SemaChecking.cpp revision 0d15c5321a11a5fee53b17ca8e9e0d72d6192b23
1//===--- SemaChecking.cpp - Extra Semantic Checking -----------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file implements extra semantic analysis beyond what is enforced 11// by the C type system. 12// 13//===----------------------------------------------------------------------===// 14 15#include "Sema.h" 16#include "clang/Analysis/Analyses/PrintfFormatString.h" 17#include "clang/AST/ASTContext.h" 18#include "clang/AST/CharUnits.h" 19#include "clang/AST/DeclObjC.h" 20#include "clang/AST/ExprCXX.h" 21#include "clang/AST/ExprObjC.h" 22#include "clang/AST/DeclObjC.h" 23#include "clang/AST/StmtCXX.h" 24#include "clang/AST/StmtObjC.h" 25#include "clang/Lex/LiteralSupport.h" 26#include "clang/Lex/Preprocessor.h" 27#include "llvm/ADT/BitVector.h" 28#include "llvm/ADT/STLExtras.h" 29#include "llvm/ADT/StringExtras.h" 30#include "llvm/Support/raw_ostream.h" 31#include "clang/Basic/TargetBuiltins.h" 32#include "clang/Basic/TargetInfo.h" 33#include <limits> 34using namespace clang; 35 36/// getLocationOfStringLiteralByte - Return a source location that points to the 37/// specified byte of the specified string literal. 38/// 39/// Strings are amazingly complex. They can be formed from multiple tokens and 40/// can have escape sequences in them in addition to the usual trigraph and 41/// escaped newline business. This routine handles this complexity. 42/// 43SourceLocation Sema::getLocationOfStringLiteralByte(const StringLiteral *SL, 44 unsigned ByteNo) const { 45 assert(!SL->isWide() && "This doesn't work for wide strings yet"); 46 47 // Loop over all of the tokens in this string until we find the one that 48 // contains the byte we're looking for. 49 unsigned TokNo = 0; 50 while (1) { 51 assert(TokNo < SL->getNumConcatenated() && "Invalid byte number!"); 52 SourceLocation StrTokLoc = SL->getStrTokenLoc(TokNo); 53 54 // Get the spelling of the string so that we can get the data that makes up 55 // the string literal, not the identifier for the macro it is potentially 56 // expanded through. 57 SourceLocation StrTokSpellingLoc = SourceMgr.getSpellingLoc(StrTokLoc); 58 59 // Re-lex the token to get its length and original spelling. 60 std::pair<FileID, unsigned> LocInfo = 61 SourceMgr.getDecomposedLoc(StrTokSpellingLoc); 62 bool Invalid = false; 63 llvm::StringRef Buffer = SourceMgr.getBufferData(LocInfo.first, &Invalid); 64 if (Invalid) 65 return StrTokSpellingLoc; 66 67 const char *StrData = Buffer.data()+LocInfo.second; 68 69 // Create a langops struct and enable trigraphs. This is sufficient for 70 // relexing tokens. 71 LangOptions LangOpts; 72 LangOpts.Trigraphs = true; 73 74 // Create a lexer starting at the beginning of this token. 75 Lexer TheLexer(StrTokSpellingLoc, LangOpts, Buffer.begin(), StrData, 76 Buffer.end()); 77 Token TheTok; 78 TheLexer.LexFromRawLexer(TheTok); 79 80 // Use the StringLiteralParser to compute the length of the string in bytes. 81 StringLiteralParser SLP(&TheTok, 1, PP, /*Complain=*/false); 82 unsigned TokNumBytes = SLP.GetStringLength(); 83 84 // If the byte is in this token, return the location of the byte. 85 if (ByteNo < TokNumBytes || 86 (ByteNo == TokNumBytes && TokNo == SL->getNumConcatenated())) { 87 unsigned Offset = 88 StringLiteralParser::getOffsetOfStringByte(TheTok, ByteNo, PP, 89 /*Complain=*/false); 90 91 // Now that we know the offset of the token in the spelling, use the 92 // preprocessor to get the offset in the original source. 93 return PP.AdvanceToTokenCharacter(StrTokLoc, Offset); 94 } 95 96 // Move to the next string token. 97 ++TokNo; 98 ByteNo -= TokNumBytes; 99 } 100} 101 102/// CheckablePrintfAttr - does a function call have a "printf" attribute 103/// and arguments that merit checking? 104bool Sema::CheckablePrintfAttr(const FormatAttr *Format, CallExpr *TheCall) { 105 if (Format->getType() == "printf") return true; 106 if (Format->getType() == "printf0") { 107 // printf0 allows null "format" string; if so don't check format/args 108 unsigned format_idx = Format->getFormatIdx() - 1; 109 // Does the index refer to the implicit object argument? 110 if (isa<CXXMemberCallExpr>(TheCall)) { 111 if (format_idx == 0) 112 return false; 113 --format_idx; 114 } 115 if (format_idx < TheCall->getNumArgs()) { 116 Expr *Format = TheCall->getArg(format_idx)->IgnoreParenCasts(); 117 if (!Format->isNullPointerConstant(Context, 118 Expr::NPC_ValueDependentIsNull)) 119 return true; 120 } 121 } 122 return false; 123} 124 125Action::OwningExprResult 126Sema::CheckBuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 127 OwningExprResult TheCallResult(Owned(TheCall)); 128 129 switch (BuiltinID) { 130 case Builtin::BI__builtin___CFStringMakeConstantString: 131 assert(TheCall->getNumArgs() == 1 && 132 "Wrong # arguments to builtin CFStringMakeConstantString"); 133 if (CheckObjCString(TheCall->getArg(0))) 134 return ExprError(); 135 break; 136 case Builtin::BI__builtin_stdarg_start: 137 case Builtin::BI__builtin_va_start: 138 if (SemaBuiltinVAStart(TheCall)) 139 return ExprError(); 140 break; 141 case Builtin::BI__builtin_isgreater: 142 case Builtin::BI__builtin_isgreaterequal: 143 case Builtin::BI__builtin_isless: 144 case Builtin::BI__builtin_islessequal: 145 case Builtin::BI__builtin_islessgreater: 146 case Builtin::BI__builtin_isunordered: 147 if (SemaBuiltinUnorderedCompare(TheCall)) 148 return ExprError(); 149 break; 150 case Builtin::BI__builtin_fpclassify: 151 if (SemaBuiltinFPClassification(TheCall, 6)) 152 return ExprError(); 153 break; 154 case Builtin::BI__builtin_isfinite: 155 case Builtin::BI__builtin_isinf: 156 case Builtin::BI__builtin_isinf_sign: 157 case Builtin::BI__builtin_isnan: 158 case Builtin::BI__builtin_isnormal: 159 if (SemaBuiltinFPClassification(TheCall, 1)) 160 return ExprError(); 161 break; 162 case Builtin::BI__builtin_return_address: 163 case Builtin::BI__builtin_frame_address: { 164 llvm::APSInt Result; 165 if (SemaBuiltinConstantArg(TheCall, 0, Result)) 166 return ExprError(); 167 break; 168 } 169 case Builtin::BI__builtin_eh_return_data_regno: { 170 llvm::APSInt Result; 171 if (SemaBuiltinConstantArg(TheCall, 0, Result)) 172 return ExprError(); 173 break; 174 } 175 case Builtin::BI__builtin_shufflevector: 176 return SemaBuiltinShuffleVector(TheCall); 177 // TheCall will be freed by the smart pointer here, but that's fine, since 178 // SemaBuiltinShuffleVector guts it, but then doesn't release it. 179 case Builtin::BI__builtin_prefetch: 180 if (SemaBuiltinPrefetch(TheCall)) 181 return ExprError(); 182 break; 183 case Builtin::BI__builtin_object_size: 184 if (SemaBuiltinObjectSize(TheCall)) 185 return ExprError(); 186 break; 187 case Builtin::BI__builtin_longjmp: 188 if (SemaBuiltinLongjmp(TheCall)) 189 return ExprError(); 190 break; 191 case Builtin::BI__sync_fetch_and_add: 192 case Builtin::BI__sync_fetch_and_sub: 193 case Builtin::BI__sync_fetch_and_or: 194 case Builtin::BI__sync_fetch_and_and: 195 case Builtin::BI__sync_fetch_and_xor: 196 case Builtin::BI__sync_add_and_fetch: 197 case Builtin::BI__sync_sub_and_fetch: 198 case Builtin::BI__sync_and_and_fetch: 199 case Builtin::BI__sync_or_and_fetch: 200 case Builtin::BI__sync_xor_and_fetch: 201 case Builtin::BI__sync_val_compare_and_swap: 202 case Builtin::BI__sync_bool_compare_and_swap: 203 case Builtin::BI__sync_lock_test_and_set: 204 case Builtin::BI__sync_lock_release: 205 if (SemaBuiltinAtomicOverloaded(TheCall)) 206 return ExprError(); 207 break; 208 } 209 210 // Since the target specific builtins for each arch overlap, only check those 211 // of the arch we are compiling for. 212 if (BuiltinID >= Builtin::FirstTSBuiltin) { 213 switch (Context.Target.getTriple().getArch()) { 214 case llvm::Triple::arm: 215 case llvm::Triple::thumb: 216 if (CheckARMBuiltinFunctionCall(BuiltinID, TheCall)) 217 return ExprError(); 218 break; 219 case llvm::Triple::x86: 220 case llvm::Triple::x86_64: 221 if (CheckX86BuiltinFunctionCall(BuiltinID, TheCall)) 222 return ExprError(); 223 break; 224 default: 225 break; 226 } 227 } 228 229 return move(TheCallResult); 230} 231 232bool Sema::CheckX86BuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 233 switch (BuiltinID) { 234 case X86::BI__builtin_ia32_palignr128: 235 case X86::BI__builtin_ia32_palignr: { 236 llvm::APSInt Result; 237 if (SemaBuiltinConstantArg(TheCall, 2, Result)) 238 return true; 239 break; 240 } 241 } 242 return false; 243} 244 245bool Sema::CheckARMBuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 246 llvm::APSInt Result; 247 248 unsigned mask = 0; 249 switch (BuiltinID) { 250 case ARM::BI__builtin_neon_vaba_v: mask = 0x707; break; 251 case ARM::BI__builtin_neon_vabaq_v: mask = 0x7070000; break; 252 case ARM::BI__builtin_neon_vabal_v: mask = 0xE0E0000; break; 253 case ARM::BI__builtin_neon_vabd_v: mask = 0x717; break; 254 case ARM::BI__builtin_neon_vabdq_v: mask = 0x7170000; break; 255 case ARM::BI__builtin_neon_vabdl_v: mask = 0xE0E0000; break; 256 case ARM::BI__builtin_neon_vabs_v: mask = 0x17; break; 257 case ARM::BI__builtin_neon_vabsq_v: mask = 0x170000; break; 258 case ARM::BI__builtin_neon_vaddhn_v: mask = 0x707; break; 259 case ARM::BI__builtin_neon_vaddl_v: mask = 0xE0E0000; break; 260 case ARM::BI__builtin_neon_vaddw_v: mask = 0xE0E0000; break; 261 case ARM::BI__builtin_neon_vcage_v: mask = 0x400; break; 262 case ARM::BI__builtin_neon_vcageq_v: mask = 0x4000000; break; 263 case ARM::BI__builtin_neon_vcagt_v: mask = 0x400; break; 264 case ARM::BI__builtin_neon_vcagtq_v: mask = 0x4000000; break; 265 case ARM::BI__builtin_neon_vcale_v: mask = 0x400; break; 266 case ARM::BI__builtin_neon_vcaleq_v: mask = 0x4000000; break; 267 case ARM::BI__builtin_neon_vcalt_v: mask = 0x400; break; 268 case ARM::BI__builtin_neon_vcaltq_v: mask = 0x4000000; break; 269 case ARM::BI__builtin_neon_vcls_v: mask = 0x7; break; 270 case ARM::BI__builtin_neon_vclsq_v: mask = 0x70000; break; 271 case ARM::BI__builtin_neon_vclz_v: mask = 0x707; break; 272 case ARM::BI__builtin_neon_vclzq_v: mask = 0x7070000; break; 273 case ARM::BI__builtin_neon_vcnt_v: mask = 0x121; break; 274 case ARM::BI__builtin_neon_vcntq_v: mask = 0x1210000; break; 275 case ARM::BI__builtin_neon_vcvt_f16_v: mask = 0x80; break; 276 case ARM::BI__builtin_neon_vcvt_f32_v: mask = 0x404; break; 277 case ARM::BI__builtin_neon_vcvtq_f32_v: mask = 0x4040000; break; 278 case ARM::BI__builtin_neon_vcvt_f32_f16: mask = 0x100000; break; 279 case ARM::BI__builtin_neon_vcvt_n_f32_v: mask = 0x404; break; 280 case ARM::BI__builtin_neon_vcvtq_n_f32_v: mask = 0x4040000; break; 281 case ARM::BI__builtin_neon_vcvt_n_s32_v: mask = 0x4; break; 282 case ARM::BI__builtin_neon_vcvtq_n_s32_v: mask = 0x40000; break; 283 case ARM::BI__builtin_neon_vcvt_n_u32_v: mask = 0x400; break; 284 case ARM::BI__builtin_neon_vcvtq_n_u32_v: mask = 0x4000000; break; 285 case ARM::BI__builtin_neon_vcvt_s32_v: mask = 0x4; break; 286 case ARM::BI__builtin_neon_vcvtq_s32_v: mask = 0x40000; break; 287 case ARM::BI__builtin_neon_vcvt_u32_v: mask = 0x400; break; 288 case ARM::BI__builtin_neon_vcvtq_u32_v: mask = 0x4000000; break; 289 case ARM::BI__builtin_neon_vext_v: mask = 0xF6F; break; 290 case ARM::BI__builtin_neon_vextq_v: mask = 0xF6F0000; break; 291 case ARM::BI__builtin_neon_vhadd_v: mask = 0x707; break; 292 case ARM::BI__builtin_neon_vhaddq_v: mask = 0x7070000; break; 293 case ARM::BI__builtin_neon_vhsub_v: mask = 0x707; break; 294 case ARM::BI__builtin_neon_vhsubq_v: mask = 0x7070000; break; 295 case ARM::BI__builtin_neon_vld1_v: mask = 0xFFF; break; 296 case ARM::BI__builtin_neon_vld1q_v: mask = 0xFFF0000; break; 297 case ARM::BI__builtin_neon_vld1_dup_v: mask = 0xFFF; break; 298 case ARM::BI__builtin_neon_vld1q_dup_v: mask = 0xFFF0000; break; 299 case ARM::BI__builtin_neon_vld1_lane_v: mask = 0xFFF; break; 300 case ARM::BI__builtin_neon_vld1q_lane_v: mask = 0xFFF0000; break; 301 case ARM::BI__builtin_neon_vld2_v: mask = 0xFFF; break; 302 case ARM::BI__builtin_neon_vld2q_v: mask = 0x7F70000; break; 303 case ARM::BI__builtin_neon_vld2_dup_v: mask = 0xFFF; break; 304 case ARM::BI__builtin_neon_vld2_lane_v: mask = 0x7F7; break; 305 case ARM::BI__builtin_neon_vld2q_lane_v: mask = 0x6D60000; break; 306 case ARM::BI__builtin_neon_vld3_v: mask = 0xFFF; break; 307 case ARM::BI__builtin_neon_vld3q_v: mask = 0x7F70000; break; 308 case ARM::BI__builtin_neon_vld3_dup_v: mask = 0xFFF; break; 309 case ARM::BI__builtin_neon_vld3_lane_v: mask = 0x7F7; break; 310 case ARM::BI__builtin_neon_vld3q_lane_v: mask = 0x6D60000; break; 311 case ARM::BI__builtin_neon_vld4_v: mask = 0xFFF; break; 312 case ARM::BI__builtin_neon_vld4q_v: mask = 0x7F70000; break; 313 case ARM::BI__builtin_neon_vld4_dup_v: mask = 0xFFF; break; 314 case ARM::BI__builtin_neon_vld4_lane_v: mask = 0x7F7; break; 315 case ARM::BI__builtin_neon_vld4q_lane_v: mask = 0x6D60000; break; 316 case ARM::BI__builtin_neon_vmax_v: mask = 0x717; break; 317 case ARM::BI__builtin_neon_vmaxq_v: mask = 0x7170000; break; 318 case ARM::BI__builtin_neon_vmin_v: mask = 0x717; break; 319 case ARM::BI__builtin_neon_vminq_v: mask = 0x7170000; break; 320 case ARM::BI__builtin_neon_vmlal_v: mask = 0xE0E0000; break; 321 case ARM::BI__builtin_neon_vmlal_lane_v: mask = 0xC0C0000; break; 322 case ARM::BI__builtin_neon_vmla_lane_v: mask = 0x616; break; 