/; 257925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (TheCall->getNumArgs() > 2) 258925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(TheCall->getArg(2)->getLocStart(), 259fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner diag::err_typecheck_call_too_many_args) 2602c21a073525cdfa68e4439b7af551385dc2796abChris Lattner << 0 /*function call*/ 261fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << SourceRange(TheCall->getArg(2)->getLocStart(), 262fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner (*(TheCall->arg_end()-1))->getLocEnd()); 2631b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 264925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg0 = TheCall->getArg(0); 265925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Expr *OrigArg1 = TheCall->getArg(1); 2661b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2671b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // Do standard promotions between the two arguments, returning their common 2681b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // type. 269925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner QualType Res = UsualArithmeticConversions(OrigArg0, OrigArg1, false); 270403bc2bd9edffe51d73776643fa87696c9417678Daniel Dunbar 271403bc2bd9edffe51d73776643fa87696c9417678Daniel Dunbar // Make sure any conversions are pushed back into the call; this is 272403bc2bd9edffe51d73776643fa87696c9417678Daniel Dunbar // type safe since unordered compare builtins are declared as "_Bool 273403bc2bd9edffe51d73776643fa87696c9417678Daniel Dunbar // foo(...)". 274403bc2bd9edffe51d73776643fa87696c9417678Daniel Dunbar TheCall->setArg(0, OrigArg0); 275403bc2bd9edffe51d73776643fa87696c9417678Daniel Dunbar TheCall->setArg(1, OrigArg1); 2761b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2771b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // If the common type isn't a real floating type, then the arguments were 2781b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner // invalid for this operation. 2791b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner if (!Res->isRealFloatingType()) 280925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner return Diag(OrigArg0->getLocStart(), 281fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner diag::err_typecheck_call_invalid_ordered_compare) 282d162584991885ab004a02573a73ce06422b921fcChris Lattner << OrigArg0->getType() << OrigArg1->getType() 283fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << SourceRange(OrigArg0->getLocStart(), OrigArg1->getLocEnd()); 2841b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2851b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner return false; 2861b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner} 2871b9a0793955070738cac6f04b5abe9496be9b317Chris Lattner 2886cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedmanbool Sema::SemaBuiltinStackAddress(CallExpr *TheCall) { 2896cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman // The signature for these builtins is exact; the only thing we need 2906cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman // to check is that the argument is a constant. 2916cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman SourceLocation Loc; 292d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner if (!TheCall->getArg(0)->isIntegerConstantExpr(Context, &Loc)) 293fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return Diag(Loc, diag::err_stack_const_level) << TheCall->getSourceRange(); 294d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner 2956cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman return false; 2966cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman} 2976cfda23b3768f93a6eb0b2a9135c8334a20125bbEli Friedman 298d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman/// SemaBuiltinShuffleVector - Handle __builtin_shufflevector. 299d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman// This is declared to take (...), so we have to check everything. 3000eb23307222bda7ad95d968eac4e1ab30864b213Sebastian RedlAction::OwningExprResult Sema::SemaBuiltinShuffleVector(CallExpr *TheCall) { 301d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < 3) 3020eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(Diag(TheCall->getLocEnd(), 3030eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl diag::err_typecheck_call_too_few_args) 3040eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl << 0 /*function call*/ << TheCall->getSourceRange()); 305d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 306d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType FAType = TheCall->getArg(0)->getType(); 307d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman QualType SAType = TheCall->getArg(1)->getType(); 308d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 309d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (!FAType->isVectorType() || !SAType->isVectorType()) { 310fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner Diag(TheCall->getLocStart(), diag::err_shufflevector_non_vector) 311fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << SourceRange(TheCall->getArg(0)->getLocStart(), 312fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner TheCall->getArg(1)->getLocEnd()); 3130eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 314d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 315d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 316b77792eabf5882cf9af8cc810599b20432fda6c2Chris Lattner if (Context.getCanonicalType(FAType).getUnqualifiedType() != 317b77792eabf5882cf9af8cc810599b20432fda6c2Chris Lattner Context.getCanonicalType(SAType).getUnqualifiedType()) { 318fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner Diag(TheCall->getLocStart(), diag::err_shufflevector_incompatible_vector) 319fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << SourceRange(TheCall->getArg(0)->getLocStart(), 320fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner TheCall->getArg(1)->getLocEnd()); 3210eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(); 322d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 323d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 324d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman unsigned numElements = FAType->getAsVectorType()->getNumElements(); 325d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() != numElements+2) { 326d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman if (TheCall->getNumArgs() < numElements+2) 3270eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(Diag(TheCall->getLocEnd(), 3280eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl diag::err_typecheck_call_too_few_args) 3290eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl << 0 /*function call*/ << TheCall->getSourceRange()); 3300eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(Diag(TheCall->getLocEnd(), 3310eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl diag::err_typecheck_call_too_many_args) 3320eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl << 0 /*function call*/ << TheCall->getSourceRange()); 333d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 334d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 335d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman for (unsigned i = 2; i < TheCall->getNumArgs(); i++) { 336d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::APSInt Result(32); 337d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner if (!TheCall->getArg(i)->isIntegerConstantExpr(Result, Context)) 3380eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(Diag(TheCall->getLocStart(), 339fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner diag::err_shufflevector_nonconstant_argument) 3400eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl << TheCall->getArg(i)->getSourceRange()); 3410eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl 342d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner if (Result.getActiveBits() > 64 || Result.getZExtValue() >= numElements*2) 3430eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl return ExprError(Diag(TheCall->getLocStart(), 344fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner diag::err_shufflevector_argument_too_large) 3450eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl << TheCall->getArg(i)->getSourceRange()); 346d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 347d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 348d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman llvm::SmallVector<Expr*, 32> exprs; 349d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 350d1a0b6d3dfb208f638d3d750b588d9c0daa49289Chris Lattner for (unsigned i = 0, e = TheCall->getNumArgs(); i != e; i++) { 351d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman exprs.push_back(TheCall->getArg(i)); 352d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman TheCall->setArg(i, 0); 353d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman } 354d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman 3558189cde56b4f6f938cd65f53c932fe1860d0204cTed Kremenek return Owned(new (Context) ShuffleVectorExpr(exprs.begin(), numElements+2, 3568189cde56b4f6f938cd65f53c932fe1860d0204cTed Kremenek FAType, 3578189cde56b4f6f938cd65f53c932fe1860d0204cTed Kremenek TheCall->getCallee()->getLocStart(), 3588189cde56b4f6f938cd65f53c932fe1860d0204cTed Kremenek TheCall->getRParenLoc())); 359d38617c8a50f9729c254ab76cd359af797c6739bEli Friedman} 36030ce344307f8a8b00054021307015571f83c7364Chris Lattner 3614493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar/// SemaBuiltinPrefetch - Handle __builtin_prefetch. 