1 //===--- SemaChecking.cpp - Extra Semantic Checking -----------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file implements extra semantic analysis beyond what is enforced 11 // by the C type system. 12 // 13 //===----------------------------------------------------------------------===// 14 15 #include "clang/Sema/SemaInternal.h" 16 #include "clang/AST/ASTContext.h" 17 #include "clang/AST/CharUnits.h" 18 #include "clang/AST/DeclCXX.h" 19 #include "clang/AST/DeclObjC.h" 20 #include "clang/AST/EvaluatedExprVisitor.h" 21 #include "clang/AST/Expr.h" 22 #include "clang/AST/ExprCXX.h" 23 #include "clang/AST/ExprObjC.h" 24 #include "clang/AST/ExprOpenMP.h" 25 #include "clang/AST/StmtCXX.h" 26 #include "clang/AST/StmtObjC.h" 27 #include "clang/Analysis/Analyses/FormatString.h" 28 #include "clang/Basic/CharInfo.h" 29 #include "clang/Basic/TargetBuiltins.h" 30 #include "clang/Basic/TargetInfo.h" 31 #include "clang/Lex/Lexer.h" // TODO: Extract static functions to fix layering. 32 #include "clang/Sema/Initialization.h" 33 #include "clang/Sema/Lookup.h" 34 #include "clang/Sema/ScopeInfo.h" 35 #include "clang/Sema/Sema.h" 36 #include "llvm/ADT/STLExtras.h" 37 #include "llvm/ADT/SmallBitVector.h" 38 #include "llvm/ADT/SmallString.h" 39 #include "llvm/Support/Format.h" 40 #include "llvm/Support/Locale.h" 41 #include "llvm/Support/ConvertUTF.h" 42 #include "llvm/Support/raw_ostream.h" 43 #include <limits> 44 45 using namespace clang; 46 using namespace sema; 47 48 SourceLocation Sema::getLocationOfStringLiteralByte(const StringLiteral *SL, 49 unsigned ByteNo) const { 50 return SL->getLocationOfByte(ByteNo, getSourceManager(), LangOpts, 51 Context.getTargetInfo()); 52 } 53 54 /// Checks that a call expression's argument count is the desired number. 55 /// This is useful when doing custom type-checking. Returns true on error. 56 static bool checkArgCount(Sema &S, CallExpr *call, unsigned desiredArgCount) { 57 unsigned argCount = call->getNumArgs(); 58 if (argCount == desiredArgCount) return false; 59 60 if (argCount < desiredArgCount) 61 return S.Diag(call->getLocEnd(), diag::err_typecheck_call_too_few_args) 62 << 0 /*function call*/ << desiredArgCount << argCount 63 << call->getSourceRange(); 64 65 // Highlight all the excess arguments. 66 SourceRange range(call->getArg(desiredArgCount)->getLocStart(), 67 call->getArg(argCount - 1)->getLocEnd()); 68 69 return S.Diag(range.getBegin(), diag::err_typecheck_call_too_many_args) 70 << 0 /*function call*/ << desiredArgCount << argCount 71 << call->getArg(1)->getSourceRange(); 72 } 73 74 /// Check that the first argument to __builtin_annotation is an integer 75 /// and the second argument is a non-wide string literal. 76 static bool SemaBuiltinAnnotation(Sema &S, CallExpr *TheCall) { 77 if (checkArgCount(S, TheCall, 2)) 78 return true; 79 80 // First argument should be an integer. 81 Expr *ValArg = TheCall->getArg(0); 82 QualType Ty = ValArg->getType(); 83 if (!Ty->isIntegerType()) { 84 S.Diag(ValArg->getLocStart(), diag::err_builtin_annotation_first_arg) 85 << ValArg->getSourceRange(); 86 return true; 87 } 88 89 // Second argument should be a constant string. 90 Expr *StrArg = TheCall->getArg(1)->IgnoreParenCasts(); 91 StringLiteral *Literal = dyn_cast<StringLiteral>(StrArg); 92 if (!Literal || !Literal->isAscii()) { 93 S.Diag(StrArg->getLocStart(), diag::err_builtin_annotation_second_arg) 94 << StrArg->getSourceRange(); 95 return true; 96 } 97 98 TheCall->setType(Ty); 99 return false; 100 } 101 102 /// Check that the argument to __builtin_addressof is a glvalue, and set the 103 /// result type to the corresponding pointer type. 104 static bool SemaBuiltinAddressof(Sema &S, CallExpr *TheCall) { 105 if (checkArgCount(S, TheCall, 1)) 106 return true; 107 108 ExprResult Arg(TheCall->getArg(0)); 109 QualType ResultType = S.CheckAddressOfOperand(Arg, TheCall->getLocStart()); 110 if (ResultType.isNull()) 111 return true; 112 113 TheCall->setArg(0, Arg.get()); 114 TheCall->setType(ResultType); 115 return false; 116 } 117 118 static bool SemaBuiltinOverflow(Sema &S, CallExpr *TheCall) { 119 if (checkArgCount(S, TheCall, 3)) 120 return true; 121 122 // First two arguments should be integers. 123 for (unsigned I = 0; I < 2; ++I) { 124 Expr *Arg = TheCall->getArg(I); 125 QualType Ty = Arg->getType(); 126 if (!Ty->isIntegerType()) { 127 S.Diag(Arg->getLocStart(), diag::err_overflow_builtin_must_be_int) 128 << Ty << Arg->getSourceRange(); 129 return true; 130 } 131 } 132 133 // Third argument should be a pointer to a non-const integer. 134 // IRGen correctly handles volatile, restrict, and address spaces, and 135 // the other qualifiers aren't possible. 136 { 137 Expr *Arg = TheCall->getArg(2); 138 QualType Ty = Arg->getType(); 139 const auto *PtrTy = Ty->getAs<PointerType>(); 140 if (!(PtrTy && PtrTy->getPointeeType()->isIntegerType() && 141 !PtrTy->getPointeeType().isConstQualified())) { 142 S.Diag(Arg->getLocStart(), diag::err_overflow_builtin_must_be_ptr_int) 143 << Ty << Arg->getSourceRange(); 144 return true; 145 } 146 } 147 148 return false; 149 } 150 151 static void SemaBuiltinMemChkCall(Sema &S, FunctionDecl *FDecl, 152 CallExpr *TheCall, unsigned SizeIdx, 153 unsigned DstSizeIdx) { 154 if (TheCall->getNumArgs() <= SizeIdx || 155 TheCall->getNumArgs() <= DstSizeIdx) 156 return; 157 158 const Expr *SizeArg = TheCall->getArg(SizeIdx); 159 const Expr *DstSizeArg = TheCall->getArg(DstSizeIdx); 160 161 llvm::APSInt Size, DstSize; 162 163 // find out if both sizes are known at compile time 164 if (!SizeArg->EvaluateAsInt(Size, S.Context) || 165 !DstSizeArg->EvaluateAsInt(DstSize, S.Context)) 166 return; 167 168 if (Size.ule(DstSize)) 169 return; 170 171 // confirmed overflow so generate the diagnostic. 