323 case ARM::BI__builtin_neon_vmlaq_lane_v: mask = 0x6160000; break; 324 case ARM::BI__builtin_neon_vmlsl_v: mask = 0xE0E0000; break; 325 case ARM::BI__builtin_neon_vmlsl_lane_v: mask = 0xC0C0000; break; 326 case ARM::BI__builtin_neon_vmls_lane_v: mask = 0x616; break; 327 case ARM::BI__builtin_neon_vmlsq_lane_v: mask = 0x6160000; break; 328 case ARM::BI__builtin_neon_vmovl_v: mask = 0xE0E0000; break; 329 case ARM::BI__builtin_neon_vmovn_v: mask = 0x707; break; 330 case ARM::BI__builtin_neon_vmull_v: mask = 0xE4E0000; break; 331 case ARM::BI__builtin_neon_vmull_lane_v: mask = 0xC0C0000; break; 332 case ARM::BI__builtin_neon_vpadal_v: mask = 0xE0E; break; 333 case ARM::BI__builtin_neon_vpadalq_v: mask = 0xE0E0000; break; 334 case ARM::BI__builtin_neon_vpadd_v: mask = 0x717; break; 335 case ARM::BI__builtin_neon_vpaddl_v: mask = 0xE0E; break; 336 case ARM::BI__builtin_neon_vpaddlq_v: mask = 0xE0E0000; break; 337 case ARM::BI__builtin_neon_vpmax_v: mask = 0x717; break; 338 case ARM::BI__builtin_neon_vpmin_v: mask = 0x717; break; 339 case ARM::BI__builtin_neon_vqabs_v: mask = 0x7; break; 340 case ARM::BI__builtin_neon_vqabsq_v: mask = 0x70000; break; 341 case ARM::BI__builtin_neon_vqadd_v: mask = 0xF0F; break; 342 case ARM::BI__builtin_neon_vqaddq_v: mask = 0xF0F0000; break; 343 case ARM::BI__builtin_neon_vqdmlal_v: mask = 0xC0000; break; 344 case ARM::BI__builtin_neon_vqdmlal_lane_v: mask = 0xC0000; break; 345 case ARM::BI__builtin_neon_vqdmlsl_v: mask = 0xC0000; break; 346 case ARM::BI__builtin_neon_vqdmlsl_lane_v: mask = 0xC0000; break; 347 case ARM::BI__builtin_neon_vqdmulh_v: mask = 0x6; break; 348 case ARM::BI__builtin_neon_vqdmulhq_v: mask = 0x60000; break; 349 case ARM::BI__builtin_neon_vqdmulh_lane_v: mask = 0x6; break; 350 case ARM::BI__builtin_neon_vqdmulhq_lane_v: mask = 0x60000; break; 351 case ARM::BI__builtin_neon_vqdmull_v: mask = 0xC0000; break; 352 case ARM::BI__builtin_neon_vqdmull_lane_v: mask = 0xC0000; break; 353 case ARM::BI__builtin_neon_vqmovn_v: mask = 0x707; break; 354 case ARM::BI__builtin_neon_vqmovun_v: mask = 0x700; break; 355 case ARM::BI__builtin_neon_vqneg_v: mask = 0x7; break; 356 case ARM::BI__builtin_neon_vqnegq_v: mask = 0x70000; break; 357 case ARM::BI__builtin_neon_vqrdmulh_v: mask = 0x6; break; 358 case ARM::BI__builtin_neon_vqrdmulhq_v: mask = 0x60000; break; 359 case ARM::BI__builtin_neon_vqrdmulh_lane_v: mask = 0x6; break; 360 case ARM::BI__builtin_neon_vqrdmulhq_lane_v: mask = 0x60000; break; 361 case ARM::BI__builtin_neon_vqrshl_v: mask = 0xF0F; break; 362 case ARM::BI__builtin_neon_vqrshlq_v: mask = 0xF0F0000; break; 363 case ARM::BI__builtin_neon_vqrshrn_n_v: mask = 0x707; break; 364 case ARM::BI__builtin_neon_vqrshrun_n_v: mask = 0x700; break; 365 case ARM::BI__builtin_neon_vqshl_v: mask = 0xF0F; break; 366 case ARM::BI__builtin_neon_vqshlq_v: mask = 0xF0F0000; break; 367 case ARM::BI__builtin_neon_vqshlu_n_v: mask = 0xF00; break; 368 case ARM::BI__builtin_neon_vqshluq_n_v: mask = 0xF000000; break; 369 case ARM::BI__builtin_neon_vqshl_n_v: mask = 0xF0F; break; 370 case ARM::BI__builtin_neon_vqshlq_n_v: mask = 0xF0F0000; break; 371 case ARM::BI__builtin_neon_vqshrn_n_v: mask = 0x707; break; 372 case ARM::BI__builtin_neon_vqshrun_n_v: mask = 0x700; break; 373 case ARM::BI__builtin_neon_vqsub_v: mask = 0xF0F; break; 374 case ARM::BI__builtin_neon_vqsubq_v: mask = 0xF0F0000; break; 375 case ARM::BI__builtin_neon_vraddhn_v: mask = 0x707; break; 376 case ARM::BI__builtin_neon_vrecpe_v: mask = 0x410; break; 377 case ARM::BI__builtin_neon_vrecpeq_v: mask = 0x4100000; break; 378 case ARM::BI__builtin_neon_vrecps_v: mask = 0x10; break; 379 case ARM::BI__builtin_neon_vrecpsq_v: mask = 0x100000; break; 380 case ARM::BI__builtin_neon_vrhadd_v: mask = 0x707; break; 381 case ARM::BI__builtin_neon_vrhaddq_v: mask = 0x7070000; break; 382 case ARM::BI__builtin_neon_vrshl_v: mask = 0xF0F; break; 383 case ARM::BI__builtin_neon_vrshlq_v: mask = 0xF0F0000; break; 384 case ARM::BI__builtin_neon_vrshrn_n_v: mask = 0x707; break; 385 case ARM::BI__builtin_neon_vrshr_n_v: mask = 0xF0F; break; 386 case ARM::BI__builtin_neon_vrshrq_n_v: mask = 0xF0F0000; break; 387 case ARM::BI__builtin_neon_vrsqrte_v: mask = 0x410; break; 388 case ARM::BI__builtin_neon_vrsqrteq_v: mask = 0x4100000; break; 389 case ARM::BI__builtin_neon_vrsqrts_v: mask = 0x10; break; 390 case ARM::BI__builtin_neon_vrsqrtsq_v: mask = 0x100000; break; 391 case ARM::BI__builtin_neon_vrsra_n_v: mask = 0xF0F; break; 392 case ARM::BI__builtin_neon_vrsraq_n_v: mask = 0xF0F0000; break; 393 case ARM::BI__builtin_neon_vrsubhn_v: mask = 0x707; break; 394 case ARM::BI__builtin_neon_vshl_v: mask = 0xF0F; break; 395 case ARM::BI__builtin_neon_vshlq_v: mask = 0xF0F0000; break; 396 case ARM::BI__builtin_neon_vshll_n_v: mask = 0xE0E0000; break; 397 case ARM::BI__builtin_neon_vshl_n_v: mask = 0xF0F; break; 398 case ARM::BI__builtin_neon_vshlq_n_v: mask = 0xF0F0000; break; 399 case ARM::BI__builtin_neon_vshrn_n_v: mask = 0x707; break; 400 case ARM::BI__builtin_neon_vshr_n_v: mask = 0xF0F; break; 401 case ARM::BI__builtin_neon_vshrq_n_v: mask = 0xF0F0000; break; 402 case ARM::BI__builtin_neon_vsli_n_v: mask = 0xF6F; break; 403 case ARM::BI__builtin_neon_vsliq_n_v: mask = 0xF6F0000; break; 404 case ARM::BI__builtin_neon_vsra_n_v: mask = 0xF0F; break; 405 case ARM::BI__builtin_neon_vsraq_n_v: mask = 0xF0F0000; break; 406 case ARM::BI__builtin_neon_vsri_n_v: mask = 0xF6F; break; 407 case ARM::BI__builtin_neon_vsriq_n_v: mask = 0xF6F0000; break; 408 case ARM::BI__builtin_neon_vst1_v: mask = 0x9F; break; 409 case ARM::BI__builtin_neon_vst1q_v: mask = 0x9F0000; break; 410 case ARM::BI__builtin_neon_vst1_lane_v: mask = 0x9F; break; 411 case ARM::BI__builtin_neon_vst1q_lane_v: mask = 0x9F0000; break; 412 case ARM::BI__builtin_neon_vst2_v: mask = 0x9F; break; 413 case ARM::BI__builtin_neon_vst2q_v: mask = 0x970000; break; 414 case ARM::BI__builtin_neon_vst2_lane_v: mask = 0x97; break; 415 case ARM::BI__builtin_neon_vst2q_lane_v: mask = 0x960000; break; 416 case ARM::BI__builtin_neon_vst3_v: mask = 0x9F; break; 417 case ARM::BI__builtin_neon_vst3q_v: mask = 0x970000; break; 418 case ARM::BI__builtin_neon_vst3_lane_v: mask = 0x97; break; 419 case ARM::BI__builtin_neon_vst3q_lane_v: mask = 0x960000; break; 420 case ARM::BI__builtin_neon_vst4_v: mask = 0x9F; break; 421 case ARM::BI__builtin_neon_vst4q_v: mask = 0x970000; break; 422 case ARM::BI__builtin_neon_vst4_lane_v: mask = 0x97; break; 423 case ARM::BI__builtin_neon_vst4q_lane_v: mask = 0x960000; break; 424 case ARM::BI__builtin_neon_vsubhn_v: mask = 0x707; break; 425 case ARM::BI__builtin_neon_vsubl_v: mask = 0xE0E0000; break; 426 case ARM::BI__builtin_neon_vsubw_v: mask = 0xE0E0000; break; 427 case ARM::BI__builtin_neon_vtbl1_v: mask = 0x121; break; 428 case ARM::BI__builtin_neon_vtbl2_v: mask = 0x121; break; 429 case ARM::BI__builtin_neon_vtbl3_v: mask = 0x121; break; 430 case ARM::BI__builtin_neon_vtbl4_v: mask = 0x121; break; 431 case ARM::BI__builtin_neon_vtbx1_v: mask = 0x121; break; 432 case ARM::BI__builtin_neon_vtbx2_v: mask = 0x121; break; 433 case ARM::BI__builtin_neon_vtbx3_v: mask = 0x121; break; 434 case ARM::BI__builtin_neon_vtbx4_v: mask = 0x121; break; 435 case ARM::BI__builtin_neon_vtrn_v: mask = 0x777; break; 436 case ARM::BI__builtin_neon_vtrnq_v: mask = 0x7770000; break; 437 case ARM::BI__builtin_neon_vtst_v: mask = 0x700; break; 438 case ARM::BI__builtin_neon_vtstq_v: mask = 0x7000000; break; 439 case ARM::BI__builtin_neon_vuzp_v: mask = 0x777; break; 440 case ARM::BI__builtin_neon_vuzpq_v: mask = 0x7770000; break; 441 case ARM::BI__builtin_neon_vzip_v: mask = 0x373; break; 442 case ARM::BI__builtin_neon_vzipq_v: mask = 0x7770000; break; 443 } 444 445 // For NEON intrinsics which are overloaded on vector element type, validate 446 // the immediate which specifies which variant to emit. 447 if (mask) { 448 unsigned ArgNo = TheCall->getNumArgs()-1; 449 if (SemaBuiltinConstantArg(TheCall, ArgNo, Result)) 450 return true; 451 452 unsigned Val = Result.getLimitedValue(32); 453 if ((Val > 31) || (mask & (1 << Val)) == 0) 454 return Diag(TheCall->getLocStart(), diag::err_invalid_neon_type_code) 455 << TheCall->getArg(ArgNo)->getSourceRange(); 456 } 457 458 // For NEON intrinsics which take an immediate value as part of the 459 // instruction, range check them here. 460 unsigned i = 0, upper = 0; 461 switch (BuiltinID) { 462 default: return false; 463 }; 464 465 if (SemaBuiltinConstantArg(TheCall, i, Result)) 466 return true; 467 468 unsigned Val = Result.getZExtValue(); 469 if (Val > upper) 470 return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 471 << "0" << llvm::utostr(upper) << TheCall->getArg(i)->getSourceRange(); 472 473 return false; 474} 475 476/// CheckFunctionCall - Check a direct function call for various correctness 477/// and safety properties not strictly enforced by the C type system. 478bool Sema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCall) { 479 // Get the IdentifierInfo* for the called function. 480 IdentifierInfo *FnInfo = FDecl->getIdentifier(); 481 482 // None of the checks below are needed for functions that don't have 483 // simple names (e.g., C++ conversion functions). 484 if (!FnInfo) 485 return false; 486 487 // FIXME: This mechanism should be abstracted to be less fragile and 488 // more efficient. For example, just map function ids to custom 489 // handlers. 490 491 // Printf checking. 492 if (const FormatAttr *Format = FDecl->getAttr<FormatAttr>()) { 493 if (CheckablePrintfAttr(Format, TheCall)) { 494 bool HasVAListArg = Format->getFirstArg() == 0; 495 CheckPrintfArguments(TheCall, HasVAListArg, Format->getFormatIdx() - 1, 496 HasVAListArg ? 0 : Format->getFirstArg() - 1); 497 } 498 } 499 500 for (const NonNullAttr *NonNull = FDecl->getAttr<NonNullAttr>(); NonNull; 501 NonNull = NonNull->getNext<NonNullAttr>()) 502 CheckNonNullArguments(NonNull, TheCall); 503 504 return false; 505} 506 507bool Sema::CheckBlockCall(NamedDecl *NDecl, CallExpr *TheCall) { 508 // Printf checking. 509 const FormatAttr *Format = NDecl->getAttr<FormatAttr>(); 510 if (!Format) 511 return false; 512 513 const VarDecl *V = dyn_cast<VarDecl>(NDecl); 514 if (!V) 515 return false; 516 517 QualType Ty = V->getType(); 518 if (!Ty->isBlockPointerType()) 519 return false; 520 521 if (!CheckablePrintfAttr(Format, TheCall)) 522 return false; 523 524 bool HasVAListArg = Format->getFirstArg() == 0; 525 CheckPrintfArguments(TheCall, HasVAListArg, Format->getFormatIdx() - 1, 526 HasVAListArg ? 0 : Format->getFirstArg() - 1); 527 528 return false; 529} 530 531/// SemaBuiltinAtomicOverloaded - We have a call to a function like 532/// __sync_fetch_and_add, which is an overloaded function based on the pointer 533/// type of its first argument. The main ActOnCallExpr routines have already 534/// promoted the types of arguments because all of these calls are prototyped as 535/// void(...). 536/// 537/// This function goes through and does final semantic checking for these 538/// builtins, 539bool Sema::SemaBuiltinAtomicOverloaded(CallExpr *TheCall) { 540 DeclRefExpr *DRE =cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 541 FunctionDecl *FDecl = cast<FunctionDecl>(DRE->getDecl()); 542 543 // Ensure that we have at least one argument to do type inference from. 544 if (TheCall->getNumArgs() < 1) 545 return Diag(TheCall->getLocEnd(), 546 diag::err_typecheck_call_too_few_args_at_least) 547 << 0 << 1 << TheCall->getNumArgs() 548 << TheCall->getCallee()->getSourceRange(); 549 550 // Inspect the first argument of the atomic builtin. This should always be 551 // a pointer type, whose element is an integral scalar or pointer type. 552 // Because it is a pointer type, we don't have to worry about any implicit 553 // casts here. 554 Expr *FirstArg = TheCall->getArg(0); 555 if (!FirstArg->getType()->isPointerType()) 556 return Diag(DRE->getLocStart(), diag::err_atomic_builtin_must_be_pointer) 557 << FirstArg->getType() << FirstArg->getSourceRange(); 558 559 QualType ValType = FirstArg->getType()->getAs<PointerType>()->getPointeeType(); 560 if (!ValType->isIntegerType() && !ValType->isPointerType() && 561 !ValType->isBlockPointerType()) 562 return Diag(DRE->getLocStart(), 563 diag::err_atomic_builtin_must_be_pointer_intptr) 564 << FirstArg->getType() << FirstArg->getSourceRange(); 565 566 // We need to figure out which concrete builtin this maps onto. For example, 567 // __sync_fetch_and_add with a 2 byte object turns into 568 // __sync_fetch_and_add_2. 