3624493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar// This is declared to take (const void*, ...) and can take two 3634493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar// optional constant int args. 3644493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbarbool Sema::SemaBuiltinPrefetch(CallExpr *TheCall) { 365fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner unsigned NumArgs = TheCall->getNumArgs(); 3664493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 367fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner if (NumArgs > 3) 368fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_many_args) 3692c21a073525cdfa68e4439b7af551385dc2796abChris Lattner << 0 /*function call*/ << TheCall->getSourceRange(); 3704493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3714493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // Argument 0 is checked for us and the remaining arguments must be 3724493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // constant integers. 373fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner for (unsigned i = 1; i != NumArgs; ++i) { 3744493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar Expr *Arg = TheCall->getArg(i); 3754493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar QualType RWType = Arg->getType(); 3764493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3774493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar const BuiltinType *BT = RWType->getAsBuiltinType(); 378d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar llvm::APSInt Result; 3794493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (!BT || BT->getKind() != BuiltinType::Int || 380fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner !Arg->isIntegerConstantExpr(Result, Context)) 381fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return Diag(TheCall->getLocStart(), diag::err_prefetch_invalid_argument) 382fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 3834493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 3844493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // FIXME: gcc issues a warning and rewrites these to 0. These 3854493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // seems especially odd for the third argument since the default 3864493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar // is 3. 387fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner if (i == 1) { 3884493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (Result.getSExtValue() < 0 || Result.getSExtValue() > 1) 389fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 390fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << "0" << "1" << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 3914493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } else { 3924493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar if (Result.getSExtValue() < 0 || Result.getSExtValue() > 3) 393fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 394fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << "0" << "3" << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 3954493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } 3964493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar } 3974493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 398fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return false; 3994493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar} 4004493f79fce48cd9cbd9f55fa9d452cde736747a0Daniel Dunbar 401d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar/// SemaBuiltinObjectSize - Handle __builtin_object_size(void *ptr, 402d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar/// int type). This simply type checks that type is one of the defined 403d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar/// constants (0-3). 404d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbarbool Sema::SemaBuiltinObjectSize(CallExpr *TheCall) { 405d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar Expr *Arg = TheCall->getArg(1); 406d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar QualType ArgType = Arg->getType(); 407d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar const BuiltinType *BT = ArgType->getAsBuiltinType(); 408d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar llvm::APSInt Result(32); 409d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar if (!BT || BT->getKind() != BuiltinType::Int || 410d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar !Arg->isIntegerConstantExpr(Result, Context)) { 411fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return Diag(TheCall->getLocStart(), diag::err_object_size_invalid_argument) 412fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 413d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar } 414d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar 415d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar if (Result.getSExtValue() < 0 || Result.getSExtValue() > 3) { 416fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 417fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << "0" << "3" << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 418d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar } 419d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar 420d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar return false; 421d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar} 422d5f8a4fd4d6dfb0415b93bb7ab721bba5cab1332Daniel Dunbar 423d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek// Handle i > 1 ? "x" : "y", recursivelly 424082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenekbool Sema::SemaCheckStringLiteral(const Expr *E, const CallExpr *TheCall, 425082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek bool HasVAListArg, 4263c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor unsigned format_idx, unsigned firstDataArg) { 427d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 428d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek switch (E->getStmtClass()) { 429d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek case Stmt::ConditionalOperatorClass: { 430082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const ConditionalOperator *C = cast<ConditionalOperator>(E); 431d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek return SemaCheckStringLiteral(C->getLHS(), TheCall, 4323c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor HasVAListArg, format_idx, firstDataArg) 433d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek && SemaCheckStringLiteral(C->getRHS(), TheCall, 4343c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor HasVAListArg, format_idx, firstDataArg); 435d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek } 436d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 437d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek case Stmt::ImplicitCastExprClass: { 438082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const ImplicitCastExpr *Expr = cast<ImplicitCastExpr>(E); 439d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek return SemaCheckStringLiteral(Expr->getSubExpr(), TheCall, HasVAListArg, 4403c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor format_idx, firstDataArg); 441d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek } 442d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 443d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek case Stmt::ParenExprClass: { 444082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const ParenExpr *Expr = cast<ParenExpr>(E); 445d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek return SemaCheckStringLiteral(Expr->getSubExpr(), TheCall, HasVAListArg, 4463c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor format_idx, firstDataArg); 447d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek } 448082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 449082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek case Stmt::DeclRefExprClass: { 450082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const DeclRefExpr *DR = cast<DeclRefExpr>(E); 451082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 452082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek // As an exception, do not flag errors for variables binding to 453082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek // const string literals. 