172 IdentifierInfo *FnName = FDecl->getIdentifier(); 173 SourceLocation SL = TheCall->getLocStart(); 174 SourceRange SR = TheCall->getSourceRange(); 175 176 S.Diag(SL, diag::warn_memcpy_chk_overflow) << SR << FnName; 177 } 178 179 static bool SemaBuiltinCallWithStaticChain(Sema &S, CallExpr *BuiltinCall) { 180 if (checkArgCount(S, BuiltinCall, 2)) 181 return true; 182 183 SourceLocation BuiltinLoc = BuiltinCall->getLocStart(); 184 Expr *Builtin = BuiltinCall->getCallee()->IgnoreImpCasts(); 185 Expr *Call = BuiltinCall->getArg(0); 186 Expr *Chain = BuiltinCall->getArg(1); 187 188 if (Call->getStmtClass() != Stmt::CallExprClass) { 189 S.Diag(BuiltinLoc, diag::err_first_argument_to_cwsc_not_call) 190 << Call->getSourceRange(); 191 return true; 192 } 193 194 auto CE = cast<CallExpr>(Call); 195 if (CE->getCallee()->getType()->isBlockPointerType()) { 196 S.Diag(BuiltinLoc, diag::err_first_argument_to_cwsc_block_call) 197 << Call->getSourceRange(); 198 return true; 199 } 200 201 const Decl *TargetDecl = CE->getCalleeDecl(); 202 if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(TargetDecl)) 203 if (FD->getBuiltinID()) { 204 S.Diag(BuiltinLoc, diag::err_first_argument_to_cwsc_builtin_call) 205 << Call->getSourceRange(); 206 return true; 207 } 208 209 if (isa<CXXPseudoDestructorExpr>(CE->getCallee()->IgnoreParens())) { 210 S.Diag(BuiltinLoc, diag::err_first_argument_to_cwsc_pdtor_call) 211 << Call->getSourceRange(); 212 return true; 213 } 214 215 ExprResult ChainResult = S.UsualUnaryConversions(Chain); 216 if (ChainResult.isInvalid()) 217 return true; 218 if (!ChainResult.get()->getType()->isPointerType()) { 219 S.Diag(BuiltinLoc, diag::err_second_argument_to_cwsc_not_pointer) 220 << Chain->getSourceRange(); 221 return true; 222 } 223 224 QualType ReturnTy = CE->getCallReturnType(S.Context); 225 QualType ArgTys[2] = { ReturnTy, ChainResult.get()->getType() }; 226 QualType BuiltinTy = S.Context.getFunctionType( 227 ReturnTy, ArgTys, FunctionProtoType::ExtProtoInfo()); 228 QualType BuiltinPtrTy = S.Context.getPointerType(BuiltinTy); 229 230 Builtin = 231 S.ImpCastExprToType(Builtin, BuiltinPtrTy, CK_BuiltinFnToFnPtr).get(); 232 233 BuiltinCall->setType(CE->getType()); 234 BuiltinCall->setValueKind(CE->getValueKind()); 235 BuiltinCall->setObjectKind(CE->getObjectKind()); 236 BuiltinCall->setCallee(Builtin); 237 BuiltinCall->setArg(1, ChainResult.get()); 238 239 return false; 240 } 241 242 static bool SemaBuiltinSEHScopeCheck(Sema &SemaRef, CallExpr *TheCall, 243 Scope::ScopeFlags NeededScopeFlags, 244 unsigned DiagID) { 245 // Scopes aren't available during instantiation. Fortunately, builtin 246 // functions cannot be template args so they cannot be formed through template 247 // instantiation. Therefore checking once during the parse is sufficient. 248 if (!SemaRef.ActiveTemplateInstantiations.empty()) 249 return false; 250 251 Scope *S = SemaRef.getCurScope(); 252 while (S && !S->isSEHExceptScope()) 253 S = S->getParent(); 254 if (!S || !(S->getFlags() & NeededScopeFlags)) { 255 auto *DRE = cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 256 SemaRef.Diag(TheCall->getExprLoc(), DiagID) 257 << DRE->getDecl()->getIdentifier(); 258 return true; 259 } 260 261 return false; 262 } 263 264 static inline bool isBlockPointer(Expr *Arg) { 265 return Arg->getType()->isBlockPointerType(); 266 } 267 268 /// OpenCL C v2.0, s6.13.17.2 - Checks that the block parameters are all local 269 /// void*, which is a requirement of device side enqueue. 270 static bool checkOpenCLBlockArgs(Sema &S, Expr *BlockArg) { 271 const BlockPointerType *BPT = 272 cast<BlockPointerType>(BlockArg->getType().getCanonicalType()); 273 ArrayRef<QualType> Params = 274 BPT->getPointeeType()->getAs<FunctionProtoType>()->getParamTypes(); 275 unsigned ArgCounter = 0; 276 bool IllegalParams = false; 277 // Iterate through the block parameters until either one is found that is not 278 // a local void*, or the block is valid. 279 for (ArrayRef<QualType>::iterator I = Params.begin(), E = Params.end(); 280 I != E; ++I, ++ArgCounter) { 281 if (!(*I)->isPointerType() || !(*I)->getPointeeType()->isVoidType() || 282 (*I)->getPointeeType().getQualifiers().getAddressSpace() != 283 LangAS::opencl_local) { 284 // Get the location of the error. If a block literal has been passed 285 // (BlockExpr) then we can point straight to the offending argument, 286 // else we just point to the variable reference. 287 SourceLocation ErrorLoc; 288 if (isa<BlockExpr>(BlockArg)) { 289 BlockDecl *BD = cast<BlockExpr>(BlockArg)->getBlockDecl(); 290 ErrorLoc = BD->getParamDecl(ArgCounter)->getLocStart(); 291 } else if (isa<DeclRefExpr>(BlockArg)) { 292 ErrorLoc = cast<DeclRefExpr>(BlockArg)->getLocStart(); 293 } 294 S.Diag(ErrorLoc, 295 diag::err_opencl_enqueue_kernel_blocks_non_local_void_args); 296 IllegalParams = true; 297 } 298 } 299 300 return IllegalParams; 301 } 302 303 /// OpenCL C v2.0, s6.13.17.6 - Check the argument to the 304 /// get_kernel_work_group_size 305 /// and get_kernel_preferred_work_group_size_multiple builtin functions. 