569#define BUILTIN_ROW(x) \ 570 { Builtin::BI##x##_1, Builtin::BI##x##_2, Builtin::BI##x##_4, \ 571 Builtin::BI##x##_8, Builtin::BI##x##_16 } 572 573 static const unsigned BuiltinIndices[][5] = { 574 BUILTIN_ROW(__sync_fetch_and_add), 575 BUILTIN_ROW(__sync_fetch_and_sub), 576 BUILTIN_ROW(__sync_fetch_and_or), 577 BUILTIN_ROW(__sync_fetch_and_and), 578 BUILTIN_ROW(__sync_fetch_and_xor), 579 580 BUILTIN_ROW(__sync_add_and_fetch), 581 BUILTIN_ROW(__sync_sub_and_fetch), 582 BUILTIN_ROW(__sync_and_and_fetch), 583 BUILTIN_ROW(__sync_or_and_fetch), 584 BUILTIN_ROW(__sync_xor_and_fetch), 585 586 BUILTIN_ROW(__sync_val_compare_and_swap), 587 BUILTIN_ROW(__sync_bool_compare_and_swap), 588 BUILTIN_ROW(__sync_lock_test_and_set), 589 BUILTIN_ROW(__sync_lock_release) 590 }; 591#undef BUILTIN_ROW 592 593 // Determine the index of the size. 594 unsigned SizeIndex; 595 switch (Context.getTypeSizeInChars(ValType).getQuantity()) { 596 case 1: SizeIndex = 0; break; 597 case 2: SizeIndex = 1; break; 598 case 4: SizeIndex = 2; break; 599 case 8: SizeIndex = 3; break; 600 case 16: SizeIndex = 4; break; 601 default: 602 return Diag(DRE->getLocStart(), diag::err_atomic_builtin_pointer_size) 603 << FirstArg->getType() << FirstArg->getSourceRange(); 604 } 605 606 // Each of these builtins has one pointer argument, followed by some number of 607 // values (0, 1 or 2) followed by a potentially empty varags list of stuff 608 // that we ignore. Find out which row of BuiltinIndices to read from as well 609 // as the number of fixed args. 610 unsigned BuiltinID = FDecl->getBuiltinID(); 611 unsigned BuiltinIndex, NumFixed = 1; 612 switch (BuiltinID) { 613 default: assert(0 && "Unknown overloaded atomic builtin!"); 614 case Builtin::BI__sync_fetch_and_add: BuiltinIndex = 0; break; 615 case Builtin::BI__sync_fetch_and_sub: BuiltinIndex = 1; break; 616 case Builtin::BI__sync_fetch_and_or: BuiltinIndex = 2; break; 617 case Builtin::BI__sync_fetch_and_and: BuiltinIndex = 3; break; 618 case Builtin::BI__sync_fetch_and_xor: BuiltinIndex = 4; break; 619 620 case Builtin::BI__sync_add_and_fetch: BuiltinIndex = 5; break; 621 case Builtin::BI__sync_sub_and_fetch: BuiltinIndex = 6; break; 622 case Builtin::BI__sync_and_and_fetch: BuiltinIndex = 7; break; 623 case Builtin::BI__sync_or_and_fetch: BuiltinIndex = 8; break; 624 case Builtin::BI__sync_xor_and_fetch: BuiltinIndex = 9; break; 625 626 case Builtin::BI__sync_val_compare_and_swap: 627 BuiltinIndex = 10; 628 NumFixed = 2; 629 break; 630 case Builtin::BI__sync_bool_compare_and_swap: 631 BuiltinIndex = 11; 632 NumFixed = 2; 633 break; 634 case Builtin::BI__sync_lock_test_and_set: BuiltinIndex = 12; break; 635 case Builtin::BI__sync_lock_release: 636 BuiltinIndex = 13; 637 NumFixed = 0; 638 break; 639 } 640 641 // Now that we know how many fixed arguments we expect, first check that we 642 // have at least that many. 643 if (TheCall->getNumArgs() < 1+NumFixed) 644 return Diag(TheCall->getLocEnd(), 645 diag::err_typecheck_call_too_few_args_at_least) 646 << 0 << 1+NumFixed << TheCall->getNumArgs() 647 << TheCall->getCallee()->getSourceRange(); 648 649 650 // Get the decl for the concrete builtin from this, we can tell what the 651 // concrete integer type we should convert to is. 652 unsigned NewBuiltinID = BuiltinIndices[BuiltinIndex][SizeIndex]; 653 const char *NewBuiltinName = Context.BuiltinInfo.GetName(NewBuiltinID); 654 IdentifierInfo *NewBuiltinII = PP.getIdentifierInfo(NewBuiltinName); 655 FunctionDecl *NewBuiltinDecl = 656 cast<FunctionDecl>(LazilyCreateBuiltin(NewBuiltinII, NewBuiltinID, 657 TUScope, false, DRE->getLocStart())); 658 const FunctionProtoType *BuiltinFT = 659 NewBuiltinDecl->getType()->getAs<FunctionProtoType>(); 660 ValType = BuiltinFT->getArgType(0)->getAs<PointerType>()->getPointeeType(); 661 662 // If the first type needs to be converted (e.g. void** -> int*), do it now. 663 if (BuiltinFT->getArgType(0) != FirstArg->getType()) { 664 ImpCastExprToType(FirstArg, BuiltinFT->getArgType(0), CastExpr::CK_BitCast); 665 TheCall->setArg(0, FirstArg); 666 } 667 668 // Next, walk the valid ones promoting to the right type. 669 for (unsigned i = 0; i != NumFixed; ++i) { 670 Expr *Arg = TheCall->getArg(i+1); 671 672 // If the argument is an implicit cast, then there was a promotion due to 673 // "...", just remove it now. 674 if (ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(Arg)) { 675 Arg = ICE->getSubExpr(); 676 ICE->setSubExpr(0); 677 ICE->Destroy(Context); 678 TheCall->setArg(i+1, Arg); 679 } 680 681 // GCC does an implicit conversion to the pointer or integer ValType. This 682 // can fail in some cases (1i -> int**), check for this error case now. 683 CastExpr::CastKind Kind = CastExpr::CK_Unknown; 684 CXXBaseSpecifierArray BasePath; 685 if (CheckCastTypes(Arg->getSourceRange(), ValType, Arg, Kind, BasePath)) 686 return true; 687 688 // Okay, we have something that *can* be converted to the right type. Check 689 // to see if there is a potentially weird extension going on here. This can 690 // happen when you do an atomic operation on something like an char* and 691 // pass in 42. The 42 gets converted to char. This is even more strange 692 // for things like 45.123 -> char, etc. 693 // FIXME: Do this check. 694 ImpCastExprToType(Arg, ValType, Kind); 695 TheCall->setArg(i+1, Arg); 696 } 697 698 // Switch the DeclRefExpr to refer to the new decl. 699 DRE->setDecl(NewBuiltinDecl); 700 DRE->setType(NewBuiltinDecl->getType()); 701 702 // Set the callee in the CallExpr. 703 // FIXME: This leaks the original parens and implicit casts. 704 Expr *PromotedCall = DRE; 705 UsualUnaryConversions(PromotedCall); 706 TheCall->setCallee(PromotedCall); 707 708 709 // Change the result type of the call to match the result type of the decl. 710 TheCall->setType(NewBuiltinDecl->getResultType()); 711 return false; 712} 713 714 715/// CheckObjCString - Checks that the argument to the builtin 716/// CFString constructor is correct 717/// FIXME: GCC currently emits the following warning: 718/// "warning: input conversion stopped due to an input byte that does not 719/// belong to the input codeset UTF-8" 720/// Note: It might also make sense to do the UTF-16 conversion here (would 721/// simplify the backend). 722bool Sema::CheckObjCString(Expr *Arg) { 723 Arg = Arg->IgnoreParenCasts(); 724 StringLiteral *Literal = dyn_cast<StringLiteral>(Arg); 725 726 if (!Literal || Literal->isWide()) { 727 Diag(Arg->getLocStart(), diag::err_cfstring_literal_not_string_constant) 728 << Arg->getSourceRange(); 729 return true; 730 } 731 732 const char *Data = Literal->getStrData(); 733 unsigned Length = Literal->getByteLength(); 734 735 for (unsigned i = 0; i < Length; ++i) { 736 if (!Data[i]) { 737 Diag(getLocationOfStringLiteralByte(Literal, i), 738 diag::warn_cfstring_literal_contains_nul_character) 739 << Arg->getSourceRange(); 740 break; 741 } 742 } 743 744 return false; 745} 746 747/// SemaBuiltinVAStart - Check the arguments to __builtin_va_start for validity. 748/// Emit an error and return true on failure, return false on success. 749bool Sema::SemaBuiltinVAStart(CallExpr *TheCall) { 750 Expr *Fn = TheCall->getCallee(); 751 if (TheCall->getNumArgs() > 2) { 752 Diag(TheCall->getArg(2)->getLocStart(), 753 diag::err_typecheck_call_too_many_args) 754 << 0 /*function call*/ << 2 << TheCall->getNumArgs() 755 << Fn->getSourceRange() 756 << SourceRange(TheCall->getArg(2)->getLocStart(), 757 (*(TheCall->arg_end()-1))->getLocEnd()); 758 return true; 759 } 760 761 if (TheCall->getNumArgs() < 2) { 762 return Diag(TheCall->getLocEnd(), 763 diag::err_typecheck_call_too_few_args_at_least) 764 << 0 /*function call*/ << 2 << TheCall->getNumArgs(); 765 } 766 767 // Determine whether the current function is variadic or not. 768 BlockScopeInfo *CurBlock = getCurBlock(); 769 bool isVariadic; 770 if (CurBlock) 771 isVariadic = CurBlock->TheDecl->isVariadic(); 772 else if (FunctionDecl *FD = getCurFunctionDecl()) 773 isVariadic = FD->isVariadic(); 774 else 775 isVariadic = getCurMethodDecl()->isVariadic(); 776 777 if (!isVariadic) { 778 Diag(Fn->getLocStart(), diag::err_va_start_used_in_non_variadic_function); 779 return true; 780 } 781 782 // Verify that the second argument to the builtin is the last argument of the 783 // current function or method. 784 bool SecondArgIsLastNamedArgument = false; 785 const Expr *Arg = TheCall->getArg(1)->IgnoreParenCasts(); 786 787 if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Arg)) { 788 if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(DR->getDecl())) { 789 // FIXME: This isn't correct for methods (results in bogus warning). 790 // Get the last formal in the current function. 791 const ParmVarDecl *LastArg; 792 if (CurBlock) 793 LastArg = *(CurBlock->TheDecl->param_end()-1); 794 else if (FunctionDecl *FD = getCurFunctionDecl()) 795 LastArg = *(FD->param_end()-1); 796 else 797 LastArg = *(getCurMethodDecl()->param_end()-1); 798 SecondArgIsLastNamedArgument = PV == LastArg; 799 } 800 } 801 802 if (!SecondArgIsLastNamedArgument) 803 Diag(TheCall->getArg(1)->getLocStart(), 804 diag::warn_second_parameter_of_va_start_not_last_named_argument); 805 return false; 806} 807 808/// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isgreater and 809/// friends. This is declared to take (...), so we have to check everything. 810bool Sema::SemaBuiltinUnorderedCompare(CallExpr *TheCall) { 811 if (TheCall->getNumArgs() < 2) 812 return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args) 813 << 0 << 2 << TheCall->getNumArgs()/*function call*/; 814 if (TheCall->getNumArgs() > 2) 815 return Diag(TheCall->getArg(2)->getLocStart(), 816 diag::err_typecheck_call_too_many_args) 817 << 0 /*function call*/ << 2 << TheCall->getNumArgs() 818 << SourceRange(TheCall->getArg(2)->getLocStart(), 819 (*(TheCall->arg_end()-1))->getLocEnd()); 820 821 Expr *OrigArg0 = TheCall->getArg(0); 822 Expr *OrigArg1 = TheCall->getArg(1); 823 824 // Do standard promotions between the two arguments, returning their common 825 // type. 826 QualType Res = UsualArithmeticConversions(OrigArg0, OrigArg1, false); 827 828 // Make sure any conversions are pushed back into the call; this is 829 // type safe since unordered compare builtins are declared as "_Bool 830 // foo(...)". 831 TheCall->setArg(0, OrigArg0); 832 TheCall->setArg(1, OrigArg1); 833 834 if (OrigArg0->isTypeDependent() || OrigArg1->isTypeDependent()) 835 return false; 836 837 // If the common type isn't a real floating type, then the arguments were 838 // invalid for this operation. 839 if (!Res->isRealFloatingType()) 840 return Diag(OrigArg0->getLocStart(), 841 diag::err_typecheck_call_invalid_ordered_compare) 842 << OrigArg0->getType() << OrigArg1->getType() 843 << SourceRange(OrigArg0->getLocStart(), OrigArg1->getLocEnd()); 844 845 return false; 846} 847 848/// SemaBuiltinSemaBuiltinFPClassification - Handle functions like 849/// __builtin_isnan and friends. This is declared to take (...), so we have 850/// to check everything. We expect the last argument to be a floating point 851/// value. 852bool Sema::SemaBuiltinFPClassification(CallExpr *TheCall, unsigned NumArgs) { 853 if (TheCall->getNumArgs() < NumArgs) 854 return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args) 855 << 0 << NumArgs << TheCall->getNumArgs()/*function call*/; 856 if (TheCall->getNumArgs() > NumArgs) 857 return Diag(TheCall->getArg(NumArgs)->getLocStart(), 858 diag::err_typecheck_call_too_many_args) 859 << 0 /*function call*/ << NumArgs << TheCall->getNumArgs() 860 << SourceRange(TheCall->getArg(NumArgs)->getLocStart(), 861 (*(TheCall->arg_end()-1))->getLocEnd()); 862 863 Expr *OrigArg = TheCall->getArg(NumArgs-1); 864 865 if (OrigArg->isTypeDependent()) 866 return false; 867 868 // This operation requires a non-_Complex floating-point number. 869 if (!OrigArg->getType()->isRealFloatingType()) 870 return Diag(OrigArg->getLocStart(), 871 diag::err_typecheck_call_invalid_unary_fp) 872 << OrigArg->getType() << OrigArg->getSourceRange(); 873 874 // If this is an implicit conversion from float -> double, remove it. 875 if (ImplicitCastExpr *Cast = dyn_cast<ImplicitCastExpr>(OrigArg)) { 876 Expr *CastArg = Cast->getSubExpr(); 877 if (CastArg->getType()->isSpecificBuiltinType(BuiltinType::Float)) { 878 assert(Cast->getType()->isSpecificBuiltinType(BuiltinType::Double) && 879 "promotion from float to double is the only expected cast here"); 880 Cast->setSubExpr(0); 881 Cast->Destroy(Context); 882 TheCall->setArg(NumArgs-1, CastArg); 883 OrigArg = CastArg; 884 } 885 } 886 887 return false; 888} 889 890/// SemaBuiltinShuffleVector - Handle __builtin_shufflevector. 891// This is declared to take (...), so we have to check everything. 