454082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) { 455082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek bool isConstant = false; 456082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek QualType T = DR->getType(); 457082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 458082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek if (const ArrayType *AT = Context.getAsArrayType(T)) { 459082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek isConstant = AT->getElementType().isConstant(Context); 460082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek } 461082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek else if (const PointerType *PT = T->getAsPointerType()) { 462082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek isConstant = T.isConstant(Context) && 463082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek PT->getPointeeType().isConstant(Context); 464082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek } 465082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 466082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek if (isConstant) { 467082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const VarDecl *Def = 0; 468082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek if (const Expr *Init = VD->getDefinition(Def)) 469082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek return SemaCheckStringLiteral(Init, TheCall, 470082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek HasVAListArg, format_idx, firstDataArg); 471082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek } 472082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek } 473082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 474082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek return false; 475082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek } 476d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 477082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek case Stmt::ObjCStringLiteralClass: 478082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek case Stmt::StringLiteralClass: { 479082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const StringLiteral *StrE = NULL; 480082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 481082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek if (const ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(E)) 482d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek StrE = ObjCFExpr->getString(); 483d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek else 484082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek StrE = cast<StringLiteral>(E); 485082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 486d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek if (StrE) { 4873c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor CheckPrintfString(StrE, E, TheCall, HasVAListArg, format_idx, 4883c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor firstDataArg); 489d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek return true; 490d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek } 491d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 492d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek return false; 493d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek } 494082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 495082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek default: 496082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek return false; 497d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek } 498d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek} 499d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 500d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 50159907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// CheckPrintfArguments - Check calls to printf (and similar functions) for 50271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// correct use of format strings. 50371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 50471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// HasVAListArg - A predicate indicating whether the printf-like 50571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// function is passed an explicit va_arg argument (e.g., vprintf) 50671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 50771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// format_idx - The index into Args for the format string. 50871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 50971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Improper format strings to functions in the printf family can be 51071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// the source of bizarre bugs and very serious security holes. A 51171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// good source of information is available in the following paper 51271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (which includes additional references): 51359907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// 51459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// FormatGuard: Automatic Protection From printf Format String 51559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner/// Vulnerabilities, Proceedings of the 10th USENIX Security Symposium, 2001. 51671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 51771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Functionality implemented: 51871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 51971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// We can statically check the following properties for string 52071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// literal format strings for non v.*printf functions (where the 52171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// arguments are passed directly): 52271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek// 52371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (1) Are the number of format conversions equal to the number of 52471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// data arguments? 52571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 52671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (2) Does each format conversion correctly match the type of the 52771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// corresponding data argument? (TODO) 52871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 52971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// Moreover, for all printf functions we can: 53071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 53171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (3) Check for a missing format string (when not caught by type checking). 53271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 53371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (4) Check for no-operation flags; e.g. using "#" with format 53471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// conversion 'c' (TODO) 53571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 53671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (5) Check the use of '%n', a major source of security holes. 53771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 53871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (6) Check for malformed format conversions that don't specify anything. 53971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 54071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (7) Check for empty format strings. e.g: printf(""); 54171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 54271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// (8) Check that the format string is a wide literal. 54371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 5446d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (9) Also check the arguments of functions with the __format__ attribute. 5456d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// (TODO). 5466d43959ad845a43f27e00d2720f6bc3d3219d632Ted Kremenek/// 54771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// All of these checks can be done by parsing the format string. 54871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// 54971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek/// For now, we ONLY do (1), (3), (5), (6), (7), and (8). 55059907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattnervoid 551082d936a5b8323ac2c04558d8bca277a647831a3Ted KremenekSema::CheckPrintfArguments(const CallExpr *TheCall, bool HasVAListArg, 5523c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor unsigned format_idx, unsigned firstDataArg) { 553082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const Expr *Fn = TheCall->getCallee(); 554925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner 55571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: printf-like function is called with no format string. 556925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (format_idx >= TheCall->getNumArgs()) { 557dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(TheCall->getRParenLoc(), diag::warn_printf_missing_format_string) 558dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << Fn->getSourceRange(); 55971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 56071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 56171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 562082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const Expr *OrigFormatExpr = TheCall->getArg(format_idx)->IgnoreParenCasts(); 563459e8488046be5df0bf57f0a8677316abf253167Chris Lattner 56459907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // CHECK: format string is not a string literal. 56559907c4d8f6fc8aacfdaa0273bd7a9c140fbb45fChris Lattner // 56671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Dynamically generated format strings are difficult to 56771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // automatically vet at compile time. Requiring that format strings 56871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // are string literals: (1) permits the checking of format strings by 56971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the compiler and thereby (2) can practically remove the source of 57071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // many format string exploits. 5717ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 5727ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Format string can be either ObjC string (e.g. @"%d") or 5737ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // C string (e.g. "%d") 5747ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // ObjC string uses the same format specifiers as C string, so we can use 5757ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // the same format string checking logic for both ObjC and C strings. 