306 static bool SemaOpenCLBuiltinKernelWorkGroupSize(Sema &S, CallExpr *TheCall) { 307 if (checkArgCount(S, TheCall, 1)) 308 return true; 309 310 Expr *BlockArg = TheCall->getArg(0); 311 if (!isBlockPointer(BlockArg)) { 312 S.Diag(BlockArg->getLocStart(), 313 diag::err_opencl_enqueue_kernel_expected_type) << "block"; 314 return true; 315 } 316 return checkOpenCLBlockArgs(S, BlockArg); 317 } 318 319 static bool checkOpenCLEnqueueLocalSizeArgs(Sema &S, CallExpr *TheCall, 320 unsigned Start, unsigned End); 321 322 /// OpenCL v2.0, s6.13.17.1 - Check that sizes are provided for all 323 /// 'local void*' parameter of passed block. 324 static bool checkOpenCLEnqueueVariadicArgs(Sema &S, CallExpr *TheCall, 325 Expr *BlockArg, 326 unsigned NumNonVarArgs) { 327 const BlockPointerType *BPT = 328 cast<BlockPointerType>(BlockArg->getType().getCanonicalType()); 329 unsigned NumBlockParams = 330 BPT->getPointeeType()->getAs<FunctionProtoType>()->getNumParams(); 331 unsigned TotalNumArgs = TheCall->getNumArgs(); 332 333 // For each argument passed to the block, a corresponding uint needs to 334 // be passed to describe the size of the local memory. 335 if (TotalNumArgs != NumBlockParams + NumNonVarArgs) { 336 S.Diag(TheCall->getLocStart(), 337 diag::err_opencl_enqueue_kernel_local_size_args); 338 return true; 339 } 340 341 // Check that the sizes of the local memory are specified by integers. 342 return checkOpenCLEnqueueLocalSizeArgs(S, TheCall, NumNonVarArgs, 343 TotalNumArgs - 1); 344 } 345 346 /// OpenCL C v2.0, s6.13.17 - Enqueue kernel function contains four different 347 /// overload formats specified in Table 6.13.17.1. 348 /// int enqueue_kernel(queue_t queue, 349 /// kernel_enqueue_flags_t flags, 350 /// const ndrange_t ndrange, 351 /// void (^block)(void)) 352 /// int enqueue_kernel(queue_t queue, 353 /// kernel_enqueue_flags_t flags, 354 /// const ndrange_t ndrange, 355 /// uint num_events_in_wait_list, 356 /// clk_event_t *event_wait_list, 357 /// clk_event_t *event_ret, 358 /// void (^block)(void)) 359 /// int enqueue_kernel(queue_t queue, 360 /// kernel_enqueue_flags_t flags, 361 /// const ndrange_t ndrange, 362 /// void (^block)(local void*, ...), 363 /// uint size0, ...) 364 /// int enqueue_kernel(queue_t queue, 365 /// kernel_enqueue_flags_t flags, 366 /// const ndrange_t ndrange, 367 /// uint num_events_in_wait_list, 368 /// clk_event_t *event_wait_list, 369 /// clk_event_t *event_ret, 370 /// void (^block)(local void*, ...), 371 /// uint size0, ...) 372 static bool SemaOpenCLBuiltinEnqueueKernel(Sema &S, CallExpr *TheCall) { 373 unsigned NumArgs = TheCall->getNumArgs(); 374 375 if (NumArgs < 4) { 376 S.Diag(TheCall->getLocStart(), diag::err_typecheck_call_too_few_args); 377 return true; 378 } 379 380 Expr *Arg0 = TheCall->getArg(0); 381 Expr *Arg1 = TheCall->getArg(1); 382 Expr *Arg2 = TheCall->getArg(2); 383 Expr *Arg3 = TheCall->getArg(3); 384 385 // First argument always needs to be a queue_t type. 386 if (!Arg0->getType()->isQueueT()) { 387 S.Diag(TheCall->getArg(0)->getLocStart(), 388 diag::err_opencl_enqueue_kernel_expected_type) 389 << S.Context.OCLQueueTy; 390 return true; 391 } 392 393 // Second argument always needs to be a kernel_enqueue_flags_t enum value. 394 if (!Arg1->getType()->isIntegerType()) { 395 S.Diag(TheCall->getArg(1)->getLocStart(), 396 diag::err_opencl_enqueue_kernel_expected_type) 397 << "'kernel_enqueue_flags_t' (i.e. uint)"; 398 return true; 399 } 400 401 // Third argument is always an ndrange_t type. 402 if (!Arg2->getType()->isNDRangeT()) { 403 S.Diag(TheCall->getArg(2)->getLocStart(), 404 diag::err_opencl_enqueue_kernel_expected_type) 405 << S.Context.OCLNDRangeTy; 406 return true; 407 } 408 409 // With four arguments, there is only one form that the function could be 410 // called in: no events and no variable arguments. 411 if (NumArgs == 4) { 412 // check that the last argument is the right block type. 413 if (!isBlockPointer(Arg3)) { 414 S.Diag(Arg3->getLocStart(), diag::err_opencl_enqueue_kernel_expected_type) 415 << "block"; 416 return true; 417 } 418 // we have a block type, check the prototype 419 const BlockPointerType *BPT = 420 cast<BlockPointerType>(Arg3->getType().getCanonicalType()); 421 if (BPT->getPointeeType()->getAs<FunctionProtoType>()->getNumParams() > 0) { 422 S.Diag(Arg3->getLocStart(), 423 diag::err_opencl_enqueue_kernel_blocks_no_args); 424 return true; 425 } 426 return false; 427 } 428 // we can have block + varargs. 429 if (isBlockPointer(Arg3)) 430 return (checkOpenCLBlockArgs(S, Arg3) || 431 checkOpenCLEnqueueVariadicArgs(S, TheCall, Arg3, 4)); 432 // last two cases with either exactly 7 args or 7 args and varargs. 433 if (NumArgs >= 7) { 434 // check common block argument. 435 Expr *Arg6 = TheCall->getArg(6); 436 if (!isBlockPointer(Arg6)) { 437 S.Diag(Arg6->getLocStart(), diag::err_opencl_enqueue_kernel_expected_type) 438 << "block"; 439 return true; 440 } 441 if (checkOpenCLBlockArgs(S, Arg6)) 442 return true; 443 444 // Forth argument has to be any integer type. 445 if (!Arg3->getType()->isIntegerType()) { 446 S.Diag(TheCall->getArg(3)->getLocStart(), 447 diag::err_opencl_enqueue_kernel_expected_type) 448 << "integer"; 449 return true; 450 } 451 // check remaining common arguments. 452 Expr *Arg4 = TheCall->getArg(4); 453 Expr *Arg5 = TheCall->getArg(5); 454 455 // Fith argument is always passed as pointers to clk_event_t. 456 if (!Arg4->getType()->getPointeeOrArrayElementType()->isClkEventT()) { 457 S.Diag(TheCall->getArg(4)->getLocStart(), 458 diag::err_opencl_enqueue_kernel_expected_type) 459 << S.Context.getPointerType(S.Context.OCLClkEventTy); 460 return true; 461 } 462 463 // Sixth argument is always passed as pointers to clk_event_t. 464 if (!