892Action::OwningExprResult Sema::SemaBuiltinShuffleVector(CallExpr *TheCall) { 893 if (TheCall->getNumArgs() < 2) 894 return ExprError(Diag(TheCall->getLocEnd(), 895 diag::err_typecheck_call_too_few_args_at_least) 896 << 0 /*function call*/ << 2 << TheCall->getNumArgs() 897 << TheCall->getSourceRange()); 898 899 // Determine which of the following types of shufflevector we're checking: 900 // 1) unary, vector mask: (lhs, mask) 901 // 2) binary, vector mask: (lhs, rhs, mask) 902 // 3) binary, scalar mask: (lhs, rhs, index, ..., index) 903 QualType resType = TheCall->getArg(0)->getType(); 904 unsigned numElements = 0; 905 906 if (!TheCall->getArg(0)->isTypeDependent() && 907 !TheCall->getArg(1)->isTypeDependent()) { 908 QualType LHSType = TheCall->getArg(0)->getType(); 909 QualType RHSType = TheCall->getArg(1)->getType(); 910 911 if (!LHSType->isVectorType() || !RHSType->isVectorType()) { 912 Diag(TheCall->getLocStart(), diag::err_shufflevector_non_vector) 913 << SourceRange(TheCall->getArg(0)->getLocStart(), 914 TheCall->getArg(1)->getLocEnd()); 915 return ExprError(); 916 } 917 918 numElements = LHSType->getAs<VectorType>()->getNumElements(); 919 unsigned numResElements = TheCall->getNumArgs() - 2; 920 921 // Check to see if we have a call with 2 vector arguments, the unary shuffle 922 // with mask. If so, verify that RHS is an integer vector type with the 923 // same number of elts as lhs. 924 if (TheCall->getNumArgs() == 2) { 925 if (!RHSType->isIntegerType() || 926 RHSType->getAs<VectorType>()->getNumElements() != numElements) 927 Diag(TheCall->getLocStart(), diag::err_shufflevector_incompatible_vector) 928 << SourceRange(TheCall->getArg(1)->getLocStart(), 929 TheCall->getArg(1)->getLocEnd()); 930 numResElements = numElements; 931 } 932 else if (!Context.hasSameUnqualifiedType(LHSType, RHSType)) { 933 Diag(TheCall->getLocStart(), diag::err_shufflevector_incompatible_vector) 934 << SourceRange(TheCall->getArg(0)->getLocStart(), 935 TheCall->getArg(1)->getLocEnd()); 936 return ExprError(); 937 } else if (numElements != numResElements) { 938 QualType eltType = LHSType->getAs<VectorType>()->getElementType(); 939 resType = Context.getVectorType(eltType, numResElements, false, false); 940 } 941 } 942 943 for (unsigned i = 2; i < TheCall->getNumArgs(); i++) { 944 if (TheCall->getArg(i)->isTypeDependent() || 945 TheCall->getArg(i)->isValueDependent()) 946 continue; 947 948 llvm::APSInt Result(32); 949 if (!TheCall->getArg(i)->isIntegerConstantExpr(Result, Context)) 950 return ExprError(Diag(TheCall->getLocStart(), 951 diag::err_shufflevector_nonconstant_argument) 952 << TheCall->getArg(i)->getSourceRange()); 953 954 if (Result.getActiveBits() > 64 || Result.getZExtValue() >= numElements*2) 955 return ExprError(Diag(TheCall->getLocStart(), 956 diag::err_shufflevector_argument_too_large) 957 << TheCall->getArg(i)->getSourceRange()); 958 } 959 960 llvm::SmallVector<Expr*, 32> exprs; 961 962 for (unsigned i = 0, e = TheCall->getNumArgs(); i != e; i++) { 963 exprs.push_back(TheCall->getArg(i)); 964 TheCall->setArg(i, 0); 965 } 966 967 return Owned(new (Context) ShuffleVectorExpr(Context, exprs.begin(), 968 exprs.size(), resType, 969 TheCall->getCallee()->getLocStart(), 970 TheCall->getRParenLoc())); 971} 972 973/// SemaBuiltinPrefetch - Handle __builtin_prefetch. 974// This is declared to take (const void*, ...) and can take two 975// optional constant int args. 976bool Sema::SemaBuiltinPrefetch(CallExpr *TheCall) { 977 unsigned NumArgs = TheCall->getNumArgs(); 978 979 if (NumArgs > 3) 980 return Diag(TheCall->getLocEnd(), 981 diag::err_typecheck_call_too_many_args_at_most) 982 << 0 /*function call*/ << 3 << NumArgs 983 << TheCall->getSourceRange(); 984 985 // Argument 0 is checked for us and the remaining arguments must be 986 // constant integers. 987 for (unsigned i = 1; i != NumArgs; ++i) { 988 Expr *Arg = TheCall->getArg(i); 989 990 llvm::APSInt Result; 991 if (SemaBuiltinConstantArg(TheCall, i, Result)) 992 return true; 993 994 // FIXME: gcc issues a warning and rewrites these to 0. These 995 // seems especially odd for the third argument since the default 996 // is 3. 997 if (i == 1) { 998 if (Result.getLimitedValue() > 1) 999 return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 1000 << "0" << "1" << Arg->getSourceRange(); 1001 } else { 1002 if (Result.getLimitedValue() > 3) 1003 return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 1004 << "0" << "3" << Arg->getSourceRange(); 1005 } 1006 } 1007 1008 return false; 1009} 1010 1011/// SemaBuiltinConstantArg - Handle a check if argument ArgNum of CallExpr 1012/// TheCall is a constant expression. 1013bool Sema::SemaBuiltinConstantArg(CallExpr *TheCall, int ArgNum, 1014 llvm::APSInt &Result) { 1015 Expr *Arg = TheCall->getArg(ArgNum); 1016 DeclRefExpr *DRE =cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 1017 FunctionDecl *FDecl = cast<FunctionDecl>(DRE->getDecl()); 1018 1019 if (Arg->isTypeDependent() || Arg->isValueDependent()) return false; 1020 1021 if (!Arg->isIntegerConstantExpr(Result, Context)) 1022 return Diag(TheCall->getLocStart(), diag::err_constant_integer_arg_type) 1023 << FDecl->getDeclName() << Arg->getSourceRange(); 1024 1025 return false; 1026} 1027 1028/// SemaBuiltinObjectSize - Handle __builtin_object_size(void *ptr, 1029/// int type). This simply type checks that type is one of the defined 1030/// constants (0-3). 1031// For compatability check 0-3, llvm only handles 0 and 2. 1032bool Sema::SemaBuiltinObjectSize(CallExpr *TheCall) { 1033 llvm::APSInt Result; 1034 1035 // Check constant-ness first. 1036 if (SemaBuiltinConstantArg(TheCall, 1, Result)) 1037 return true; 1038 1039 Expr *Arg = TheCall->getArg(1); 1040 if (Result.getSExtValue() < 0 || Result.getSExtValue() > 3) { 1041 return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 1042 << "0" << "3" << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 1043 } 1044 1045 return false; 1046} 1047 1048/// SemaBuiltinLongjmp - Handle __builtin_longjmp(void *env[5], int val). 1049/// This checks that val is a constant 1. 1050bool Sema::SemaBuiltinLongjmp(CallExpr *TheCall) { 1051 Expr *Arg = TheCall->getArg(1); 1052 llvm::APSInt Result; 1053 1054 // TODO: This is less than ideal. Overload this to take a value. 1055 if (SemaBuiltinConstantArg(TheCall, 1, Result)) 1056 return true; 1057 1058 if (Result != 1) 1059 return Diag(TheCall->getLocStart(), diag::err_builtin_longjmp_invalid_val) 1060 << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 1061 1062 return false; 1063} 1064 1065// Handle i > 1 ? "x" : "y", recursivelly 1066bool Sema::SemaCheckStringLiteral(const Expr *E, const CallExpr *TheCall, 1067 bool HasVAListArg, 1068 unsigned format_idx, unsigned firstDataArg) { 1069 if (E->isTypeDependent() || E->isValueDependent()) 1070 return false; 1071 1072 switch (E->getStmtClass()) { 1073 case Stmt::ConditionalOperatorClass: { 1074 const ConditionalOperator *C = cast<ConditionalOperator>(E); 1075 return SemaCheckStringLiteral(C->getTrueExpr(), TheCall, 1076 HasVAListArg, format_idx, firstDataArg) 1077 && SemaCheckStringLiteral(C->getRHS(), TheCall, 1078 HasVAListArg, format_idx, firstDataArg); 1079 } 1080 1081 case Stmt::ImplicitCastExprClass: { 1082 const ImplicitCastExpr *Expr = cast<ImplicitCastExpr>(E); 1083 return SemaCheckStringLiteral(Expr->getSubExpr(), TheCall, HasVAListArg, 1084 format_idx, firstDataArg); 1085 } 1086 1087 case Stmt::ParenExprClass: { 1088 const ParenExpr *Expr = cast<ParenExpr>(E); 1089 return SemaCheckStringLiteral(Expr->getSubExpr(), TheCall, HasVAListArg, 1090 format_idx, firstDataArg); 1091 } 1092 1093 case Stmt::DeclRefExprClass: { 1094 const DeclRefExpr *DR = cast<DeclRefExpr>(E); 1095 1096 // As an exception, do not flag errors for variables binding to 1097 // const string literals. 1098 if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) { 1099 bool isConstant = false; 1100 QualType T = DR->getType(); 1101 1102 if (const ArrayType *AT = Context.getAsArrayType(T)) { 1103 isConstant = AT->getElementType().isConstant(Context); 1104 } else if (const PointerType *PT = T->getAs<PointerType>()) { 1105 isConstant = T.isConstant(Context) && 1106 PT->getPointeeType().isConstant(Context); 1107 } 1108 1109 if (isConstant) { 1110 if (const Expr *Init = VD->getAnyInitializer()) 1111 return SemaCheckStringLiteral(Init, TheCall, 1112 HasVAListArg, format_idx, firstDataArg); 1113 } 1114 1115 // For vprintf* functions (i.e., HasVAListArg==true), we add a 1116 // special check to see if the format string is a function parameter 1117 // of the function calling the printf function. If the function 1118 // has an attribute indicating it is a printf-like function, then we 1119 // should suppress warnings concerning non-literals being used in a call 1120 // to a vprintf function. For example: 1121 // 1122 // void 1123 // logmessage(char const *fmt __attribute__ (format (printf, 1, 2)), ...){ 1124 // va_list ap; 1125 // va_start(ap, fmt); 1126 // vprintf(fmt, ap); // Do NOT emit a warning about "fmt". 1127 // ... 1128 // 1129 // 1130 // FIXME: We don't have full attribute support yet, so just check to see 1131 // if the argument is a DeclRefExpr that references a parameter. We'll 1132 // add proper support for checking the attribute later. 1133 if (HasVAListArg) 1134 if (isa<ParmVarDecl>(VD)) 1135 return true; 1136 } 1137 1138 return false; 1139 } 1140 1141 case Stmt::CallExprClass: { 1142 const CallExpr *CE = cast<CallExpr>(E); 1143 if (const ImplicitCastExpr *ICE 1144 = dyn_cast<ImplicitCastExpr>(CE->getCallee())) { 1145 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(ICE->getSubExpr())) { 1146 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(DRE->getDecl())) { 1147 if (const FormatArgAttr *FA = FD->getAttr<FormatArgAttr>()) { 1148 unsigned ArgIndex = FA->getFormatIdx(); 1149 const Expr *Arg = CE->getArg(ArgIndex - 1); 1150 1151 return SemaCheckStringLiteral(Arg, TheCall, HasVAListArg, 1152 format_idx, firstDataArg); 1153 } 1154 } 1155 } 1156 } 1157 1158 return false; 1159 } 1160 case Stmt::ObjCStringLiteralClass: 1161 case Stmt::StringLiteralClass: { 1162 const StringLiteral *StrE = NULL; 1163 1164 if (const ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(E)) 1165 StrE = ObjCFExpr->getString(); 1166 else 1167 StrE = cast<StringLiteral>(E); 1168 1169 if (StrE) { 1170 CheckPrintfString(StrE, E, TheCall, HasVAListArg, format_idx, 1171 firstDataArg); 1172 return true; 1173 } 1174 1175 return false; 1176 } 1177 1178 default: 1179 return false; 1180 } 1181} 1182 1183void 1184Sema::CheckNonNullArguments(const NonNullAttr *NonNull, 1185 const CallExpr *TheCall) { 1186 for (NonNullAttr::iterator i = NonNull->begin(), e = NonNull->end(); 1187 i != e; ++i) { 1188 const Expr *ArgExpr = TheCall->getArg(*i); 1189 if (ArgExpr->isNullPointerConstant(Context, 1190 Expr::NPC_ValueDependentIsNotNull)) 1191 Diag(TheCall->getCallee()->getLocStart(), diag::warn_null_arg) 1192 << ArgExpr->getSourceRange(); 1193 } 1194} 1195 1196/// CheckPrintfArguments - Check calls to printf (and similar functions) for 1197/// correct use of format strings. 1198/// 1199/// HasVAListArg - A predicate indicating whether the printf-like 1200/// function is passed an explicit va_arg argument (e.g., vprintf) 1201/// 1202/// format_idx - The index into Args for the format string. 1203/// 1204/// Improper format strings to functions in the printf family can be 1205/// the source of bizarre bugs and very serious security holes. A 1206/// good source of information is available in the following paper 1207/// (which includes additional references): 1208/// 1209/// FormatGuard: Automatic Protection From printf Format String 1210/// Vulnerabilities, Proceedings of the 10th USENIX Security Symposium, 2001. 1211/// 1212/// TODO: 1213/// Functionality implemented: 1214/// 1215/// We can statically check the following properties for string 1216/// literal format strings for non v.*printf functions (where the 1217/// arguments are passed directly): 1218// 1219/// (1) Are the number of format conversions equal to the number of 1220/// data arguments? 1221/// 1222/// (2) Does each format conversion correctly match the type of the 1223/// corresponding data argument? 1224/// 1225/// Moreover, for all printf functions we can: 1226/// 1227/// (3) Check for a missing format string (when not caught by type checking). 1228/// 1229/// (4) Check for no-operation flags; e.g. using "#" with format 1230/// conversion 'c' (TODO) 1231/// 1232/// (5) Check the use of '%n', a major source of security holes. 1233/// 1234/// (6) Check for malformed format conversions that don't specify anything. 1235/// 1236/// (7) Check for empty format strings. e.g: printf(""); 1237/// 1238/// (8) Check that the format string is a wide literal. 1239/// 1240/// All of these checks can be done by parsing the format string. 1241/// 1242void 1243Sema::CheckPrintfArguments(const CallExpr *TheCall, bool HasVAListArg, 1244 unsigned format_idx, unsigned firstDataArg) { 1245 const Expr *Fn = TheCall->getCallee(); 1246 1247 // The way the format attribute works in GCC, the implicit this argument 1248 // of member functions is counted. However, it doesn't appear in our own 1249 // lists, so decrement format_idx in that case. 1250 if (isa<CXXMemberCallExpr>(TheCall)) { 1251 // Catch a format attribute mistakenly referring to the object argument. 1252 if (format_idx == 0) 1253 return; 1254 --format_idx; 1255 if(firstDataArg != 0) 1256 --firstDataArg; 1257 } 1258 1259 // CHECK: printf-like function is called with no format string. 1260 if (format_idx >= TheCall->getNumArgs()) { 1261 Diag(TheCall->getRParenLoc(), diag::warn_printf_missing_format_string) 1262 << Fn->getSourceRange(); 1263 return; 1264 } 1265 1266 const Expr *OrigFormatExpr = TheCall->getArg(format_idx)->IgnoreParenCasts(); 1267 1268 // CHECK: format string is not a string literal. 1269 // 1270 // Dynamically generated format strings are difficult to 1271 // automatically vet at compile time. Requiring that format strings 1272 // are string literals: (1) permits the checking of format strings by 1273 // the compiler and thereby (2) can practically remove the source of 1274 // many format string exploits. 1275 1276 // Format string can be either ObjC string (e.g. @"%d") or 1277 // C string (e.g. "%d") 1278 // ObjC string uses the same format specifiers as C string, so we can use 1279 // the same format string checking logic for both ObjC and C strings. 1280 if (SemaCheckStringLiteral(OrigFormatExpr, TheCall, HasVAListArg, format_idx, 1281 firstDataArg)) 1282 return; // Literal format string found, check done! 1283 1284 // If there are no arguments specified, warn with -Wformat-security, otherwise 1285 // warn only with -Wformat-nonliteral. 