5763c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor bool isFExpr = SemaCheckStringLiteral(OrigFormatExpr, TheCall, 5773c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor HasVAListArg, format_idx, 5783c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor firstDataArg); 5797ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 580d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek if (!isFExpr) { 5814a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // For vprintf* functions (i.e., HasVAListArg==true), we add a 5824a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // special check to see if the format string is a function parameter 5834a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // of the function calling the printf function. If the function 5844a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // has an attribute indicating it is a printf-like function, then we 5854a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // should suppress warnings concerning non-literals being used in a call 5864a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // to a vprintf function. For example: 5874a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 5884a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // void 5894a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // logmessage(char const *fmt __attribute__ (format (printf, 1, 2)), ...) { 5904a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_list ap; 5914a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // va_start(ap, fmt); 5924a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // vprintf(fmt, ap); // Do NOT emit a warning about "fmt". 5934a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // ... 5944a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 5954a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // 5964a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // FIXME: We don't have full attribute support yet, so just check to see 5974a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // if the argument is a DeclRefExpr that references a parameter. We'll 5984a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek // add proper support for checking the attribute later. 5994a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek if (HasVAListArg) 600082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek if (const DeclRefExpr* DR = dyn_cast<DeclRefExpr>(OrigFormatExpr)) 601998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner if (isa<ParmVarDecl>(DR->getDecl())) 6024a33646560c4faf8fb82a681360eb2dc0573d558Ted Kremenek return; 603d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 604925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx)->getLocStart(), 605dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner diag::warn_printf_not_string_constant) 606082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek << OrigFormatExpr->getSourceRange(); 60771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 60871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 609d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek} 610d30ef87f34015d18bde20b9632032d0063d761aaTed Kremenek 611082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenekvoid Sema::CheckPrintfString(const StringLiteral *FExpr, 612082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const Expr *OrigFormatExpr, 613082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const CallExpr *TheCall, bool HasVAListArg, 614082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek unsigned format_idx, unsigned firstDataArg) { 615082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek 616082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const ObjCStringLiteral *ObjCFExpr = 617082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek dyn_cast<ObjCStringLiteral>(OrigFormatExpr); 61871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 61971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: is the format string a wide literal? 62071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (FExpr->isWide()) { 621925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(FExpr->getLocStart(), 622dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner diag::warn_printf_format_string_is_wide_literal) 623dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << OrigFormatExpr->getSourceRange(); 62471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 62571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 62671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 62771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Str - The format string. NOTE: this is NOT null-terminated! 62871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const char * const Str = FExpr->getStrData(); 62971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 63071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: empty format string? 63171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek const unsigned StrLen = FExpr->getByteLength(); 63271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 63371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (StrLen == 0) { 634dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(FExpr->getLocStart(), diag::warn_printf_empty_format_string) 635dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << OrigFormatExpr->getSourceRange(); 63671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 63771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 63871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 63971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // We process the format string using a binary state machine. The 64071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // current state is stored in CurrentState. 64171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek enum { 64271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_OrdChr, 64371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek state_Conversion 64471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } CurrentState = state_OrdChr; 64571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 64671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numConversions - The number of conversions seen so far. This is 64771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // incremented as we traverse the format string. 64871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned numConversions = 0; 64971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 65071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // numDataArgs - The number of data arguments after the format 65171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // string. This can only be determined for non vprintf-like 65271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // functions. For those functions, this value is 1 (the sole 65371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // va_arg argument). 6543c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor unsigned numDataArgs = TheCall->getNumArgs()-firstDataArg; 65571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 65671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Inspect the format string. 65771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned StrIdx = 0; 65871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 65971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // LastConversionIdx - Index within the format string where we last saw 66071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // a '%' character that starts a new format conversion. 66171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek unsigned LastConversionIdx = 0; 66271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 663925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner for (; StrIdx < StrLen; ++StrIdx) { 664998568f24d6665b8a9bf26b42a04e5f80d14668fChris Lattner 66571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Is the number of detected conversion conversions greater than 66671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // the number of matching data arguments? If so, stop. 66771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg && numConversions > numDataArgs) break; 66871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 66971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Handle "\0" 670925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner if (Str[StrIdx] == '\0') { 67171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // The string returned by getStrData() is not null-terminated, 67271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // so the presence of a null character is likely an error. 67360800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner Diag(getLocationOfStringLiteralByte(FExpr, StrIdx), 674dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner diag::warn_printf_format_string_contains_null_char) 675dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << OrigFormatExpr->getSourceRange(); 67671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 67771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 67871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 67971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Ordinary characters (not processing a format conversion). 68071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_OrdChr) { 68171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (Str[StrIdx] == '%') { 68271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek CurrentState = state_Conversion; 68371895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek LastConversionIdx = StrIdx; 68471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 68571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek continue; 68671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 68771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 68871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Seen '%'. Now processing a format conversion. 