(Arg5->getType()->isPointerType() && 465 Arg5->getType()->getPointeeType()->isClkEventT())) { 466 S.Diag(TheCall->getArg(5)->getLocStart(), 467 diag::err_opencl_enqueue_kernel_expected_type) 468 << S.Context.getPointerType(S.Context.OCLClkEventTy); 469 return true; 470 } 471 472 if (NumArgs == 7) 473 return false; 474 475 return checkOpenCLEnqueueVariadicArgs(S, TheCall, Arg6, 7); 476 } 477 478 // None of the specific case has been detected, give generic error 479 S.Diag(TheCall->getLocStart(), 480 diag::err_opencl_enqueue_kernel_incorrect_args); 481 return true; 482 } 483 484 /// Returns OpenCL access qual. 485 static OpenCLAccessAttr *getOpenCLArgAccess(const Decl *D) { 486 return D->getAttr<OpenCLAccessAttr>(); 487 } 488 489 /// Returns true if pipe element type is different from the pointer. 490 static bool checkOpenCLPipeArg(Sema &S, CallExpr *Call) { 491 const Expr *Arg0 = Call->getArg(0); 492 // First argument type should always be pipe. 493 if (!Arg0->getType()->isPipeType()) { 494 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_first_arg) 495 << Call->getDirectCallee() << Arg0->getSourceRange(); 496 return true; 497 } 498 OpenCLAccessAttr *AccessQual = 499 getOpenCLArgAccess(cast<DeclRefExpr>(Arg0)->getDecl()); 500 // Validates the access qualifier is compatible with the call. 501 // OpenCL v2.0 s6.13.16 - The access qualifiers for pipe should only be 502 // read_only and write_only, and assumed to be read_only if no qualifier is 503 // specified. 504 switch (Call->getDirectCallee()->getBuiltinID()) { 505 case Builtin::BIread_pipe: 506 case Builtin::BIreserve_read_pipe: 507 case Builtin::BIcommit_read_pipe: 508 case Builtin::BIwork_group_reserve_read_pipe: 509 case Builtin::BIsub_group_reserve_read_pipe: 510 case Builtin::BIwork_group_commit_read_pipe: 511 case Builtin::BIsub_group_commit_read_pipe: 512 if (!(!AccessQual || AccessQual->isReadOnly())) { 513 S.Diag(Arg0->getLocStart(), 514 diag::err_opencl_builtin_pipe_invalid_access_modifier) 515 << "read_only" << Arg0->getSourceRange(); 516 return true; 517 } 518 break; 519 case Builtin::BIwrite_pipe: 520 case Builtin::BIreserve_write_pipe: 521 case Builtin::BIcommit_write_pipe: 522 case Builtin::BIwork_group_reserve_write_pipe: 523 case Builtin::BIsub_group_reserve_write_pipe: 524 case Builtin::BIwork_group_commit_write_pipe: 525 case Builtin::BIsub_group_commit_write_pipe: 526 if (!(AccessQual && AccessQual->isWriteOnly())) { 527 S.Diag(Arg0->getLocStart(), 528 diag::err_opencl_builtin_pipe_invalid_access_modifier) 529 << "write_only" << Arg0->getSourceRange(); 530 return true; 531 } 532 break; 533 default: 534 break; 535 } 536 return false; 537 } 538 539 /// Returns true if pipe element type is different from the pointer. 540 static bool checkOpenCLPipePacketType(Sema &S, CallExpr *Call, unsigned Idx) { 541 const Expr *Arg0 = Call->getArg(0); 542 const Expr *ArgIdx = Call->getArg(Idx); 543 const PipeType *PipeTy = cast<PipeType>(Arg0->getType()); 544 const QualType EltTy = PipeTy->getElementType(); 545 const PointerType *ArgTy = ArgIdx->getType()->getAs<PointerType>(); 546 // The Idx argument should be a pointer and the type of the pointer and 547 // the type of pipe element should also be the same. 548 if (!ArgTy || 549 !S.Context.hasSameType( 550 EltTy, ArgTy->getPointeeType()->getCanonicalTypeInternal())) { 551 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_invalid_arg) 552 << Call->getDirectCallee() << S.Context.getPointerType(EltTy) 553 << ArgIdx->getType() << ArgIdx->getSourceRange(); 554 return true; 555 } 556 return false; 557 } 558 559 // \brief Performs semantic analysis for the read/write_pipe call. 560 // \param S Reference to the semantic analyzer. 561 // \param Call A pointer to the builtin call. 562 // \return True if a semantic error has been found, false otherwise. 563 static bool SemaBuiltinRWPipe(Sema &S, CallExpr *Call) { 564 // OpenCL v2.0 s6.13.16.2 - The built-in read/write 565 // functions have two forms. 566 switch (Call->getNumArgs()) { 567 case 2: { 568 if (checkOpenCLPipeArg(S, Call)) 569 return true; 570 // The call with 2 arguments should be 571 // read/write_pipe(pipe T, T*). 572 // Check packet type T. 573 if (checkOpenCLPipePacketType(S, Call, 1)) 574 return true; 575 } break; 576 577 case 4: { 578 if (checkOpenCLPipeArg(S, Call)) 579 return true; 580 // The call with 4 arguments should be 581 // read/write_pipe(pipe T, reserve_id_t, uint, T*). 582 // Check reserve_id_t. 583 if (!Call->getArg(1)->getType()->isReserveIDT()) { 584 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_invalid_arg) 585 << Call->getDirectCallee() << S.Context.OCLReserveIDTy 586 << Call->getArg(1)->getType() << Call->getArg(1)->getSourceRange(); 587 return true; 588 } 589 590 // Check the index. 591 const Expr *Arg2 = Call->getArg(2); 592 if (!Arg2->getType()->isIntegerType() && 593 !Arg2->getType()->isUnsignedIntegerType()) { 594 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_invalid_arg) 595 << Call->getDirectCallee() << S.Context.UnsignedIntTy 596 << Arg2->getType() << Arg2->getSourceRange(); 597 return true; 598 } 599 600 // Check packet type T. 601 if (checkOpenCLPipePacketType(S, Call, 3)) 602 return true; 603 } break; 604 default: 605 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_arg_num) 606 << Call->getDirectCallee() << Call->getSourceRange(); 607 return true; 608 } 609 610 return false; 611 } 612 613 // \brief Performs a semantic analysis on the {work_group_/sub_group_ 614 // /_}reserve_{read/write}_pipe 615 // \param S Reference to the semantic analyzer. 616 // \param Call The call to the builtin function to be analyzed. 