1286 if (TheCall->getNumArgs() == format_idx+1) 1287 Diag(TheCall->getArg(format_idx)->getLocStart(), 1288 diag::warn_printf_nonliteral_noargs) 1289 << OrigFormatExpr->getSourceRange(); 1290 else 1291 Diag(TheCall->getArg(format_idx)->getLocStart(), 1292 diag::warn_printf_nonliteral) 1293 << OrigFormatExpr->getSourceRange(); 1294} 1295 1296namespace { 1297class CheckPrintfHandler : public analyze_printf::FormatStringHandler { 1298 Sema &S; 1299 const StringLiteral *FExpr; 1300 const Expr *OrigFormatExpr; 1301 const unsigned FirstDataArg; 1302 const unsigned NumDataArgs; 1303 const bool IsObjCLiteral; 1304 const char *Beg; // Start of format string. 1305 const bool HasVAListArg; 1306 const CallExpr *TheCall; 1307 unsigned FormatIdx; 1308 llvm::BitVector CoveredArgs; 1309 bool usesPositionalArgs; 1310 bool atFirstArg; 1311public: 1312 CheckPrintfHandler(Sema &s, const StringLiteral *fexpr, 1313 const Expr *origFormatExpr, unsigned firstDataArg, 1314 unsigned numDataArgs, bool isObjCLiteral, 1315 const char *beg, bool hasVAListArg, 1316 const CallExpr *theCall, unsigned formatIdx) 1317 : S(s), FExpr(fexpr), OrigFormatExpr(origFormatExpr), 1318 FirstDataArg(firstDataArg), 1319 NumDataArgs(numDataArgs), 1320 IsObjCLiteral(isObjCLiteral), Beg(beg), 1321 HasVAListArg(hasVAListArg), 1322 TheCall(theCall), FormatIdx(formatIdx), 1323 usesPositionalArgs(false), atFirstArg(true) { 1324 CoveredArgs.resize(numDataArgs); 1325 CoveredArgs.reset(); 1326 } 1327 1328 void DoneProcessing(); 1329 1330 void HandleIncompleteFormatSpecifier(const char *startSpecifier, 1331 unsigned specifierLen); 1332 1333 bool 1334 HandleInvalidConversionSpecifier(const analyze_printf::FormatSpecifier &FS, 1335 const char *startSpecifier, 1336 unsigned specifierLen); 1337 1338 virtual void HandleInvalidPosition(const char *startSpecifier, 1339 unsigned specifierLen, 1340 analyze_printf::PositionContext p); 1341 1342 virtual void HandleZeroPosition(const char *startPos, unsigned posLen); 1343 1344 void HandleNullChar(const char *nullCharacter); 1345 1346 bool HandleFormatSpecifier(const analyze_printf::FormatSpecifier &FS, 1347 const char *startSpecifier, 1348 unsigned specifierLen); 1349private: 1350 SourceRange getFormatStringRange(); 1351 SourceRange getFormatSpecifierRange(const char *startSpecifier, 1352 unsigned specifierLen); 1353 SourceLocation getLocationOfByte(const char *x); 1354 1355 bool HandleAmount(const analyze_printf::OptionalAmount &Amt, unsigned k, 1356 const char *startSpecifier, unsigned specifierLen); 1357 void HandleFlags(const analyze_printf::FormatSpecifier &FS, 1358 llvm::StringRef flag, llvm::StringRef cspec, 1359 const char *startSpecifier, unsigned specifierLen); 1360 1361 const Expr *getDataArg(unsigned i) const; 1362}; 1363} 1364 1365SourceRange CheckPrintfHandler::getFormatStringRange() { 1366 return OrigFormatExpr->getSourceRange(); 1367} 1368 1369SourceRange CheckPrintfHandler:: 1370getFormatSpecifierRange(const char *startSpecifier, unsigned specifierLen) { 1371 return SourceRange(getLocationOfByte(startSpecifier), 1372 getLocationOfByte(startSpecifier+specifierLen-1)); 1373} 1374 1375SourceLocation CheckPrintfHandler::getLocationOfByte(const char *x) { 1376 return S.getLocationOfStringLiteralByte(FExpr, x - Beg); 1377} 1378 1379void CheckPrintfHandler:: 1380HandleIncompleteFormatSpecifier(const char *startSpecifier, 1381 unsigned specifierLen) { 1382 SourceLocation Loc = getLocationOfByte(startSpecifier); 1383 S.Diag(Loc, diag::warn_printf_incomplete_specifier) 1384 << getFormatSpecifierRange(startSpecifier, specifierLen); 1385} 1386 1387void 1388CheckPrintfHandler::HandleInvalidPosition(const char *startPos, unsigned posLen, 1389 analyze_printf::PositionContext p) { 1390 SourceLocation Loc = getLocationOfByte(startPos); 1391 S.Diag(Loc, diag::warn_printf_invalid_positional_specifier) 1392 << (unsigned) p << getFormatSpecifierRange(startPos, posLen); 1393} 1394 1395void CheckPrintfHandler::HandleZeroPosition(const char *startPos, 1396 unsigned posLen) { 1397 SourceLocation Loc = getLocationOfByte(startPos); 1398 S.Diag(Loc, diag::warn_printf_zero_positional_specifier) 1399 << getFormatSpecifierRange(startPos, posLen); 1400} 1401 1402bool CheckPrintfHandler:: 1403HandleInvalidConversionSpecifier(const analyze_printf::FormatSpecifier &FS, 1404 const char *startSpecifier, 1405 unsigned specifierLen) { 1406 1407 unsigned argIndex = FS.getArgIndex(); 1408 bool keepGoing = true; 1409 if (argIndex < NumDataArgs) { 1410 // Consider the argument coverered, even though the specifier doesn't 1411 // make sense. 1412 CoveredArgs.set(argIndex); 1413 } 1414 else { 1415 // If argIndex exceeds the number of data arguments we 1416 // don't issue a warning because that is just a cascade of warnings (and 1417 // they may have intended '%%' anyway). We don't want to continue processing 1418 // the format string after this point, however, as we will like just get 1419 // gibberish when trying to match arguments. 1420 keepGoing = false; 1421 } 1422 1423 const analyze_printf::ConversionSpecifier &CS = 1424 FS.getConversionSpecifier(); 1425 SourceLocation Loc = getLocationOfByte(CS.getStart()); 1426 S.Diag(Loc, diag::warn_printf_invalid_conversion) 1427 << llvm::StringRef(CS.getStart(), CS.getLength()) 1428 << getFormatSpecifierRange(startSpecifier, specifierLen); 1429 1430 return keepGoing; 1431} 1432 1433void CheckPrintfHandler::HandleNullChar(const char *nullCharacter) { 1434 // The presence of a null character is likely an error. 1435 S.Diag(getLocationOfByte(nullCharacter), 1436 diag::warn_printf_format_string_contains_null_char) 1437 << getFormatStringRange(); 1438} 1439 1440const Expr *CheckPrintfHandler::getDataArg(unsigned i) const { 1441 return TheCall->getArg(FirstDataArg + i); 1442} 1443 1444void CheckPrintfHandler::HandleFlags(const analyze_printf::FormatSpecifier &FS, 1445 llvm::StringRef flag, 1446 llvm::StringRef cspec, 1447 const char *startSpecifier, 1448 unsigned specifierLen) { 1449 const analyze_printf::ConversionSpecifier &CS = FS.getConversionSpecifier(); 1450 S.Diag(getLocationOfByte(CS.getStart()), diag::warn_printf_nonsensical_flag) 1451 << flag << cspec << getFormatSpecifierRange(startSpecifier, specifierLen); 1452} 1453 1454bool 1455CheckPrintfHandler::HandleAmount(const analyze_printf::OptionalAmount &Amt, 1456 unsigned k, const char *startSpecifier, 1457 unsigned specifierLen) { 1458 1459 if (Amt.hasDataArgument()) { 1460 if (!HasVAListArg) { 1461 unsigned argIndex = Amt.getArgIndex(); 1462 if (argIndex >= NumDataArgs) { 1463 S.Diag(getLocationOfByte(Amt.getStart()), 1464 diag::warn_printf_asterisk_missing_arg) 1465 << k << getFormatSpecifierRange(startSpecifier, specifierLen); 1466 // Don't do any more checking. We will just emit 1467 // spurious errors. 1468 return false; 1469 } 1470 1471 // Type check the data argument. It should be an 'int'. 1472 // Although not in conformance with C99, we also allow the argument to be 1473 // an 'unsigned int' as that is a reasonably safe case. GCC also 1474 // doesn't emit a warning for that case. 1475 CoveredArgs.set(argIndex); 1476 const Expr *Arg = getDataArg(argIndex); 1477 QualType T = Arg->getType(); 1478 1479 const analyze_printf::ArgTypeResult &ATR = Amt.getArgType(S.Context); 1480 assert(ATR.isValid()); 1481 1482 if (!ATR.matchesType(S.Context, T)) { 1483 S.Diag(getLocationOfByte(Amt.getStart()), 1484 diag::warn_printf_asterisk_wrong_type) 1485 << k 1486 << ATR.getRepresentativeType(S.Context) << T 1487 << getFormatSpecifierRange(startSpecifier, specifierLen) 1488 << Arg->getSourceRange(); 1489 // Don't do any more checking. We will just emit 1490 // spurious errors. 1491 return false; 1492 } 1493 } 1494 } 1495 return true; 1496} 1497 1498bool 1499CheckPrintfHandler::HandleFormatSpecifier(const analyze_printf::FormatSpecifier 1500 &FS, 1501 const char *startSpecifier, 1502 unsigned specifierLen) { 1503 1504 using namespace analyze_printf; 1505 const ConversionSpecifier &CS = FS.getConversionSpecifier(); 1506 1507 if (atFirstArg) { 1508 atFirstArg = false; 1509 usesPositionalArgs = FS.usesPositionalArg(); 1510 } 1511 else if (usesPositionalArgs != FS.usesPositionalArg()) { 1512 // Cannot mix-and-match positional and non-positional arguments. 1513 S.Diag(getLocationOfByte(CS.getStart()), 1514 diag::warn_printf_mix_positional_nonpositional_args) 1515 << getFormatSpecifierRange(startSpecifier, specifierLen); 1516 return false; 1517 } 1518 1519 // First check if the field width, precision, and conversion specifier 1520 // have matching data arguments. 1521 if (!HandleAmount(FS.getFieldWidth(), /* field width */ 0, 1522 startSpecifier, specifierLen)) { 1523 return false; 1524 } 1525 1526 if (!HandleAmount(FS.getPrecision(), /* precision */ 1, 1527 startSpecifier, specifierLen)) { 1528 return false; 1529 } 1530 1531 if (!CS.consumesDataArgument()) { 1532 // FIXME: Technically specifying a precision or field width here 1533 // makes no sense. Worth issuing a warning at some point. 1534 return true; 1535 } 1536 1537 // Consume the argument. 1538 unsigned argIndex = FS.getArgIndex(); 1539 if (argIndex < NumDataArgs) { 1540 // The check to see if the argIndex is valid will come later. 1541 // We set the bit here because we may exit early from this 1542 // function if we encounter some other error. 1543 CoveredArgs.set(argIndex); 1544 } 1545 1546 // Check for using an Objective-C specific conversion specifier 1547 // in a non-ObjC literal. 1548 if (!IsObjCLiteral && CS.isObjCArg()) { 1549 return HandleInvalidConversionSpecifier(FS, startSpecifier, specifierLen); 1550 } 1551 1552 // Are we using '%n'? Issue a warning about this being 1553 // a possible security issue. 1554 if (CS.getKind() == ConversionSpecifier::OutIntPtrArg) { 1555 S.Diag(getLocationOfByte(CS.getStart()), diag::warn_printf_write_back) 1556 << getFormatSpecifierRange(startSpecifier, specifierLen); 1557 // Continue checking the other format specifiers. 1558 return true; 1559 } 1560 1561 if (CS.getKind() == ConversionSpecifier::VoidPtrArg) { 1562 if (FS.getPrecision().getHowSpecified() != OptionalAmount::NotSpecified) 1563 S.Diag(getLocationOfByte(CS.getStart()), 1564 diag::warn_printf_nonsensical_precision) 1565 << CS.getCharacters() 1566 << getFormatSpecifierRange(startSpecifier, specifierLen); 1567 } 1568 if (CS.getKind() == ConversionSpecifier::VoidPtrArg || 1569 CS.getKind() == ConversionSpecifier::CStrArg) { 1570 // FIXME: Instead of using "0", "+", etc., eventually get them from 1571 // the FormatSpecifier. 1572 if (FS.hasLeadingZeros()) 1573 HandleFlags(FS, "0", CS.getCharacters(), startSpecifier, specifierLen); 1574 if (FS.hasPlusPrefix()) 1575 HandleFlags(FS, "+", CS.getCharacters(), startSpecifier, specifierLen); 1576 if (FS.hasSpacePrefix()) 1577 HandleFlags(FS, " ", CS.getCharacters(), startSpecifier, specifierLen); 1578 } 1579 1580 // The remaining checks depend on the data arguments. 1581 if (HasVAListArg) 1582 return true; 1583 1584 if (argIndex >= NumDataArgs) { 1585 if (FS.usesPositionalArg()) { 1586 S.Diag(getLocationOfByte(CS.getStart()), 1587 diag::warn_printf_positional_arg_exceeds_data_args) 1588 << (argIndex+1) << NumDataArgs 1589 << getFormatSpecifierRange(startSpecifier, specifierLen); 1590 } 1591 else { 1592 S.Diag(getLocationOfByte(CS.getStart()), 1593 diag::warn_printf_insufficient_data_args) 1594 << getFormatSpecifierRange(startSpecifier, specifierLen); 1595 } 1596 1597 // Don't do any more checking. 1598 return false; 1599 } 1600 1601 // Now type check the data expression that matches the 1602 // format specifier. 1603 const Expr *Ex = getDataArg(argIndex); 1604 const analyze_printf::ArgTypeResult &ATR = FS.getArgType(S.Context); 1605 if (ATR.isValid() && !ATR.matchesType(S.Context, Ex->getType())) { 1606 // Check if we didn't match because of an implicit cast from a 'char' 1607 // or 'short' to an 'int'. This is done because printf is a varargs 1608 // function. 1609 if (const ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(Ex)) 1610 if (ICE->getType() == S.Context.IntTy) 1611 if (ATR.matchesType(S.Context, ICE->getSubExpr()->getType())) 1612 return true; 1613 1614 // We may be able to offer a FixItHint if it is a supported type. 1615 FormatSpecifier fixedFS = FS; 1616 bool success = fixedFS.fixType(Ex->getType()); 1617 1618 if (success) { 1619 // Get the fix string from the fixed format specifier 1620 llvm::SmallString<128> buf; 1621 llvm::raw_svector_ostream os(buf); 1622 fixedFS.toString(os); 1623 1624 S.Diag(getLocationOfByte(CS.getStart()), 1625 diag::warn_printf_conversion_argument_type_mismatch) 1626 << ATR.getRepresentativeType(S.Context) << Ex->getType() 1627 << getFormatSpecifierRange(startSpecifier, specifierLen) 1628 << Ex->getSourceRange() 1629 << FixItHint::CreateReplacement( 1630 getFormatSpecifierRange(startSpecifier, specifierLen), 1631 os.str()); 1632 } 1633 else { 1634 S.Diag(getLocationOfByte(CS.getStart()), 1635 diag::warn_printf_conversion_argument_type_mismatch) 1636 << ATR.getRepresentativeType(S.Context) << Ex->getType() 1637 << getFormatSpecifierRange(startSpecifier, specifierLen) 1638 << Ex->getSourceRange(); 1639 } 1640 } 1641 1642 return true; 1643} 1644 1645void CheckPrintfHandler::DoneProcessing() { 1646 // Does the number of data arguments exceed the number of 1647 // format conversions in the format string? 