68971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek switch (Str[StrIdx]) { 690fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle dynamic precision or width specifier. 691fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '*': { 692fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 693fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 694fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!HasVAListArg && numConversions > numDataArgs) { 69560800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation Loc = getLocationOfStringLiteralByte(FExpr, StrIdx); 696580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 697580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek if (Str[StrIdx-1] == '.') 698dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_missing_arg) 699dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << OrigFormatExpr->getSourceRange(); 700580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek else 701dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(Loc, diag::warn_printf_asterisk_width_missing_arg) 702dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << OrigFormatExpr->getSourceRange(); 703580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek 704fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Don't do any more checking. We'll just emit spurious errors. 705fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return; 706580b664e9c2acd3bffddfea79b1ce2863cfd9dd0Ted Kremenek } 707fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 708fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Perform type checking on width/precision specifier. 709082d936a5b8323ac2c04558d8bca277a647831a3Ted Kremenek const Expr *E = TheCall->getArg(format_idx+numConversions); 710fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (const BuiltinType *BT = E->getType()->getAsBuiltinType()) 711fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (BT->getKind() == BuiltinType::Int) 712fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 713fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 71460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation Loc = getLocationOfStringLiteralByte(FExpr, StrIdx); 715fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 716fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Str[StrIdx-1] == '.') 717dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(Loc, diag::warn_printf_asterisk_precision_wrong_type) 718d162584991885ab004a02573a73ce06422b921fcChris Lattner << E->getType() << E->getSourceRange(); 719fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 720dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(Loc, diag::warn_printf_asterisk_width_wrong_type) 721d162584991885ab004a02573a73ce06422b921fcChris Lattner << E->getType() << E->getSourceRange(); 722fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 723fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 724fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 725fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 726fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Characters which can terminate a format conversion 727fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // (e.g. "%d"). Characters that specify length modifiers or 728fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // other flags are handled by the default case below. 729fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // 730fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // FIXME: additional checks will go into the following cases. 731fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'i': 732fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'd': 733fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'o': 734fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'u': 735fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'x': 736fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'X': 737fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'D': 738fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'O': 739fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'U': 740fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'e': 741fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'E': 742fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'f': 743fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'F': 744fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'g': 745fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'G': 746fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'a': 747fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'A': 748fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'c': 749fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'C': 750fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'S': 751fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 's': 752fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'p': 753fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 754fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 755fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 75671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 757fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // CHECK: Are we using "%n"? Issue a warning. 758fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case 'n': { 759fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 760fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 76160800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation Loc = getLocationOfStringLiteralByte(FExpr, 76260800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner LastConversionIdx); 763fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 764dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(Loc, diag::warn_printf_write_back)<<OrigFormatExpr->getSourceRange(); 765fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 766fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 7677ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 7687ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Handle "%@" 7697ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek case '@': 7707ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // %@ is allowed in ObjC format strings only. 7717ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek if(ObjCFExpr != NULL) 7727ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek CurrentState = state_OrdChr; 7737ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek else { 7747ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek // Issue a warning: invalid format conversion. 77560800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation Loc = 77660800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner getLocationOfStringLiteralByte(FExpr, LastConversionIdx); 7777ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 778d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner Diag(Loc, diag::warn_printf_invalid_conversion) 779d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner << std::string(Str+LastConversionIdx, 780d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner Str+std::min(LastConversionIdx+2, StrLen)) 781d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner << OrigFormatExpr->getSourceRange(); 7827ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek } 7837ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek ++numConversions; 7847ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek break; 7857ff22b259d4d4729f701679e3a7f0e242365e07fTed Kremenek 786fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle "%%" 787fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case '%': 788fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Sanity check: Was the first "%" character the previous one? 789fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // If not, we will assume that we have a malformed format 790fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion, and that the current "%" character is the start 791fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // of a new conversion. 792fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (StrIdx - LastConversionIdx == 1) 793fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner CurrentState = state_OrdChr; 794fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else { 795fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Issue a warning: invalid format conversion. 79660800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation Loc = 79760800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner getLocationOfStringLiteralByte(FExpr, LastConversionIdx); 798fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 799d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner Diag(Loc, diag::warn_printf_invalid_conversion) 800d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner << std::string(Str+LastConversionIdx, Str+StrIdx) 801d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner << OrigFormatExpr->getSourceRange(); 802fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 803fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This conversion is broken. Advance to the next format 804fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // conversion. 805fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner LastConversionIdx = StrIdx; 806fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ++numConversions; 80771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 808fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 80971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 810fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 811fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // This case catches all other characters: flags, widths, etc. 812fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // We should eventually process those as well. 813fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner break; 81471895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 81571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 81671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 81771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (CurrentState == state_Conversion) { 81871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // Issue a warning: invalid format conversion. 81960800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation Loc = 82060800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner getLocationOfStringLiteralByte(FExpr, LastConversionIdx); 82171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 822d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner Diag(Loc, diag::warn_printf_invalid_conversion) 823d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner << std::string(Str+LastConversionIdx, 824d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner Str+std::min(LastConversionIdx+2, StrLen)) 825d3a94e24ddf3fb90de76b17bd176d9ed61e66f2cChris Lattner << OrigFormatExpr->getSourceRange(); 82671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek return; 82771895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 82871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 82971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (!HasVAListArg) { 83071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of format conversions exceed the number 83171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // of data arguments? 83271895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek if (numConversions > numDataArgs) { 83360800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner SourceLocation Loc = 83460800081361b0ffc114877b8abbc81cb57b4edf6Chris Lattner getLocationOfStringLiteralByte(FExpr, LastConversionIdx); 83571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek 836dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(Loc, diag::warn_printf_insufficient_data_args) 837dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << OrigFormatExpr->getSourceRange(); 83871895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 83971895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // CHECK: Does the number of data arguments exceed the number of 84071895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek // format conversions in the format string? 84171895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek else if (numConversions < numDataArgs) 842925e60d3fa706f31886027c876989af79eb0e0d2Chris Lattner Diag(TheCall->getArg(format_idx+numConversions+1)->getLocStart(), 843dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner diag::warn_printf_too_many_data_args) 844dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << OrigFormatExpr->getSourceRange(); 84571895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek } 84671895b9aa3ad71957359497e136b50fcb6136bdfTed Kremenek} 84706de276fff91264437fa75111ed76de43097e089Ted Kremenek 84806de276fff91264437fa75111ed76de43097e089Ted Kremenek//===--- CHECK: Return Address of Stack Variable --------------------------===// 84906de276fff91264437fa75111ed76de43097e089Ted Kremenek 85006de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E); 85106de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr* E); 85206de276fff91264437fa75111ed76de43097e089Ted Kremenek 85306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// CheckReturnStackAddr - Check if a return statement returns the address 85406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable. 85506de276fff91264437fa75111ed76de43097e089Ted Kremenekvoid 85606de276fff91264437fa75111ed76de43097e089Ted KremenekSema::CheckReturnStackAddr(Expr *RetValExp, QualType lhsType, 85706de276fff91264437fa75111ed76de43097e089Ted Kremenek SourceLocation ReturnLoc) { 85856f349400c5932a196509c0480ff6f99a9a0b48fChris Lattner 85906de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for returned stack addresses. 860dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff if (lhsType->isPointerType() || lhsType->isBlockPointerType()) { 86106de276fff91264437fa75111ed76de43097e089Ted Kremenek if (DeclRefExpr *DR = EvalAddr(RetValExp)) 8623c73c41cefcfe76f36b7bed72c9f1ec195490951Chris Lattner Diag(DR->getLocStart(), diag::warn_ret_stack_addr) 86308631c5fa053867146b5ee8be658c229f6bf127cChris Lattner << DR->getDecl()->getDeclName() << RetValExp->getSourceRange(); 864c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff 865c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff // Skip over implicit cast expressions when checking for block expressions. 866c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff if (ImplicitCastExpr *IcExpr = 867c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff dyn_cast_or_null<ImplicitCastExpr>(RetValExp)) 868c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff RetValExp = IcExpr->getSubExpr(); 869c50a4a5f2eac14ac4c631d50b0a55cadc87700ceSteve Naroff 87061f40a2b67fc2046768e14f66b617e564cbcc3d8Steve Naroff if (BlockExpr *C = dyn_cast_or_null<BlockExpr>(RetValExp)) 871dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(C->getLocStart(), diag::err_ret_local_block) 872dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner << C->getSourceRange(); 87306de276fff91264437fa75111ed76de43097e089Ted Kremenek } 87406de276fff91264437fa75111ed76de43097e089Ted Kremenek // Perform checking for stack values returned by reference. 87506de276fff91264437fa75111ed76de43097e089Ted Kremenek else if (lhsType->isReferenceType()) { 87649badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // Check for a reference to the stack 87749badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor if (DeclRefExpr *DR = EvalVal(RetValExp)) 878dcd5ef12488e4c7ea844327835896ca86b609a97Chris Lattner Diag(DR->getLocStart(), diag::warn_ret_stack_ref) 87908631c5fa053867146b5ee8be658c229f6bf127cChris Lattner << DR->getDecl()->getDeclName() << RetValExp->getSourceRange(); 88006de276fff91264437fa75111ed76de43097e089Ted Kremenek } 88106de276fff91264437fa75111ed76de43097e089Ted Kremenek} 88206de276fff91264437fa75111ed76de43097e089Ted Kremenek 88306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalAddr - EvalAddr and EvalVal are mutually recursive functions that 88406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// check if the expression in a return statement evaluates to an address 88506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// to a location on the stack. The recursion is used to traverse the 88606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// AST of the return expression, with recursion backtracking when we 88706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// encounter a subexpression that (1) clearly does not lead to the address 88806de276fff91264437fa75111ed76de43097e089Ted Kremenek/// of a stack variable or (2) is something we cannot determine leads to 88906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the address of a stack variable based on such local checking. 89006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 891e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// EvalAddr processes expressions that are pointers that are used as 892e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek/// references (and not L-values). EvalVal handles all other values. 89306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// At the base case of the recursion is a check for a DeclRefExpr* in 89406de276fff91264437fa75111ed76de43097e089Ted Kremenek/// the refers to a stack variable. 89506de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 89606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// This implementation handles: 89706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// 89806de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer-to-pointer casts 89906de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * implicit conversions from array references to pointers 90006de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of fields 90106de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * arbitrary interplay between "&" and "*" operators 90206de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * pointer arithmetic from an address of a stack variable 90306de276fff91264437fa75111ed76de43097e089Ted Kremenek/// * taking the address of an array element where the array is on the stack 90406de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalAddr(Expr *E) { 90506de276fff91264437fa75111ed76de43097e089Ted Kremenek // We should only be called for evaluating pointer expressions. 906dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff assert((E->getType()->isPointerType() || 907dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff E->getType()->isBlockPointerType() || 908a526c5c67e5a0473c340903ee542ce570119665fTed Kremenek E->getType()->isObjCQualifiedIdType()) && 909fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner "EvalAddr only works on pointers"); 91006de276fff91264437fa75111ed76de43097e089Ted Kremenek 91106de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 91206de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 91306de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 91406de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 915fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ParenExprClass: 916fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Ignore parentheses. 917fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(cast<ParenExpr>(E)->getSubExpr()); 91806de276fff91264437fa75111ed76de43097e089Ted Kremenek 919fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::UnaryOperatorClass: { 920fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // The only unary operator that make sense to handle here 921fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // is AddrOf. All others don't make sense as pointers. 922fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner UnaryOperator *U = cast<UnaryOperator>(E); 92306de276fff91264437fa75111ed76de43097e089Ted Kremenek 924fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (U->getOpcode() == UnaryOperator::AddrOf) 925fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalVal(U->getSubExpr()); 926fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 927fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 928fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 929fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 930fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::BinaryOperatorClass: { 931fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle pointer arithmetic. All other binary operators are not valid 932fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // in this context. 933fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator *B = cast<BinaryOperator>(E); 934fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner BinaryOperator::Opcode op = B->getOpcode(); 93506de276fff91264437fa75111ed76de43097e089Ted Kremenek 936fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (op != BinaryOperator::Add && op != BinaryOperator::Sub) 937fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 93806de276fff91264437fa75111ed76de43097e089Ted Kremenek 939fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner Expr *Base = B->getLHS(); 9403907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 941fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Determine which argument is the real pointer base. It could be 942fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // the RHS argument instead of the LHS. 943fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (!Base->getType()->isPointerType()) Base = B->getRHS(); 94406de276fff91264437fa75111ed76de43097e089Ted Kremenek 945fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner assert (Base->getType()->isPointerType()); 946fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(Base); 947fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 94861f40a2b67fc2046768e14f66b617e564cbcc3d8Steve Naroff 949fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // For conditional operators we need to see if either the LHS or RHS are 950fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // valid DeclRefExpr*s. If one of them is valid, we return it. 951fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner case Stmt::ConditionalOperatorClass: { 952fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner ConditionalOperator *C = cast<ConditionalOperator>(E); 953fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 954fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Handle the GNU extension for missing LHS. 955fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (Expr *lhsExpr = C->getLHS()) 956fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner if (DeclRefExpr* LHS = EvalAddr(lhsExpr)) 957fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return LHS; 95806de276fff91264437fa75111ed76de43097e089Ted Kremenek 959fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(C->getRHS()); 960fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 961fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 96254b5274f2c190331438375ad114dad12ae098b57Ted Kremenek // For casts, we need to handle conversions from arrays to 96354b5274f2c190331438375ad114dad12ae098b57Ted Kremenek // pointer values, and pointer-to-pointer conversions. 96449badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::ImplicitCastExprClass: 9656eec8e883de118b431e3ead5b1e604a6ac68ff6bDouglas Gregor case Stmt::CStyleCastExprClass: 96649badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXFunctionalCastExprClass: { 9670835a3cdeefe714b4959d31127ea155e56393125Argyrios Kyrtzidis Expr* SubExpr = cast<CastExpr>(E)->getSubExpr(); 96854b5274f2c190331438375ad114dad12ae098b57Ted Kremenek QualType T = SubExpr->getType(); 969fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 970dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff if (SubExpr->getType()->isPointerType() || 971dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff SubExpr->getType()->isBlockPointerType() || 972dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff SubExpr->getType()->isObjCQualifiedIdType()) 973fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(SubExpr); 97454b5274f2c190331438375ad114dad12ae098b57Ted Kremenek else if (T->isArrayType()) 97554b5274f2c190331438375ad114dad12ae098b57Ted Kremenek return EvalVal(SubExpr); 976fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner else 97754b5274f2c190331438375ad114dad12ae098b57Ted Kremenek return 0; 978fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 979fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 980fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // C++ casts. For dynamic casts, static casts, and const casts, we 981fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // are always converting from a pointer-to-pointer, so we just blow 98249badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // through the cast. In the case the dynamic cast doesn't fail (and 98349badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // return NULL), we take the conservative route and report cases 984fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // where we return the address of a stack variable. For Reinterpre 98549badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // FIXME: The comment about is wrong; we're not always converting 98649badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // from pointer to pointer. I'm guessing that this code should also 98749badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor // handle references to objects. 98849badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXStaticCastExprClass: 98949badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXDynamicCastExprClass: 99049badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXConstCastExprClass: 99149badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor case Stmt::CXXReinterpretCastExprClass: { 99249badde06e066d058d6c7fcf4e628a72999b65a9Douglas Gregor Expr *S = cast<CXXNamedCastExpr>(E)->getSubExpr(); 993dd972f20dc2bd3609d833893e5c6544ac09b59a9Steve Naroff if (S->getType()->isPointerType() || S->getType()->isBlockPointerType()) 994fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return EvalAddr(S); 99506de276fff91264437fa75111ed76de43097e089Ted Kremenek else 99606de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 997fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner } 998fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner 999fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner // Everything else: we simply don't reason about them. 1000fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner default: 1001fae3f1f6565c74d3238747b58357a6e56fbb0e9cChris Lattner return NULL; 100206de276fff91264437fa75111ed76de43097e089Ted Kremenek } 100306de276fff91264437fa75111ed76de43097e089Ted Kremenek} 100406de276fff91264437fa75111ed76de43097e089Ted Kremenek 100506de276fff91264437fa75111ed76de43097e089Ted Kremenek 100606de276fff91264437fa75111ed76de43097e089Ted Kremenek/// EvalVal - This function is complements EvalAddr in the mutual recursion. 100706de276fff91264437fa75111ed76de43097e089Ted Kremenek/// See the comments for EvalAddr for more details. 100806de276fff91264437fa75111ed76de43097e089Ted Kremenekstatic DeclRefExpr* EvalVal(Expr *E) { 100906de276fff91264437fa75111ed76de43097e089Ted Kremenek 1010e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // We should only be called for evaluating non-pointer expressions, or 1011e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // expressions with a pointer type that are not used as references but instead 1012e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek // are l-values (e.g., DeclRefExpr with a pointer type). 1013e8c600f9fedf2cfd69cdd2cb4bde4a9b39ce2873Ted Kremenek 101406de276fff91264437fa75111ed76de43097e089Ted Kremenek // Our "symbolic interpreter" is just a dispatch off the currently 101506de276fff91264437fa75111ed76de43097e089Ted Kremenek // viewed AST node. We then recursively traverse the AST by calling 101606de276fff91264437fa75111ed76de43097e089Ted Kremenek // EvalAddr and EvalVal appropriately. 101706de276fff91264437fa75111ed76de43097e089Ted Kremenek switch (E->getStmtClass()) { 10181a49af9681c350fef58e677f85ccb9a77e8e9d0aDouglas Gregor case Stmt::DeclRefExprClass: 10191a49af9681c350fef58e677f85ccb9a77e8e9d0aDouglas Gregor case Stmt::QualifiedDeclRefExprClass: { 102006de276fff91264437fa75111ed76de43097e089Ted Kremenek // DeclRefExpr: the base case. When we hit a DeclRefExpr we are looking 102106de276fff91264437fa75111ed76de43097e089Ted Kremenek // at code that refers to a variable's name. We check if it has local 102206de276fff91264437fa75111ed76de43097e089Ted Kremenek // storage within the function, and if so, return the expression. 