617 // \return True if a semantic error was found, false otherwise. 618 static bool SemaBuiltinReserveRWPipe(Sema &S, CallExpr *Call) { 619 if (checkArgCount(S, Call, 2)) 620 return true; 621 622 if (checkOpenCLPipeArg(S, Call)) 623 return true; 624 625 // Check the reserve size. 626 if (!Call->getArg(1)->getType()->isIntegerType() && 627 !Call->getArg(1)->getType()->isUnsignedIntegerType()) { 628 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_invalid_arg) 629 << Call->getDirectCallee() << S.Context.UnsignedIntTy 630 << Call->getArg(1)->getType() << Call->getArg(1)->getSourceRange(); 631 return true; 632 } 633 634 return false; 635 } 636 637 // \brief Performs a semantic analysis on {work_group_/sub_group_ 638 // /_}commit_{read/write}_pipe 639 // \param S Reference to the semantic analyzer. 640 // \param Call The call to the builtin function to be analyzed. 641 // \return True if a semantic error was found, false otherwise. 642 static bool SemaBuiltinCommitRWPipe(Sema &S, CallExpr *Call) { 643 if (checkArgCount(S, Call, 2)) 644 return true; 645 646 if (checkOpenCLPipeArg(S, Call)) 647 return true; 648 649 // Check reserve_id_t. 650 if (!Call->getArg(1)->getType()->isReserveIDT()) { 651 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_invalid_arg) 652 << Call->getDirectCallee() << S.Context.OCLReserveIDTy 653 << Call->getArg(1)->getType() << Call->getArg(1)->getSourceRange(); 654 return true; 655 } 656 657 return false; 658 } 659 660 // \brief Performs a semantic analysis on the call to built-in Pipe 661 // Query Functions. 662 // \param S Reference to the semantic analyzer. 663 // \param Call The call to the builtin function to be analyzed. 664 // \return True if a semantic error was found, false otherwise. 665 static bool SemaBuiltinPipePackets(Sema &S, CallExpr *Call) { 666 if (checkArgCount(S, Call, 1)) 667 return true; 668 669 if (!Call->getArg(0)->getType()->isPipeType()) { 670 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_pipe_first_arg) 671 << Call->getDirectCallee() << Call->getArg(0)->getSourceRange(); 672 return true; 673 } 674 675 return false; 676 } 677 // \brief OpenCL v2.0 s6.13.9 - Address space qualifier functions. 678 // \brief Performs semantic analysis for the to_global/local/private call. 679 // \param S Reference to the semantic analyzer. 680 // \param BuiltinID ID of the builtin function. 681 // \param Call A pointer to the builtin call. 682 // \return True if a semantic error has been found, false otherwise. 683 static bool SemaOpenCLBuiltinToAddr(Sema &S, unsigned BuiltinID, 684 CallExpr *Call) { 685 if (Call->getNumArgs() != 1) { 686 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_to_addr_arg_num) 687 << Call->getDirectCallee() << Call->getSourceRange(); 688 return true; 689 } 690 691 auto RT = Call->getArg(0)->getType(); 692 if (!RT->isPointerType() || RT->getPointeeType() 693 .getAddressSpace() == LangAS::opencl_constant) { 694 S.Diag(Call->getLocStart(), diag::err_opencl_builtin_to_addr_invalid_arg) 695 << Call->getArg(0) << Call->getDirectCallee() << Call->getSourceRange(); 696 return true; 697 } 698 699 RT = RT->getPointeeType(); 700 auto Qual = RT.getQualifiers(); 701 switch (BuiltinID) { 702 case Builtin::BIto_global: 703 Qual.setAddressSpace(LangAS::opencl_global); 704 break; 705 case Builtin::BIto_local: 706 Qual.setAddressSpace(LangAS::opencl_local); 707 break; 708 default: 709 Qual.removeAddressSpace(); 710 } 711 Call->setType(S.Context.getPointerType(S.Context.getQualifiedType( 712 RT.getUnqualifiedType(), Qual))); 713 714 return false; 715 } 716 717 ExprResult 718 Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID, 719 CallExpr *TheCall) { 720 ExprResult TheCallResult(TheCall); 721 722 // Find out if any arguments are required to be integer constant expressions. 723 unsigned ICEArguments = 0; 724 ASTContext::GetBuiltinTypeError Error; 725 Context.GetBuiltinType(BuiltinID, Error, &ICEArguments); 726 if (Error != ASTContext::GE_None) 727 ICEArguments = 0; // Don't diagnose previously diagnosed errors. 728 729 // If any arguments are required to be ICE's, check and diagnose. 730 for (unsigned ArgNo = 0; ICEArguments != 0; ++ArgNo) { 731 // Skip arguments not required to be ICE's. 732 if ((ICEArguments & (1 << ArgNo)) == 0) continue; 733 734 llvm::APSInt Result; 735 if (SemaBuiltinConstantArg(TheCall, ArgNo, Result)) 736 return true; 737 ICEArguments &= ~(1 << ArgNo); 738 } 739 740 switch (BuiltinID) { 741 case Builtin::BI__builtin___CFStringMakeConstantString: 742 assert(TheCall->getNumArgs() == 1 && 743 "Wrong # arguments to builtin CFStringMakeConstantString"); 744 if (CheckObjCString(TheCall->getArg(0))) 745 return ExprError(); 746 break; 747 case Builtin::BI__builtin_stdarg_start: 748 case Builtin::BI__builtin_va_start: 749 if (SemaBuiltinVAStart(TheCall)) 750 return ExprError(); 751 break; 752 case Builtin::BI__va_start: { 753 switch (Context.getTargetInfo().getTriple().getArch()) { 754 case llvm::Triple::arm: 755 case llvm::Triple::thumb: 756 if (SemaBuiltinVAStartARM(TheCall)) 757 return ExprError(); 758 break; 759 default: 760 if (SemaBuiltinVAStart(TheCall)) 761 return ExprError(); 762 break; 763 } 764 break; 765 } 766 case Builtin::BI__builtin_isgreater: 767 case Builtin::BI__builtin_isgreaterequal: 768 case Builtin::BI__builtin_isless: 769 case Builtin::BI__builtin_islessequal: 770 case Builtin::BI__builtin_islessgreater: 771 case Builtin::BI__builtin_isunordered: 772 if (SemaBuiltinUnorderedCompare(TheCall)) 773 return