1648 if (!HasVAListArg) { 1649 // Find any arguments that weren't covered. 1650 CoveredArgs.flip(); 1651 signed notCoveredArg = CoveredArgs.find_first(); 1652 if (notCoveredArg >= 0) { 1653 assert((unsigned)notCoveredArg < NumDataArgs); 1654 S.Diag(getDataArg((unsigned) notCoveredArg)->getLocStart(), 1655 diag::warn_printf_data_arg_not_used) 1656 << getFormatStringRange(); 1657 } 1658 } 1659} 1660 1661void Sema::CheckPrintfString(const StringLiteral *FExpr, 1662 const Expr *OrigFormatExpr, 1663 const CallExpr *TheCall, bool HasVAListArg, 1664 unsigned format_idx, unsigned firstDataArg) { 1665 1666 // CHECK: is the format string a wide literal? 1667 if (FExpr->isWide()) { 1668 Diag(FExpr->getLocStart(), 1669 diag::warn_printf_format_string_is_wide_literal) 1670 << OrigFormatExpr->getSourceRange(); 1671 return; 1672 } 1673 1674 // Str - The format string. NOTE: this is NOT null-terminated! 1675 const char *Str = FExpr->getStrData(); 1676 1677 // CHECK: empty format string? 1678 unsigned StrLen = FExpr->getByteLength(); 1679 1680 if (StrLen == 0) { 1681 Diag(FExpr->getLocStart(), diag::warn_printf_empty_format_string) 1682 << OrigFormatExpr->getSourceRange(); 1683 return; 1684 } 1685 1686 CheckPrintfHandler H(*this, FExpr, OrigFormatExpr, firstDataArg, 1687 TheCall->getNumArgs() - firstDataArg, 1688 isa<ObjCStringLiteral>(OrigFormatExpr), Str, 1689 HasVAListArg, TheCall, format_idx); 1690 1691 if (!analyze_printf::ParseFormatString(H, Str, Str + StrLen)) 1692 H.DoneProcessing(); 1693} 1694 1695//===--- CHECK: Return Address of Stack Variable --------------------------===// 1696 1697static DeclRefExpr* EvalVal(Expr *E); 1698static DeclRefExpr* EvalAddr(Expr* E); 1699 1700/// CheckReturnStackAddr - Check if a return statement returns the address 1701/// of a stack variable. 1702void 1703Sema::CheckReturnStackAddr(Expr *RetValExp, QualType lhsType, 1704 SourceLocation ReturnLoc) { 1705 1706 // Perform checking for returned stack addresses. 1707 if (lhsType->isPointerType() || lhsType->isBlockPointerType()) { 1708 if (DeclRefExpr *DR = EvalAddr(RetValExp)) 1709 Diag(DR->getLocStart(), diag::warn_ret_stack_addr) 1710 << DR->getDecl()->getDeclName() << RetValExp->getSourceRange(); 1711 1712 // Skip over implicit cast expressions when checking for block expressions. 1713 RetValExp = RetValExp->IgnoreParenCasts(); 1714 1715 if (BlockExpr *C = dyn_cast<BlockExpr>(RetValExp)) 1716 if (C->hasBlockDeclRefExprs()) 1717 Diag(C->getLocStart(), diag::err_ret_local_block) 1718 << C->getSourceRange(); 1719 1720 if (AddrLabelExpr *ALE = dyn_cast<AddrLabelExpr>(RetValExp)) 1721 Diag(ALE->getLocStart(), diag::warn_ret_addr_label) 1722 << ALE->getSourceRange(); 1723 1724 } else if (lhsType->isReferenceType()) { 1725 // Perform checking for stack values returned by reference. 1726 // Check for a reference to the stack 1727 if (DeclRefExpr *DR = EvalVal(RetValExp)) 1728 Diag(DR->getLocStart(), diag::warn_ret_stack_ref) 1729 << DR->getDecl()->getDeclName() << RetValExp->getSourceRange(); 1730 } 1731} 1732 1733/// EvalAddr - EvalAddr and EvalVal are mutually recursive functions that 1734/// check if the expression in a return statement evaluates to an address 1735/// to a location on the stack. The recursion is used to traverse the 1736/// AST of the return expression, with recursion backtracking when we 1737/// encounter a subexpression that (1) clearly does not lead to the address 1738/// of a stack variable or (2) is something we cannot determine leads to 1739/// the address of a stack variable based on such local checking. 1740/// 1741/// EvalAddr processes expressions that are pointers that are used as 1742/// references (and not L-values). EvalVal handles all other values. 1743/// At the base case of the recursion is a check for a DeclRefExpr* in 1744/// the refers to a stack variable. 1745/// 1746/// This implementation handles: 1747/// 1748/// * pointer-to-pointer casts 1749/// * implicit conversions from array references to pointers 1750/// * taking the address of fields 1751/// * arbitrary interplay between "&" and "*" operators 1752/// * pointer arithmetic from an address of a stack variable 1753/// * taking the address of an array element where the array is on the stack 1754static DeclRefExpr* EvalAddr(Expr *E) { 1755 // We should only be called for evaluating pointer expressions. 1756 assert((E->getType()->isAnyPointerType() || 1757 E->getType()->isBlockPointerType() || 1758 E->getType()->isObjCQualifiedIdType()) && 1759 "EvalAddr only works on pointers"); 1760 1761 // Our "symbolic interpreter" is just a dispatch off the currently 1762 // viewed AST node. We then recursively traverse the AST by calling 1763 // EvalAddr and EvalVal appropriately. 1764 switch (E->getStmtClass()) { 1765 case Stmt::ParenExprClass: 1766 // Ignore parentheses. 1767 return EvalAddr(cast<ParenExpr>(E)->getSubExpr()); 1768 1769 case Stmt::UnaryOperatorClass: { 1770 // The only unary operator that make sense to handle here 1771 // is AddrOf. All others don't make sense as pointers. 1772 UnaryOperator *U = cast<UnaryOperator>(E); 1773 1774 if (U->getOpcode() == UnaryOperator::AddrOf) 1775 return EvalVal(U->getSubExpr()); 1776 else 1777 return NULL; 1778 } 1779 1780 case Stmt::BinaryOperatorClass: { 1781 // Handle pointer arithmetic. All other binary operators are not valid 1782 // in this context. 1783 BinaryOperator *B = cast<BinaryOperator>(E); 1784 BinaryOperator::Opcode op = B->getOpcode(); 1785 1786 if (op != BinaryOperator::Add && op != BinaryOperator::Sub) 1787 return NULL; 1788 1789 Expr *Base = B->getLHS(); 1790 1791 // Determine which argument is the real pointer base. It could be 1792 // the RHS argument instead of the LHS. 1793 if (!Base->getType()->isPointerType()) Base = B->getRHS(); 1794 1795 assert (Base->getType()->isPointerType()); 1796 return EvalAddr(Base); 1797 } 1798 1799 // For conditional operators we need to see if either the LHS or RHS are 1800 // valid DeclRefExpr*s. If one of them is valid, we return it. 1801 case Stmt::ConditionalOperatorClass: { 1802 ConditionalOperator *C = cast<ConditionalOperator>(E); 1803 1804 // Handle the GNU extension for missing LHS. 1805 if (Expr *lhsExpr = C->getLHS()) 1806 if (DeclRefExpr* LHS = EvalAddr(lhsExpr)) 1807 return LHS; 1808 1809 return EvalAddr(C->getRHS()); 1810 } 1811 1812 // For casts, we need to handle conversions from arrays to 1813 // pointer values, and pointer-to-pointer conversions. 1814 case Stmt::ImplicitCastExprClass: 1815 case Stmt::CStyleCastExprClass: 1816 case Stmt::CXXFunctionalCastExprClass: { 1817 Expr* SubExpr = cast<CastExpr>(E)->getSubExpr(); 1818 QualType T = SubExpr->getType(); 1819 1820 if (SubExpr->getType()->isPointerType() || 1821 SubExpr->getType()->isBlockPointerType() || 1822 SubExpr->getType()->isObjCQualifiedIdType()) 1823 return EvalAddr(SubExpr); 1824 else if (T->isArrayType()) 1825 return EvalVal(SubExpr); 1826 else 1827 return 0; 1828 } 1829 1830 // C++ casts. For dynamic casts, static casts, and const casts, we 1831 // are always converting from a pointer-to-pointer, so we just blow 1832 // through the cast. In the case the dynamic cast doesn't fail (and 1833 // return NULL), we take the conservative route and report cases 1834 // where we return the address of a stack variable. For Reinterpre 1835 // FIXME: The comment about is wrong; we're not always converting 1836 // from pointer to pointer. I'm guessing that this code should also 1837 // handle references to objects. 1838 case Stmt::CXXStaticCastExprClass: 1839 case Stmt::CXXDynamicCastExprClass: 1840 case Stmt::CXXConstCastExprClass: 1841 case Stmt::CXXReinterpretCastExprClass: { 1842 Expr *S = cast<CXXNamedCastExpr>(E)->getSubExpr(); 1843 if (S->getType()->isPointerType() || S->getType()->isBlockPointerType()) 1844 return EvalAddr(S); 1845 else 1846 return NULL; 1847 } 1848 1849 // Everything else: we simply don't reason about them. 1850 default: 1851 return NULL; 1852 } 1853} 1854 1855 1856/// EvalVal - This function is complements EvalAddr in the mutual recursion. 1857/// See the comments for EvalAddr for more details. 1858static DeclRefExpr* EvalVal(Expr *E) { 1859 1860 // We should only be called for evaluating non-pointer expressions, or 1861 // expressions with a pointer type that are not used as references but instead 1862 // are l-values (e.g., DeclRefExpr with a pointer type). 1863 1864 // Our "symbolic interpreter" is just a dispatch off the currently 1865 // viewed AST node. We then recursively traverse the AST by calling 1866 // EvalAddr and EvalVal appropriately. 1867 switch (E->getStmtClass()) { 1868 case Stmt::DeclRefExprClass: { 1869 // DeclRefExpr: the base case. When we hit a DeclRefExpr we are looking 1870 // at code that refers to a variable's name. We check if it has local 1871 // storage within the function, and if so, return the expression. 1872 DeclRefExpr *DR = cast<DeclRefExpr>(E); 1873 1874 if (VarDecl *V = dyn_cast<VarDecl>(DR->getDecl())) 1875 if (V->hasLocalStorage() && !V->getType()->isReferenceType()) return DR; 1876 1877 return NULL; 1878 } 1879 1880 case Stmt::ParenExprClass: 1881 // Ignore parentheses. 1882 return EvalVal(cast<ParenExpr>(E)->getSubExpr()); 1883 1884 case Stmt::UnaryOperatorClass: { 1885 // The only unary operator that make sense to handle here 1886 // is Deref. All others don't resolve to a "name." This includes 1887 // handling all sorts of rvalues passed to a unary operator. 1888 UnaryOperator *U = cast<UnaryOperator>(E); 1889 1890 if (U->getOpcode() == UnaryOperator::Deref) 1891 return EvalAddr(U->getSubExpr()); 1892 1893 return NULL; 1894 } 1895 1896 case Stmt::ArraySubscriptExprClass: { 1897 // Array subscripts are potential references to data on the stack. We 1898 // retrieve the DeclRefExpr* for the array variable if it indeed 1899 // has local storage. 1900 return EvalAddr(cast<ArraySubscriptExpr>(E)->getBase()); 1901 } 1902 1903 case Stmt::ConditionalOperatorClass: { 1904 // For conditional operators we need to see if either the LHS or RHS are 1905 // non-NULL DeclRefExpr's. If one is non-NULL, we return it. 1906 ConditionalOperator *C = cast<ConditionalOperator>(E); 1907 1908 // Handle the GNU extension for missing LHS. 1909 if (Expr *lhsExpr = C->getLHS()) 1910 if (DeclRefExpr *LHS = EvalVal(lhsExpr)) 1911 return LHS; 1912 1913 return EvalVal(C->getRHS()); 1914 } 1915 1916 // Accesses to members are potential references to data on the stack. 1917 case Stmt::MemberExprClass: { 1918 MemberExpr *M = cast<MemberExpr>(E); 1919 1920 // Check for indirect access. We only want direct field accesses. 1921 if (!M->isArrow()) 1922 return EvalVal(M->getBase()); 1923 else 1924 return NULL; 1925 } 1926 1927 // Everything else: we simply don't reason about them. 1928 default: 1929 return NULL; 1930 } 1931} 1932 1933//===--- CHECK: Floating-Point comparisons (-Wfloat-equal) ---------------===// 1934 1935/// Check for comparisons of floating point operands using != and ==. 1936/// Issue a warning if these are no self-comparisons, as they are not likely 1937/// to do what the programmer intended. 1938void Sema::CheckFloatComparison(SourceLocation loc, Expr* lex, Expr *rex) { 1939 bool EmitWarning = true; 1940 1941 Expr* LeftExprSansParen = lex->IgnoreParens(); 1942 Expr* RightExprSansParen = rex->IgnoreParens(); 1943 1944 // Special case: check for x == x (which is OK). 1945 // Do not emit warnings for such cases. 1946 if (DeclRefExpr* DRL = dyn_cast<DeclRefExpr>(LeftExprSansParen)) 1947 if (DeclRefExpr* DRR = dyn_cast<DeclRefExpr>(RightExprSansParen)) 1948 if (DRL->getDecl() == DRR->getDecl()) 1949 EmitWarning = false; 1950 1951 1952 // Special case: check for comparisons against literals that can be exactly 1953 // represented by APFloat. In such cases, do not emit a warning. This 1954 // is a heuristic: often comparison against such literals are used to 1955 // detect if a value in a variable has not changed. This clearly can 1956 // lead to false negatives. 1957 if (EmitWarning) { 1958 if (FloatingLiteral* FLL = dyn_cast<FloatingLiteral>(LeftExprSansParen)) { 1959 if (FLL->isExact()) 1960 EmitWarning = false; 1961 } else 1962 if (FloatingLiteral* FLR = dyn_cast<FloatingLiteral>(RightExprSansParen)){ 1963 if (FLR->isExact()) 1964 EmitWarning = false; 1965 } 1966 } 1967 1968 // Check for comparisons with builtin types. 1969 if (EmitWarning) 1970 if (CallExpr* CL = dyn_cast<CallExpr>(LeftExprSansParen)) 1971 if (CL->isBuiltinCall(Context)) 1972 EmitWarning = false; 1973 1974 if (EmitWarning) 1975 if (CallExpr* CR = dyn_cast<CallExpr>(RightExprSansParen)) 1976 if (CR->isBuiltinCall(Context)) 1977 EmitWarning = false; 1978 1979 // Emit the diagnostic. 1980 if (EmitWarning) 1981 Diag(loc, diag::warn_floatingpoint_eq) 1982 << lex->getSourceRange() << rex->getSourceRange(); 1983} 1984 1985//===--- CHECK: Integer mixed-sign comparisons (-Wsign-compare) --------===// 1986//===--- CHECK: Lossy implicit conversions (-Wconversion) --------------===// 1987 1988namespace { 1989 1990/// Structure recording the 'active' range of an integer-valued 1991/// expression. 