102306de276fff91264437fa75111ed76de43097e089Ted Kremenek DeclRefExpr *DR = cast<DeclRefExpr>(E); 102406de276fff91264437fa75111ed76de43097e089Ted Kremenek 102506de276fff91264437fa75111ed76de43097e089Ted Kremenek if (VarDecl *V = dyn_cast<VarDecl>(DR->getDecl())) 102627c8dc06f65d7abcf6a7e7f64a7960c9a150ca01Douglas Gregor if(V->hasLocalStorage() && !V->getType()->isReferenceType()) return DR; 102706de276fff91264437fa75111ed76de43097e089Ted Kremenek 102806de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 102906de276fff91264437fa75111ed76de43097e089Ted Kremenek } 103006de276fff91264437fa75111ed76de43097e089Ted Kremenek 103106de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ParenExprClass: 103206de276fff91264437fa75111ed76de43097e089Ted Kremenek // Ignore parentheses. 103306de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(cast<ParenExpr>(E)->getSubExpr()); 103406de276fff91264437fa75111ed76de43097e089Ted Kremenek 103506de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::UnaryOperatorClass: { 103606de276fff91264437fa75111ed76de43097e089Ted Kremenek // The only unary operator that make sense to handle here 103706de276fff91264437fa75111ed76de43097e089Ted Kremenek // is Deref. All others don't resolve to a "name." This includes 103806de276fff91264437fa75111ed76de43097e089Ted Kremenek // handling all sorts of rvalues passed to a unary operator. 103906de276fff91264437fa75111ed76de43097e089Ted Kremenek UnaryOperator *U = cast<UnaryOperator>(E); 104006de276fff91264437fa75111ed76de43097e089Ted Kremenek 104106de276fff91264437fa75111ed76de43097e089Ted Kremenek if (U->getOpcode() == UnaryOperator::Deref) 104206de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalAddr(U->getSubExpr()); 104306de276fff91264437fa75111ed76de43097e089Ted Kremenek 104406de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 104506de276fff91264437fa75111ed76de43097e089Ted Kremenek } 104606de276fff91264437fa75111ed76de43097e089Ted Kremenek 104706de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ArraySubscriptExprClass: { 104806de276fff91264437fa75111ed76de43097e089Ted Kremenek // Array subscripts are potential references to data on the stack. We 104906de276fff91264437fa75111ed76de43097e089Ted Kremenek // retrieve the DeclRefExpr* for the array variable if it indeed 105006de276fff91264437fa75111ed76de43097e089Ted Kremenek // has local storage. 10512324512285caac0332bbbc6e4cab6245d2a370a1Ted Kremenek return EvalAddr(cast<ArraySubscriptExpr>(E)->getBase()); 105206de276fff91264437fa75111ed76de43097e089Ted Kremenek } 105306de276fff91264437fa75111ed76de43097e089Ted Kremenek 105406de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::ConditionalOperatorClass: { 105506de276fff91264437fa75111ed76de43097e089Ted Kremenek // For conditional operators we need to see if either the LHS or RHS are 105606de276fff91264437fa75111ed76de43097e089Ted Kremenek // non-NULL DeclRefExpr's. If one is non-NULL, we return it. 105706de276fff91264437fa75111ed76de43097e089Ted Kremenek ConditionalOperator *C = cast<ConditionalOperator>(E); 105806de276fff91264437fa75111ed76de43097e089Ted Kremenek 10593907323dd6665c0c4e383435cb145233f4533406Anders Carlsson // Handle the GNU extension for missing LHS. 10603907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (Expr *lhsExpr = C->getLHS()) 10613907323dd6665c0c4e383435cb145233f4533406Anders Carlsson if (DeclRefExpr *LHS = EvalVal(lhsExpr)) 10623907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return LHS; 10633907323dd6665c0c4e383435cb145233f4533406Anders Carlsson 10643907323dd6665c0c4e383435cb145233f4533406Anders Carlsson return EvalVal(C->getRHS()); 106506de276fff91264437fa75111ed76de43097e089Ted Kremenek } 106606de276fff91264437fa75111ed76de43097e089Ted Kremenek 106706de276fff91264437fa75111ed76de43097e089Ted Kremenek // Accesses to members are potential references to data on the stack. 106806de276fff91264437fa75111ed76de43097e089Ted Kremenek case Stmt::MemberExprClass: { 106906de276fff91264437fa75111ed76de43097e089Ted Kremenek MemberExpr *M = cast<MemberExpr>(E); 107006de276fff91264437fa75111ed76de43097e089Ted Kremenek 107106de276fff91264437fa75111ed76de43097e089Ted Kremenek // Check for indirect access. We only want direct field accesses. 107206de276fff91264437fa75111ed76de43097e089Ted Kremenek if (!M->isArrow()) 107306de276fff91264437fa75111ed76de43097e089Ted Kremenek return EvalVal(M->getBase()); 107406de276fff91264437fa75111ed76de43097e089Ted Kremenek else 107506de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 107606de276fff91264437fa75111ed76de43097e089Ted Kremenek } 107706de276fff91264437fa75111ed76de43097e089Ted Kremenek 107806de276fff91264437fa75111ed76de43097e089Ted Kremenek // Everything else: we simply don't reason about them. 107906de276fff91264437fa75111ed76de43097e089Ted Kremenek default: 108006de276fff91264437fa75111ed76de43097e089Ted Kremenek return NULL; 108106de276fff91264437fa75111ed76de43097e089Ted Kremenek } 108206de276fff91264437fa75111ed76de43097e089Ted Kremenek} 1083588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 1084588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek//===--- CHECK: Floating-Point comparisons (-Wfloat-equal) ---------------===// 1085588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 1086588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Check for comparisons of floating point operands using != and ==. 1087588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// Issue a warning if these are no self-comparisons, as they are not likely 1088588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek/// to do what the programmer intended. 1089588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenekvoid Sema::CheckFloatComparison(SourceLocation loc, Expr* lex, Expr *rex) { 1090588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek bool EmitWarning = true; 1091588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 10924e99a5fc3b203397a91136c6e695e405fb8fc606Ted Kremenek Expr* LeftExprSansParen = lex->IgnoreParens(); 109332e97b66bbce16c9e81c877794fb7a0aeeb66ccbTed Kremenek Expr* RightExprSansParen = rex->IgnoreParens(); 1094588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 1095588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Special case: check for x == x (which is OK). 1096588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Do not emit warnings for such cases. 1097588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRL = dyn_cast<DeclRefExpr>(LeftExprSansParen)) 1098588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DeclRefExpr* DRR = dyn_cast<DeclRefExpr>(RightExprSansParen)) 1099588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (DRL->getDecl() == DRR->getDecl()) 1100588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 1101588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 11021b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 11031b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // Special case: check for comparisons against literals that can be exactly 11041b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // represented by APFloat. In such cases, do not emit a warning. This 11051b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // is a heuristic: often comparison against such literals are used to 11061b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // detect if a value in a variable has not changed. This clearly can 11071b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek // lead to false negatives. 11081b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (EmitWarning) { 11091b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLL = dyn_cast<FloatingLiteral>(LeftExprSansParen)) { 11101b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLL->isExact()) 11111b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 11121b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 11131b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek else 11141b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FloatingLiteral* FLR = dyn_cast<FloatingLiteral>(RightExprSansParen)){ 11151b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek if (FLR->isExact()) 11161b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek EmitWarning = false; 11171b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 11181b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek } 11191b500bb0d40aa3ebf1ace47340bb5f401a9ae99cTed Kremenek 1120588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Check for comparisons with builtin types. 11210eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl if (EmitWarning) 1122588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CL = dyn_cast<CallExpr>(LeftExprSansParen)) 11233c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor if (CL->isBuiltinCall(Context)) 1124588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 1125588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 11260eb23307222bda7ad95d968eac4e1ab30864b213Sebastian Redl if (EmitWarning) 1127588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (CallExpr* CR = dyn_cast<CallExpr>(RightExprSansParen)) 11283c385e5f8d9008fff18597ca302be19fa86e51f6Douglas Gregor if (CR->isBuiltinCall(Context)) 1129588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek EmitWarning = false; 1130588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek 1131588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek // Emit the diagnostic. 1132588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek if (EmitWarning) 1133fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner Diag(loc, diag::warn_floatingpoint_eq) 1134fa25bbb351f4fdd977f51254119cdfc2b525ce90Chris Lattner << lex->getSourceRange() << rex->getSourceRange(); 1135588e5ebee2db045c3611e0c8f601bc4495ebd0f3Ted Kremenek} 1136