ExprError(); 774 break; 775 case Builtin::BI__builtin_fpclassify: 776 if (SemaBuiltinFPClassification(TheCall, 6)) 777 return ExprError(); 778 break; 779 case Builtin::BI__builtin_isfinite: 780 case Builtin::BI__builtin_isinf: 781 case Builtin::BI__builtin_isinf_sign: 782 case Builtin::BI__builtin_isnan: 783 case Builtin::BI__builtin_isnormal: 784 if (SemaBuiltinFPClassification(TheCall, 1)) 785 return ExprError(); 786 break; 787 case Builtin::BI__builtin_shufflevector: 788 return SemaBuiltinShuffleVector(TheCall); 789 // TheCall will be freed by the smart pointer here, but that's fine, since 790 // SemaBuiltinShuffleVector guts it, but then doesn't release it. 791 case Builtin::BI__builtin_prefetch: 792 if (SemaBuiltinPrefetch(TheCall)) 793 return ExprError(); 794 break; 795 case Builtin::BI__assume: 796 case Builtin::BI__builtin_assume: 797 if (SemaBuiltinAssume(TheCall)) 798 return ExprError(); 799 break; 800 case Builtin::BI__builtin_assume_aligned: 801 if (SemaBuiltinAssumeAligned(TheCall)) 802 return ExprError(); 803 break; 804 case Builtin::BI__builtin_object_size: 805 if (SemaBuiltinConstantArgRange(TheCall, 1, 0, 3)) 806 return ExprError(); 807 break; 808 case Builtin::BI__builtin_longjmp: 809 if (SemaBuiltinLongjmp(TheCall)) 810 return ExprError(); 811 break; 812 case Builtin::BI__builtin_setjmp: 813 if (SemaBuiltinSetjmp(TheCall)) 814 return ExprError(); 815 break; 816 case Builtin::BI_setjmp: 817 case Builtin::BI_setjmpex: 818 if (checkArgCount(*this, TheCall, 1)) 819 return true; 820 break; 821 822 case Builtin::BI__builtin_classify_type: 823 if (checkArgCount(*this, TheCall, 1)) return true; 824 TheCall->setType(Context.IntTy); 825 break; 826 case Builtin::BI__builtin_constant_p: 827 if (checkArgCount(*this, TheCall, 1)) return true; 828 TheCall->setType(Context.IntTy); 829 break; 830 case Builtin::BI__sync_fetch_and_add: 831 case Builtin::BI__sync_fetch_and_add_1: 832 case Builtin::BI__sync_fetch_and_add_2: 833 case Builtin::BI__sync_fetch_and_add_4: 834 case Builtin::BI__sync_fetch_and_add_8: 835 case Builtin::BI__sync_fetch_and_add_16: 836 case Builtin::BI__sync_fetch_and_sub: 837 case Builtin::BI__sync_fetch_and_sub_1: 838 case Builtin::BI__sync_fetch_and_sub_2: 839 case Builtin::BI__sync_fetch_and_sub_4: 840 case Builtin::BI__sync_fetch_and_sub_8: 841 case Builtin::BI__sync_fetch_and_sub_16: 842 case Builtin::BI__sync_fetch_and_or: 843 case Builtin::BI__sync_fetch_and_or_1: 844 case Builtin::BI__sync_fetch_and_or_2: 845 case Builtin::BI__sync_fetch_and_or_4: 846 case Builtin::BI__sync_fetch_and_or_8: 847 case Builtin::BI__sync_fetch_and_or_16: 848 case Builtin::BI__sync_fetch_and_and: 849 case Builtin::BI__sync_fetch_and_and_1: 850 case Builtin::BI__sync_fetch_and_and_2: 851 case Builtin::BI__sync_fetch_and_and_4: 852 case Builtin::BI__sync_fetch_and_and_8: 853 case Builtin::BI__sync_fetch_and_and_16: 854 case Builtin::BI__sync_fetch_and_xor: 855 case Builtin::BI__sync_fetch_and_xor_1: 856 case Builtin::BI__sync_fetch_and_xor_2: 857 case Builtin::BI__sync_fetch_and_xor_4: 858 case Builtin::BI__sync_fetch_and_xor_8: 859 case Builtin::BI__sync_fetch_and_xor_16: 860 case Builtin::BI__sync_fetch_and_nand: 861 case Builtin::BI__sync_fetch_and_nand_1: 862 case Builtin::BI__sync_fetch_and_nand_2: 863 case Builtin::BI__sync_fetch_and_nand_4: 864 case Builtin::BI__sync_fetch_and_nand_8: 865 case Builtin::BI__sync_fetch_and_nand_16: 866 case Builtin::BI__sync_add_and_fetch: 867 case Builtin::BI__sync_add_and_fetch_1: 868 case Builtin::BI__sync_add_and_fetch_2: 869 case Builtin::BI__sync_add_and_fetch_4: 870 case Builtin::BI__sync_add_and_fetch_8: 871 case Builtin::BI__sync_add_and_fetch_16: 872 case Builtin::BI__sync_sub_and_fetch: 873 case Builtin::BI__sync_sub_and_fetch_1: 874 case Builtin::BI__sync_sub_and_fetch_2: 875 case Builtin::BI__sync_sub_and_fetch_4: 876 case Builtin::BI__sync_sub_and_fetch_8: 877 case Builtin::BI__sync_sub_and_fetch_16: 878 case Builtin::BI__sync_and_and_fetch: 879 case Builtin::BI__sync_and_and_fetch_1: 880 case Builtin::BI__sync_and_and_fetch_2: 881 case Builtin::BI__sync_and_and_fetch_4: 882 case Builtin::BI__sync_and_and_fetch_8: 883 case Builtin::BI__sync_and_and_fetch_16: 884 case Builtin::BI__sync_or_and_fetch: 885 case Builtin::BI__sync_or_and_fetch_1: 886 case Builtin::BI__sync_or_and_fetch_2: 887 case Builtin::BI__sync_or_and_fetch_4: 888 case Builtin::BI__sync_or_and_fetch_8: 889 case Builtin::BI__sync_or_and_fetch_16: 890 case Builtin::BI__sync_xor_and_fetch: 891 case Builtin::BI__sync_xor_and_fetch_1: 892 case Builtin::BI__sync_xor_and_fetch_2: 893 case Builtin::BI__sync_xor_and_fetch_4: 894 case Builtin::BI__sync_xor_and_fetch_8: 895 case Builtin::BI__sync_xor_and_fetch_16: 896 case Builtin::BI__sync_nand_and_fetch: 897 case Builtin::BI__sync_nand_and_fetch_1: 898 case Builtin::BI__sync_nand_and_fetch_2: 899 case Builtin::BI__sync_nand_and_fetch_4: 900 case Builtin::BI__sync_nand_and_fetch_8: 901 case Builtin::BI__sync_nand_and_fetch_16: 902 case Builtin::BI__sync_val_compare_and_swap: 903 case Builtin::BI__sync_val_compare_and_swap_1: 904 case Builtin::BI__sync_val_compare_and_swap_2: 905 case Builtin::BI__sync_val_compare_and_swap_4: 906 case Builtin::BI__sync_val_compare_and_swap_8: 907 case Builtin::BI__sync_val_compare_and_swap_16: 908 case Builtin::BI__sync_bool_compare_and_swap: 909 case Builtin::BI__sync_bool_compare_and_swap_1: 910 case Builtin::BI__sync_bool_compare_and_swap_2: 911 case Builtin::BI__sync_bool_compare_and_swap_4: 912 case Builtin::BI__sync_bool_compare_and_swap_8: 