1992struct IntRange { 1993 /// The number of bits active in the int. 1994 unsigned Width; 1995 1996 /// True if the int is known not to have negative values. 1997 bool NonNegative; 1998 1999 IntRange() {} 2000 IntRange(unsigned Width, bool NonNegative) 2001 : Width(Width), NonNegative(NonNegative) 2002 {} 2003 2004 // Returns the range of the bool type. 2005 static IntRange forBoolType() { 2006 return IntRange(1, true); 2007 } 2008 2009 // Returns the range of an integral type. 2010 static IntRange forType(ASTContext &C, QualType T) { 2011 return forCanonicalType(C, T->getCanonicalTypeInternal().getTypePtr()); 2012 } 2013 2014 // Returns the range of an integeral type based on its canonical 2015 // representation. 2016 static IntRange forCanonicalType(ASTContext &C, const Type *T) { 2017 assert(T->isCanonicalUnqualified()); 2018 2019 if (const VectorType *VT = dyn_cast<VectorType>(T)) 2020 T = VT->getElementType().getTypePtr(); 2021 if (const ComplexType *CT = dyn_cast<ComplexType>(T)) 2022 T = CT->getElementType().getTypePtr(); 2023 2024 if (const EnumType *ET = dyn_cast<EnumType>(T)) { 2025 EnumDecl *Enum = ET->getDecl(); 2026 unsigned NumPositive = Enum->getNumPositiveBits(); 2027 unsigned NumNegative = Enum->getNumNegativeBits(); 2028 2029 return IntRange(std::max(NumPositive, NumNegative), NumNegative == 0); 2030 } 2031 2032 const BuiltinType *BT = cast<BuiltinType>(T); 2033 assert(BT->isInteger()); 2034 2035 return IntRange(C.getIntWidth(QualType(T, 0)), BT->isUnsignedInteger()); 2036 } 2037 2038 // Returns the supremum of two ranges: i.e. their conservative merge. 2039 static IntRange join(IntRange L, IntRange R) { 2040 return IntRange(std::max(L.Width, R.Width), 2041 L.NonNegative && R.NonNegative); 2042 } 2043 2044 // Returns the infinum of two ranges: i.e. their aggressive merge. 2045 static IntRange meet(IntRange L, IntRange R) { 2046 return IntRange(std::min(L.Width, R.Width), 2047 L.NonNegative || R.NonNegative); 2048 } 2049}; 2050 2051IntRange GetValueRange(ASTContext &C, llvm::APSInt &value, unsigned MaxWidth) { 2052 if (value.isSigned() && value.isNegative()) 2053 return IntRange(value.getMinSignedBits(), false); 2054 2055 if (value.getBitWidth() > MaxWidth) 2056 value.trunc(MaxWidth); 2057 2058 // isNonNegative() just checks the sign bit without considering 2059 // signedness. 2060 return IntRange(value.getActiveBits(), true); 2061} 2062 2063IntRange GetValueRange(ASTContext &C, APValue &result, QualType Ty, 2064 unsigned MaxWidth) { 2065 if (result.isInt()) 2066 return GetValueRange(C, result.getInt(), MaxWidth); 2067 2068 if (result.isVector()) { 2069 IntRange R = GetValueRange(C, result.getVectorElt(0), Ty, MaxWidth); 2070 for (unsigned i = 1, e = result.getVectorLength(); i != e; ++i) { 2071 IntRange El = GetValueRange(C, result.getVectorElt(i), Ty, MaxWidth); 2072 R = IntRange::join(R, El); 2073 } 2074 return R; 2075 } 2076 2077 if (result.isComplexInt()) { 2078 IntRange R = GetValueRange(C, result.getComplexIntReal(), MaxWidth); 2079 IntRange I = GetValueRange(C, result.getComplexIntImag(), MaxWidth); 2080 return IntRange::join(R, I); 2081 } 2082 2083 // This can happen with lossless casts to intptr_t of "based" lvalues. 2084 // Assume it might use arbitrary bits. 2085 // FIXME: The only reason we need to pass the type in here is to get 2086 // the sign right on this one case. It would be nice if APValue 2087 // preserved this. 2088 assert(result.isLValue()); 2089 return IntRange(MaxWidth, Ty->isUnsignedIntegerType()); 2090} 2091 2092/// Pseudo-evaluate the given integer expression, estimating the 2093/// range of values it might take. 2094/// 2095/// \param MaxWidth - the width to which the value will be truncated 2096IntRange GetExprRange(ASTContext &C, Expr *E, unsigned MaxWidth) { 2097 E = E->IgnoreParens(); 2098 2099 // Try a full evaluation first. 2100 Expr::EvalResult result; 2101 if (E->Evaluate(result, C)) 2102 return GetValueRange(C, result.Val, E->getType(), MaxWidth); 2103 2104 // I think we only want to look through implicit casts here; if the 2105 // user has an explicit widening cast, we should treat the value as 2106 // being of the new, wider type. 2107 if (ImplicitCastExpr *CE = dyn_cast<ImplicitCastExpr>(E)) { 2108 if (CE->getCastKind() == CastExpr::CK_NoOp) 2109 return GetExprRange(C, CE->getSubExpr(), MaxWidth); 2110 2111 IntRange OutputTypeRange = IntRange::forType(C, CE->getType()); 2112 2113 bool isIntegerCast = (CE->getCastKind() == CastExpr::CK_IntegralCast); 2114 if (!isIntegerCast && CE->getCastKind() == CastExpr::CK_Unknown) 2115 isIntegerCast = CE->getSubExpr()->getType()->isIntegerType(); 2116 2117 // Assume that non-integer casts can span the full range of the type. 2118 if (!isIntegerCast) 2119 return OutputTypeRange; 2120 2121 IntRange SubRange 2122 = GetExprRange(C, CE->getSubExpr(), 2123 std::min(MaxWidth, OutputTypeRange.Width)); 2124 2125 // Bail out if the subexpr's range is as wide as the cast type. 2126 if (SubRange.Width >= OutputTypeRange.Width) 2127 return OutputTypeRange; 2128 2129 // Otherwise, we take the smaller width, and we're non-negative if 2130 // either the output type or the subexpr is. 2131 return IntRange(SubRange.Width, 2132 SubRange.NonNegative || OutputTypeRange.NonNegative); 2133 } 2134 2135 if (ConditionalOperator *CO = dyn_cast<ConditionalOperator>(E)) { 2136 // If we can fold the condition, just take that operand. 2137 bool CondResult; 2138 if (CO->getCond()->EvaluateAsBooleanCondition(CondResult, C)) 2139 return GetExprRange(C, CondResult ? CO->getTrueExpr() 2140 : CO->getFalseExpr(), 2141 MaxWidth); 2142 2143 // Otherwise, conservatively merge. 2144 IntRange L = GetExprRange(C, CO->getTrueExpr(), MaxWidth); 2145 IntRange R = GetExprRange(C, CO->getFalseExpr(), MaxWidth); 2146 return IntRange::join(L, R); 2147 } 2148 2149 if (BinaryOperator *BO = dyn_cast<BinaryOperator>(E)) { 2150 switch (BO->getOpcode()) { 2151 2152 // Boolean-valued operations are single-bit and positive. 2153 case BinaryOperator::LAnd: 2154 case BinaryOperator::LOr: 2155 case BinaryOperator::LT: 2156 case BinaryOperator::GT: 2157 case BinaryOperator::LE: 2158 case BinaryOperator::GE: 2159 case BinaryOperator::EQ: 2160 case BinaryOperator::NE: 2161 return IntRange::forBoolType(); 2162 2163 // The type of these compound assignments is the type of the LHS, 2164 // so the RHS is not necessarily an integer. 2165 case BinaryOperator::MulAssign: 2166 case BinaryOperator::DivAssign: 2167 case BinaryOperator::RemAssign: 2168 case BinaryOperator::AddAssign: 2169 case BinaryOperator::SubAssign: 2170 return IntRange::forType(C, E->getType()); 2171 2172 // Operations with opaque sources are black-listed. 2173 case BinaryOperator::PtrMemD: 2174 case BinaryOperator::PtrMemI: 2175 return IntRange::forType(C, E->getType()); 2176 2177 // Bitwise-and uses the *infinum* of the two source ranges. 2178 case BinaryOperator::And: 2179 case BinaryOperator::AndAssign: 2180 return IntRange::meet(GetExprRange(C, BO->getLHS(), MaxWidth), 2181 GetExprRange(C, BO->getRHS(), MaxWidth)); 2182 2183 // Left shift gets black-listed based on a judgement call. 2184 case BinaryOperator::Shl: 2185 // ...except that we want to treat '1 << (blah)' as logically 2186 // positive. It's an important idiom. 2187 if (IntegerLiteral *I 2188 = dyn_cast<IntegerLiteral>(BO->getLHS()->IgnoreParenCasts())) { 2189 if (I->getValue() == 1) { 2190 IntRange R = IntRange::forType(C, E->getType()); 2191 return IntRange(R.Width, /*NonNegative*/ true); 2192 } 2193 } 2194 // fallthrough 2195 2196 case BinaryOperator::ShlAssign: 2197 return IntRange::forType(C, E->getType()); 2198 2199 // Right shift by a constant can narrow its left argument. 2200 case BinaryOperator::Shr: 2201 case BinaryOperator::ShrAssign: { 2202 IntRange L = GetExprRange(C, BO->getLHS(), MaxWidth); 2203 2204 // If the shift amount is a positive constant, drop the width by 2205 // that much. 2206 llvm::APSInt shift; 2207 if (BO->getRHS()->isIntegerConstantExpr(shift, C) && 2208 shift.isNonNegative()) { 2209 unsigned zext = shift.getZExtValue(); 2210 if (zext >= L.Width) 2211 L.Width = (L.NonNegative ? 0 : 1); 2212 else 2213 L.Width -= zext; 2214 } 2215 2216 return L; 2217 } 2218 2219 // Comma acts as its right operand. 2220 case BinaryOperator::Comma: 2221 return GetExprRange(C, BO->getRHS(), MaxWidth); 2222 2223 // Black-list pointer subtractions. 2224 case BinaryOperator::Sub: 2225 if (BO->getLHS()->getType()->isPointerType()) 2226 return IntRange::forType(C, E->getType()); 2227 // fallthrough 2228 2229 default: 2230 break; 2231 } 2232 2233 // Treat every other operator as if it were closed on the 2234 // narrowest type that encompasses both operands. 2235 IntRange L = GetExprRange(C, BO->getLHS(), MaxWidth); 2236 IntRange R = GetExprRange(C, BO->getRHS(), MaxWidth); 2237 return IntRange::join(L, R); 2238 } 2239 2240 if (UnaryOperator *UO = dyn_cast<UnaryOperator>(E)) { 2241 switch (UO->getOpcode()) { 2242 // Boolean-valued operations are white-listed. 2243 case UnaryOperator::LNot: 2244 return IntRange::forBoolType(); 2245 2246 // Operations with opaque sources are black-listed. 2247 case UnaryOperator::Deref: 2248 case UnaryOperator::AddrOf: // should be impossible 2249 case UnaryOperator::OffsetOf: 2250 return IntRange::forType(C, E->getType()); 2251 2252 default: 2253 return GetExprRange(C, UO->getSubExpr(), MaxWidth); 2254 } 2255 } 2256 2257 if (dyn_cast<OffsetOfExpr>(E)) { 2258 IntRange::forType(C, E->getType()); 2259 } 2260 2261 FieldDecl *BitField = E->getBitField(); 2262 if (BitField) { 2263 llvm::APSInt BitWidthAP = BitField->getBitWidth()->EvaluateAsInt(C); 2264 unsigned BitWidth = BitWidthAP.getZExtValue(); 2265 2266 return IntRange(BitWidth, BitField->getType()->isUnsignedIntegerType()); 2267 } 2268 2269 return IntRange::forType(C, E->getType()); 2270} 2271 2272IntRange GetExprRange(ASTContext &C, Expr *E) { 2273 return GetExprRange(C, E, C.getIntWidth(E->getType())); 2274} 2275 2276/// Checks whether the given value, which currently has the given 2277/// source semantics, has the same value when coerced through the 2278/// target semantics. 2279bool IsSameFloatAfterCast(const llvm::APFloat &value, 2280 const llvm::fltSemantics &Src, 2281 const llvm::fltSemantics &Tgt) { 2282 llvm::APFloat truncated = value; 2283 2284 bool ignored; 2285 truncated.convert(Src, llvm::APFloat::rmNearestTiesToEven, &ignored); 2286 truncated.convert(Tgt, llvm::APFloat::rmNearestTiesToEven, &ignored); 2287 2288 return truncated.bitwiseIsEqual(value); 2289} 2290 2291/// Checks whether the given value, which currently has the given 2292/// source semantics, has the same value when coerced through the 2293/// target semantics. 2294/// 2295/// The value might be a vector of floats (or a complex number). 2296bool IsSameFloatAfterCast(const APValue &value, 2297 const llvm::fltSemantics &Src, 2298 const llvm::fltSemantics &Tgt) { 2299 if (value.isFloat()) 2300 return IsSameFloatAfterCast(value.getFloat(), Src, Tgt); 2301 2302 if (value.isVector()) { 2303 for (unsigned i = 0, e = value.getVectorLength(); i != e; ++i) 2304 if (!IsSameFloatAfterCast(value.getVectorElt(i), Src, Tgt)) 2305 return false; 2306 return true; 2307 } 2308 2309 assert(value.isComplexFloat()); 2310 return (IsSameFloatAfterCast(value.getComplexFloatReal(), Src, Tgt) && 2311 IsSameFloatAfterCast(value.getComplexFloatImag(), Src, Tgt)); 2312} 2313 2314void AnalyzeImplicitConversions(Sema &S, Expr *E); 2315 2316bool IsZero(Sema &S, Expr *E) { 2317 llvm::APSInt Value; 2318 return E->isIntegerConstantExpr(Value, S.Context) && Value == 0; 2319} 2320 2321void CheckTrivialUnsignedComparison(Sema &S, BinaryOperator *E) { 2322 BinaryOperator::Opcode op = E->getOpcode(); 2323 if (op == BinaryOperator::LT && IsZero(S, E->getRHS())) { 2324 S.Diag(E->getOperatorLoc(), diag::warn_lunsigned_always_true_comparison) 2325 << "< 0" << "false" 2326 << E->getLHS()->getSourceRange() << E->getRHS()->getSourceRange(); 2327 } else if (op == BinaryOperator::GE && IsZero(S, E->getRHS())) { 2328 S.Diag(E->getOperatorLoc(), diag::warn_lunsigned_always_true_comparison) 2329 << ">= 0" << "true" 2330 << E->getLHS()->getSourceRange() << E->getRHS()->getSourceRange(); 2331 } else if (op == BinaryOperator::GT && IsZero(S, E->getLHS())) { 2332 S.Diag(E->getOperatorLoc(), diag::warn_runsigned_always_true_comparison) 2333 << "0 >" << "false" 2334 << E->getLHS()->getSourceRange() << E->getRHS()->getSourceRange(); 2335 } else if (op == BinaryOperator::LE && IsZero(S, E->getLHS())) { 2336 S.Diag(E->getOperatorLoc(), diag::warn_runsigned_always_true_comparison) 2337 << "0 <=" << "true" 2338 << E->getLHS()->getSourceRange() << E->getRHS()->getSourceRange(); 2339 } 2340} 2341 2342/// Analyze the operands of the given comparison. Implements the 2343/// fallback case from AnalyzeComparison. 2344void AnalyzeImpConvsInComparison(Sema &S, BinaryOperator *E) { 2345 AnalyzeImplicitConversions(S, E->getLHS()); 2346 AnalyzeImplicitConversions(S, E->getRHS()); 2347} 2348 2349/// \brief Implements -Wsign-compare. 