913 case Builtin::BI__sync_bool_compare_and_swap_16: 914 case Builtin::BI__sync_lock_test_and_set: 915 case Builtin::BI__sync_lock_test_and_set_1: 916 case Builtin::BI__sync_lock_test_and_set_2: 917 case Builtin::BI__sync_lock_test_and_set_4: 918 case Builtin::BI__sync_lock_test_and_set_8: 919 case Builtin::BI__sync_lock_test_and_set_16: 920 case Builtin::BI__sync_lock_release: 921 case Builtin::BI__sync_lock_release_1: 922 case Builtin::BI__sync_lock_release_2: 923 case Builtin::BI__sync_lock_release_4: 924 case Builtin::BI__sync_lock_release_8: 925 case Builtin::BI__sync_lock_release_16: 926 case Builtin::BI__sync_swap: 927 case Builtin::BI__sync_swap_1: 928 case Builtin::BI__sync_swap_2: 929 case Builtin::BI__sync_swap_4: 930 case Builtin::BI__sync_swap_8: 931 case Builtin::BI__sync_swap_16: 932 return SemaBuiltinAtomicOverloaded(TheCallResult); 933 case Builtin::BI__builtin_nontemporal_load: 934 case Builtin::BI__builtin_nontemporal_store: 935 return SemaBuiltinNontemporalOverloaded(TheCallResult); 936 #define BUILTIN(ID, TYPE, ATTRS) 937 #define ATOMIC_BUILTIN(ID, TYPE, ATTRS) \ 938 case Builtin::BI##ID: \ 939 return SemaAtomicOpsOverloaded(TheCallResult, AtomicExpr::AO##ID); 940 #include "clang/Basic/Builtins.def" 941 case Builtin::BI__builtin_annotation: 942 if (SemaBuiltinAnnotation(*this, TheCall)) 943 return ExprError(); 944 break; 945 case Builtin::BI__builtin_addressof: 946 if (SemaBuiltinAddressof(*this, TheCall)) 947 return ExprError(); 948 break; 949 case Builtin::BI__builtin_add_overflow: 950 case Builtin::BI__builtin_sub_overflow: 951 case Builtin::BI__builtin_mul_overflow: 952 if (SemaBuiltinOverflow(*this, TheCall)) 953 return ExprError(); 954 break; 955 case Builtin::BI__builtin_operator_new: 956 case Builtin::BI__builtin_operator_delete: 957 if (!getLangOpts().CPlusPlus) { 958 Diag(TheCall->getExprLoc(), diag::err_builtin_requires_language) 959 << (BuiltinID == Builtin::BI__builtin_operator_new 960 ? "__builtin_operator_new" 961 : "__builtin_operator_delete") 962 << "C++"; 963 return ExprError(); 964 } 965 // CodeGen assumes it can find the global new and delete to call, 966 // so ensure that they are declared. 967 DeclareGlobalNewDelete(); 968 break; 969 970 // check secure string manipulation functions where overflows 971 // are detectable at compile time 972 case Builtin::BI__builtin___memcpy_chk: 973 case Builtin::BI__builtin___memmove_chk: 974 case Builtin::BI__builtin___memset_chk: 975 case Builtin::BI__builtin___strlcat_chk: 976 case Builtin::BI__builtin___strlcpy_chk: 977 case Builtin::BI__builtin___strncat_chk: 978 case Builtin::BI__builtin___strncpy_chk: 979 case Builtin::BI__builtin___stpncpy_chk: 980 SemaBuiltinMemChkCall(*this, FDecl, TheCall, 2, 3); 981 break; 982 case Builtin::BI__builtin___memccpy_chk: 983 SemaBuiltinMemChkCall(*this, FDecl, TheCall, 3, 4); 984 break; 985 case Builtin::BI__builtin___snprintf_chk: 986 case Builtin::BI__builtin___vsnprintf_chk: 987 SemaBuiltinMemChkCall(*this, FDecl, TheCall, 1, 3); 988 break; 989 case Builtin::BI__builtin_call_with_static_chain: 990 if (SemaBuiltinCallWithStaticChain(*this, TheCall)) 991 return ExprError(); 992 break; 993 case Builtin::BI__exception_code: 994 case Builtin::BI_exception_code: 995 if (SemaBuiltinSEHScopeCheck(*this, TheCall, Scope::SEHExceptScope, 996 diag::err_seh___except_block)) 997 return ExprError(); 998 break; 999 case Builtin::BI__exception_info: 1000 case Builtin::BI_exception_info: 1001 if (SemaBuiltinSEHScopeCheck(*this, TheCall, Scope::SEHFilterScope, 1002 diag::err_seh___except_filter)) 1003 return ExprError(); 1004 break; 1005 case Builtin::BI__GetExceptionInfo: 1006 if (checkArgCount(*this, TheCall, 1)) 1007 return ExprError(); 1008 1009 if (CheckCXXThrowOperand( 1010 TheCall->getLocStart(), 1011 Context.getExceptionObjectType(FDecl->getParamDecl(0)->getType()), 1012 TheCall)) 1013 return ExprError(); 1014 1015 TheCall->setType(Context.VoidPtrTy); 1016 break; 1017 // OpenCL v2.0, s6.13.16 - Pipe functions 1018 case Builtin::BIread_pipe: 1019 case Builtin::BIwrite_pipe: 1020 // Since those two functions are declared with var args, we need a semantic 1021 // check for the argument. 1022 if (SemaBuiltinRWPipe(*this, TheCall)) 1023 return ExprError(); 1024 break; 1025 case Builtin::BIreserve_read_pipe: 1026 case Builtin::BIreserve_write_pipe: 1027 case Builtin::BIwork_group_reserve_read_pipe: 1028 case Builtin::BIwork_group_reserve_write_pipe: 1029 case Builtin::BIsub_group_reserve_read_pipe: 1030 case Builtin::BIsub_group_reserve_write_pipe: 1031 if (SemaBuiltinReserveRWPipe(*this, TheCall)) 1032 return ExprError(); 1033 // Since return type of reserve_read/write_pipe built-in function is 1034 // reserve_id_t, which is not defined in the builtin def file , we used int 1035 // as return type and need to override the return type of these functions. 1036 TheCall->setType(Context.OCLReserveIDTy); 1037 break; 1038 case Builtin::BIcommit_read_pipe: 1039 case Builtin::BIcommit_write_pipe: 1040 case Builtin::BIwork_group_commit_read_pipe: 1041 case Builtin::BIwork_group_commit_write_pipe: 1042 case Builtin::BIsub_group_commit_read_pipe: 1043 case Builtin::BIsub_group_commit_write_pipe: 1044 if (SemaBuiltinCommitRWPipe(*this, TheCall)) 1045 return ExprError(); 1046 break; 1047 case Builtin::BIget_pipe_num_packets: 1048 case Builtin::BIget_pipe_max_packets: 1049 if (SemaBuiltinPipePackets(*this, TheCall)) 1050 return ExprError(); 1051 break; 1052 case Builtin::BIto_global: 1053 case Builtin::BIto_local: 1054 case Builtin::BIto_private: 1055 if (SemaOpenCLBuiltinToAddr(*this, BuiltinID, TheCall)) 1056 return ExprError(); 1057 break; 1058 // OpenCL v2.0, s6.13.17 - Enqueue kernel functions. 