2350/// 2351/// \param lex the left-hand expression 2352/// \param rex the right-hand expression 2353/// \param OpLoc the location of the joining operator 2354/// \param BinOpc binary opcode or 0 2355void AnalyzeComparison(Sema &S, BinaryOperator *E) { 2356 // The type the comparison is being performed in. 2357 QualType T = E->getLHS()->getType(); 2358 assert(S.Context.hasSameUnqualifiedType(T, E->getRHS()->getType()) 2359 && "comparison with mismatched types"); 2360 2361 // We don't do anything special if this isn't an unsigned integral 2362 // comparison: we're only interested in integral comparisons, and 2363 // signed comparisons only happen in cases we don't care to warn about. 2364 if (!T->isUnsignedIntegerType()) 2365 return AnalyzeImpConvsInComparison(S, E); 2366 2367 Expr *lex = E->getLHS()->IgnoreParenImpCasts(); 2368 Expr *rex = E->getRHS()->IgnoreParenImpCasts(); 2369 2370 // Check to see if one of the (unmodified) operands is of different 2371 // signedness. 2372 Expr *signedOperand, *unsignedOperand; 2373 if (lex->getType()->isSignedIntegerType()) { 2374 assert(!rex->getType()->isSignedIntegerType() && 2375 "unsigned comparison between two signed integer expressions?"); 2376 signedOperand = lex; 2377 unsignedOperand = rex; 2378 } else if (rex->getType()->isSignedIntegerType()) { 2379 signedOperand = rex; 2380 unsignedOperand = lex; 2381 } else { 2382 CheckTrivialUnsignedComparison(S, E); 2383 return AnalyzeImpConvsInComparison(S, E); 2384 } 2385 2386 // Otherwise, calculate the effective range of the signed operand. 2387 IntRange signedRange = GetExprRange(S.Context, signedOperand); 2388 2389 // Go ahead and analyze implicit conversions in the operands. Note 2390 // that we skip the implicit conversions on both sides. 2391 AnalyzeImplicitConversions(S, lex); 2392 AnalyzeImplicitConversions(S, rex); 2393 2394 // If the signed range is non-negative, -Wsign-compare won't fire, 2395 // but we should still check for comparisons which are always true 2396 // or false. 2397 if (signedRange.NonNegative) 2398 return CheckTrivialUnsignedComparison(S, E); 2399 2400 // For (in)equality comparisons, if the unsigned operand is a 2401 // constant which cannot collide with a overflowed signed operand, 2402 // then reinterpreting the signed operand as unsigned will not 2403 // change the result of the comparison. 2404 if (E->isEqualityOp()) { 2405 unsigned comparisonWidth = S.Context.getIntWidth(T); 2406 IntRange unsignedRange = GetExprRange(S.Context, unsignedOperand); 2407 2408 // We should never be unable to prove that the unsigned operand is 2409 // non-negative. 2410 assert(unsignedRange.NonNegative && "unsigned range includes negative?"); 2411 2412 if (unsignedRange.Width < comparisonWidth) 2413 return; 2414 } 2415 2416 S.Diag(E->getOperatorLoc(), diag::warn_mixed_sign_comparison) 2417 << lex->getType() << rex->getType() 2418 << lex->getSourceRange() << rex->getSourceRange(); 2419} 2420 2421/// Diagnose an implicit cast; purely a helper for CheckImplicitConversion. 2422void DiagnoseImpCast(Sema &S, Expr *E, QualType T, unsigned diag) { 2423 S.Diag(E->getExprLoc(), diag) << E->getType() << T << E->getSourceRange(); 2424} 2425 2426void CheckImplicitConversion(Sema &S, Expr *E, QualType T, 2427 bool *ICContext = 0) { 2428 if (E->isTypeDependent() || E->isValueDependent()) return; 2429 2430 const Type *Source = S.Context.getCanonicalType(E->getType()).getTypePtr(); 2431 const Type *Target = S.Context.getCanonicalType(T).getTypePtr(); 2432 if (Source == Target) return; 2433 if (Target->isDependentType()) return; 2434 2435 // Never diagnose implicit casts to bool. 2436 if (Target->isSpecificBuiltinType(BuiltinType::Bool)) 2437 return; 2438 2439 // Strip vector types. 2440 if (isa<VectorType>(Source)) { 2441 if (!isa<VectorType>(Target)) 2442 return DiagnoseImpCast(S, E, T, diag::warn_impcast_vector_scalar); 2443 2444 Source = cast<VectorType>(Source)->getElementType().getTypePtr(); 2445 Target = cast<VectorType>(Target)->getElementType().getTypePtr(); 2446 } 2447 2448 // Strip complex types. 2449 if (isa<ComplexType>(Source)) { 2450 if (!isa<ComplexType>(Target)) 2451 return DiagnoseImpCast(S, E, T, diag::warn_impcast_complex_scalar); 2452 2453 Source = cast<ComplexType>(Source)->getElementType().getTypePtr(); 2454 Target = cast<ComplexType>(Target)->getElementType().getTypePtr(); 2455 } 2456 2457 const BuiltinType *SourceBT = dyn_cast<BuiltinType>(Source); 2458 const BuiltinType *TargetBT = dyn_cast<BuiltinType>(Target); 2459 2460 // If the source is floating point... 2461 if (SourceBT && SourceBT->isFloatingPoint()) { 2462 // ...and the target is floating point... 2463 if (TargetBT && TargetBT->isFloatingPoint()) { 2464 // ...then warn if we're dropping FP rank. 2465 2466 // Builtin FP kinds are ordered by increasing FP rank. 2467 if (SourceBT->getKind() > TargetBT->getKind()) { 2468 // Don't warn about float constants that are precisely 2469 // representable in the target type. 2470 Expr::EvalResult result; 2471 if (E->Evaluate(result, S.Context)) { 2472 // Value might be a float, a float vector, or a float complex. 2473 if (IsSameFloatAfterCast(result.Val, 2474 S.Context.getFloatTypeSemantics(QualType(TargetBT, 0)), 2475 S.Context.getFloatTypeSemantics(QualType(SourceBT, 0)))) 2476 return; 2477 } 2478 2479 DiagnoseImpCast(S, E, T, diag::warn_impcast_float_precision); 2480 } 2481 return; 2482 } 2483 2484 // If the target is integral, always warn. 2485 if ((TargetBT && TargetBT->isInteger())) 2486 // TODO: don't warn for integer values? 2487 DiagnoseImpCast(S, E, T, diag::warn_impcast_float_integer); 2488 2489 return; 2490 } 2491 2492 if (!Source->isIntegerType() || !Target->isIntegerType()) 2493 return; 2494 2495 IntRange SourceRange = GetExprRange(S.Context, E); 2496 IntRange TargetRange = IntRange::forCanonicalType(S.Context, Target); 2497 2498 if (SourceRange.Width > TargetRange.Width) { 2499 // People want to build with -Wshorten-64-to-32 and not -Wconversion 2500 // and by god we'll let them. 2501 if (SourceRange.Width == 64 && TargetRange.Width == 32) 2502 return DiagnoseImpCast(S, E, T, diag::warn_impcast_integer_64_32); 2503 return DiagnoseImpCast(S, E, T, diag::warn_impcast_integer_precision); 2504 } 2505 2506 if ((TargetRange.NonNegative && !SourceRange.NonNegative) || 2507 (!TargetRange.NonNegative && SourceRange.NonNegative && 2508 SourceRange.Width == TargetRange.Width)) { 2509 unsigned DiagID = diag::warn_impcast_integer_sign; 2510 2511 // Traditionally, gcc has warned about this under -Wsign-compare. 2512 // We also want to warn about it in -Wconversion. 2513 // So if -Wconversion is off, use a completely identical diagnostic 2514 // in the sign-compare group. 2515 // The conditional-checking code will 2516 if (ICContext) { 2517 DiagID = diag::warn_impcast_integer_sign_conditional; 2518 *ICContext = true; 2519 } 2520 2521 return DiagnoseImpCast(S, E, T, DiagID); 2522 } 2523 2524 return; 2525} 2526 2527void CheckConditionalOperator(Sema &S, ConditionalOperator *E, QualType T); 2528 2529void CheckConditionalOperand(Sema &S, Expr *E, QualType T, 2530 bool &ICContext) { 2531 E = E->IgnoreParenImpCasts(); 2532 2533 if (isa<ConditionalOperator>(E)) 2534 return CheckConditionalOperator(S, cast<ConditionalOperator>(E), T); 2535 2536 AnalyzeImplicitConversions(S, E); 2537 if (E->getType() != T) 2538 return CheckImplicitConversion(S, E, T, &ICContext); 2539 return; 2540} 2541 2542void CheckConditionalOperator(Sema &S, ConditionalOperator *E, QualType T) { 2543 AnalyzeImplicitConversions(S, E->getCond()); 2544 2545 bool Suspicious = false; 2546 CheckConditionalOperand(S, E->getTrueExpr(), T, Suspicious); 2547 CheckConditionalOperand(S, E->getFalseExpr(), T, Suspicious); 2548 2549 // If -Wconversion would have warned about either of the candidates 2550 // for a signedness conversion to the context type... 2551 if (!Suspicious) return; 2552 2553 // ...but it's currently ignored... 2554 if (S.Diags.getDiagnosticLevel(diag::warn_impcast_integer_sign_conditional)) 2555 return; 2556 2557 // ...and -Wsign-compare isn't... 2558 if (!S.Diags.getDiagnosticLevel(diag::warn_mixed_sign_conditional)) 2559 return; 2560 2561 // ...then check whether it would have warned about either of the 2562 // candidates for a signedness conversion to the condition type. 2563 if (E->getType() != T) { 2564 Suspicious = false; 2565 CheckImplicitConversion(S, E->getTrueExpr()->IgnoreParenImpCasts(), 2566 E->getType(), &Suspicious); 2567 if (!Suspicious) 2568 CheckImplicitConversion(S, E->getFalseExpr()->IgnoreParenImpCasts(), 2569 E->getType(), &Suspicious); 2570 if (!Suspicious) 2571 return; 2572 } 2573 2574 // If so, emit a diagnostic under -Wsign-compare. 2575 Expr *lex = E->getTrueExpr()->IgnoreParenImpCasts(); 2576 Expr *rex = E->getFalseExpr()->IgnoreParenImpCasts(); 2577 S.Diag(E->getQuestionLoc(), diag::warn_mixed_sign_conditional) 2578 << lex->getType() << rex->getType() 2579 << lex->getSourceRange() << rex->getSourceRange(); 2580} 2581 2582/// AnalyzeImplicitConversions - Find and report any interesting 2583/// implicit conversions in the given expression. There are a couple 2584/// of competing diagnostics here, -Wconversion and -Wsign-compare. 2585void AnalyzeImplicitConversions(Sema &S, Expr *OrigE) { 2586 QualType T = OrigE->getType(); 2587 Expr *E = OrigE->IgnoreParenImpCasts(); 2588 2589 // For conditional operators, we analyze the arguments as if they 2590 // were being fed directly into the output. 2591 if (isa<ConditionalOperator>(E)) { 2592 ConditionalOperator *CO = cast<ConditionalOperator>(E); 2593 CheckConditionalOperator(S, CO, T); 2594 return; 2595 } 2596 2597 // Go ahead and check any implicit conversions we might have skipped. 2598 // The non-canonical typecheck is just an optimization; 2599 // CheckImplicitConversion will filter out dead implicit conversions. 2600 if (E->getType() != T) 2601 CheckImplicitConversion(S, E, T); 2602 2603 // Now continue drilling into this expression. 2604 2605 // Skip past explicit casts. 2606 if (isa<ExplicitCastExpr>(E)) { 2607 E = cast<ExplicitCastExpr>(E)->getSubExpr()->IgnoreParenImpCasts(); 2608 return AnalyzeImplicitConversions(S, E); 2609 } 2610 2611 // Do a somewhat different check with comparison operators. 2612 if (isa<BinaryOperator>(E) && cast<BinaryOperator>(E)->isComparisonOp()) 2613 return AnalyzeComparison(S, cast<BinaryOperator>(E)); 2614 2615 // These break the otherwise-useful invariant below. Fortunately, 2616 // we don't really need to recurse into them, because any internal 2617 // expressions should have been analyzed already when they were 2618 // built into statements. 2619 if (isa<StmtExpr>(E)) return; 2620 2621 // Don't descend into unevaluated contexts. 2622 if (isa<SizeOfAlignOfExpr>(E)) return; 2623 2624 // Now just recurse over the expression's children. 2625 for (Stmt::child_iterator I = E->child_begin(), IE = E->child_end(); 2626 I != IE; ++I) 2627 AnalyzeImplicitConversions(S, cast<Expr>(*I)); 2628} 2629 2630} // end anonymous namespace 2631 2632/// Diagnoses "dangerous" implicit conversions within the given 2633/// expression (which is a full expression). Implements -Wconversion 2634/// and -Wsign-compare. 2635void Sema::CheckImplicitConversions(Expr *E) { 2636 // Don't diagnose in unevaluated contexts. 2637 if (ExprEvalContexts.back().Context == Sema::Unevaluated) 2638 return; 2639 2640 // Don't diagnose for value- or type-dependent expressions. 2641 if (E->isTypeDependent() || E->isValueDependent()) 2642 return; 2643 2644 AnalyzeImplicitConversions(*this, E); 2645} 2646 2647/// CheckParmsForFunctionDef - Check that the parameters of the given 2648/// function are appropriate for the definition of a function. This 2649/// takes care of any checks that cannot be performed on the 2650/// declaration itself, e.g., that the types of each of the function 2651/// parameters are complete. 2652bool Sema::CheckParmsForFunctionDef(FunctionDecl *FD) { 2653 bool HasInvalidParm = false; 2654 for (unsigned p = 0, NumParams = FD->getNumParams(); p < NumParams; ++p) { 2655 ParmVarDecl *Param = FD->getParamDecl(p); 2656 2657 // C99 6.7.5.3p4: the parameters in a parameter type list in a 2658 // function declarator that is part of a function definition of 2659 // that function shall not have incomplete type. 2660 // 2661 // This is also C++ [dcl.fct]p6. 2662 if (!Param->isInvalidDecl() && 2663 RequireCompleteType(Param->getLocation(), Param->getType(), 2664 diag::err_typecheck_decl_incomplete_type)) { 2665 Param->setInvalidDecl(); 2666 HasInvalidParm = true; 2667 } 2668 2669 // C99 6.9.1p5: If the declarator includes a parameter type list, the 2670 // declaration of each parameter shall include an identifier. 2671 if (Param->getIdentifier() == 0 && 2672 !Param->isImplicit() && 2673 !getLangOptions().CPlusPlus) 2674 Diag(Param->getLocation(), diag::err_parameter_name_omitted); 2675 2676 // C99 6.7.5.3p12: 2677 // If the function declarator is not part of a definition of that 2678 // function, parameters may have incomplete type and may use the [*] 2679 // notation in their sequences of declarator specifiers to specify 2680 // variable length array types. 2681 QualType PType = Param->getOriginalType(); 2682 if (const ArrayType *AT = Context.getAsArrayType(PType)) { 2683 if (AT->getSizeModifier() == ArrayType::Star) { 2684 // FIXME: This diagnosic should point the the '[*]' if source-location 2685 // information is added for it. 2686 Diag(Param->getLocation(), diag::err_array_star_in_function_definition); 2687 } 2688 } 2689 } 2690 2691 return HasInvalidParm; 2692} 2693