1059 case Builtin::BIenqueue_kernel: 1060 if (SemaOpenCLBuiltinEnqueueKernel(*this, TheCall)) 1061 return ExprError(); 1062 break; 1063 case Builtin::BIget_kernel_work_group_size: 1064 case Builtin::BIget_kernel_preferred_work_group_size_multiple: 1065 if (SemaOpenCLBuiltinKernelWorkGroupSize(*this, TheCall)) 1066 return ExprError(); 1067 } 1068 1069 // Since the target specific builtins for each arch overlap, only check those 1070 // of the arch we are compiling for. 1071 if (Context.BuiltinInfo.isTSBuiltin(BuiltinID)) { 1072 switch (Context.getTargetInfo().getTriple().getArch()) { 1073 case llvm::Triple::arm: 1074 case llvm::Triple::armeb: 1075 case llvm::Triple::thumb: 1076 case llvm::Triple::thumbeb: 1077 if (CheckARMBuiltinFunctionCall(BuiltinID, TheCall)) 1078 return ExprError(); 1079 break; 1080 case llvm::Triple::aarch64: 1081 case llvm::Triple::aarch64_be: 1082 if (CheckAArch64BuiltinFunctionCall(BuiltinID, TheCall)) 1083 return ExprError(); 1084 break; 1085 case llvm::Triple::mips: 1086 case llvm::Triple::mipsel: 1087 case llvm::Triple::mips64: 1088 case llvm::Triple::mips64el: 1089 if (CheckMipsBuiltinFunctionCall(BuiltinID, TheCall)) 1090 return ExprError(); 1091 break; 1092 case llvm::Triple::systemz: 1093 if (CheckSystemZBuiltinFunctionCall(BuiltinID, TheCall)) 1094 return ExprError(); 1095 break; 1096 case llvm::Triple::x86: 1097 case llvm::Triple::x86_64: 1098 if (CheckX86BuiltinFunctionCall(BuiltinID, TheCall)) 1099 return ExprError(); 1100 break; 1101 case llvm::Triple::ppc: 1102 case llvm::Triple::ppc64: 1103 case llvm::Triple::ppc64le: 1104 if (CheckPPCBuiltinFunctionCall(BuiltinID, TheCall)) 1105 return ExprError(); 1106 break; 1107 default: 1108 break; 1109 } 1110 } 1111 1112 return TheCallResult; 1113 } 1114 1115 // Get the valid immediate range for the specified NEON type code. 1116 static unsigned RFT(unsigned t, bool shift = false, bool ForceQuad = false) { 1117 NeonTypeFlags Type(t); 1118 int IsQuad = ForceQuad ? true : Type.isQuad(); 1119 switch (Type.getEltType()) { 1120 case NeonTypeFlags::Int8: 1121 case NeonTypeFlags::Poly8: 1122 return shift ? 7 : (8 << IsQuad) - 1; 1123 case NeonTypeFlags::Int16: 1124 case NeonTypeFlags::Poly16: 1125 return shift ? 15 : (4 << IsQuad) - 1; 1126 case NeonTypeFlags::Int32: 1127 return shift ? 31 : (2 << IsQuad) - 1; 1128 case NeonTypeFlags::Int64: 1129 case NeonTypeFlags::Poly64: 1130 return shift ? 63 : (1 << IsQuad) - 1; 1131 case NeonTypeFlags::Poly128: 1132 return shift ? 127 : (1 << IsQuad) - 1; 1133 case NeonTypeFlags::Float16: 1134 assert(!shift && "cannot shift float types!"); 1135 return (4 << IsQuad) - 1; 1136 case NeonTypeFlags::Float32: 1137 assert(!shift && "cannot shift float types!"); 1138 return (2 << IsQuad) - 1; 1139 case NeonTypeFlags::Float64: 1140 assert(!shift && "cannot shift float types!"); 1141 return (1 << IsQuad) - 1; 1142 } 1143 llvm_unreachable("Invalid NeonTypeFlag!"); 1144 } 1145 1146 /// getNeonEltType - Return the QualType corresponding to the elements of 1147 /// the vector type specified by the NeonTypeFlags. This is used to check 1148 /// the pointer arguments for Neon load/store intrinsics. 1149 static QualType getNeonEltType(NeonTypeFlags Flags, ASTContext &Context, 1150 bool IsPolyUnsigned, bool IsInt64Long) { 1151 switch (Flags.getEltType()) { 1152 case NeonTypeFlags::Int8: 1153 return Flags.isUnsigned() ? Context.UnsignedCharTy : Context.SignedCharTy; 1154 case NeonTypeFlags::Int16: 1155 return Flags.isUnsigned() ? Context.UnsignedShortTy : Context.ShortTy; 1156 case NeonTypeFlags::Int32: 1157 return Flags.isUnsigned() ? Context.UnsignedIntTy : Context.IntTy; 1158 case NeonTypeFlags::Int64: 1159 if (IsInt64Long) 1160 return Flags.isUnsigned() ? Context.UnsignedLongTy : Context.LongTy; 1161 else 1162 return Flags.isUnsigned() ? Context.UnsignedLongLongTy 1163 : Context.LongLongTy; 1164 case NeonTypeFlags::Poly8: 1165 return IsPolyUnsigned ? Context.UnsignedCharTy : Context.SignedCharTy; 1166 case NeonTypeFlags::Poly16: 1167 return IsPolyUnsigned ? Context.UnsignedShortTy : Context.ShortTy; 1168 case NeonTypeFlags::Poly64: 1169 if (IsInt64Long) 1170 return Context.UnsignedLongTy; 1171 else 1172 return Context.UnsignedLongLongTy; 1173 case NeonTypeFlags::Poly128: 1174 break; 1175 case NeonTypeFlags::Float16: 1176 return Context.HalfTy; 1177 case NeonTypeFlags::Float32: 1178 return Context.FloatTy; 1179 case NeonTypeFlags::Float64: 1180 return Context.DoubleTy; 1181 } 1182 llvm_unreachable("Invalid NeonTypeFlag!"); 1183 } 1184 1185 bool Sema::CheckNeonBuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 1186 llvm::APSInt Result; 1187 uint64_t mask = 0; 1188 unsigned TV = 0; 1189 int PtrArgNum = -1; 1190 bool HasConstPtr = false; 1191 switch (BuiltinID) { 1192 #define GET_NEON_OVERLOAD_CHECK 1193 #include "clang/Basic/arm_neon.inc" 1194 #undef GET_NEON_OVERLOAD_CHECK 1195 } 1196 1197 // For NEON intrinsics which are overloaded on vector element type, validate 1198 // the immediate which specifies which variant to emit. 1199 unsigned ImmArg = TheCall->getNumArgs()-1; 1200 if (mask) { 1201 if (SemaBuiltinConstantArg(TheCall, ImmArg, Result)) 1202 return true; 1203 1204 TV = Result.getLimitedValue(64); 1205 if ((TV > 63) || (mask & (1ULL << TV)) == 0) 1206 return Diag(TheCall->getLocStart(), diag::err_invalid_neon_type_code) 1207 << TheCall->getArg(ImmArg)->getSourceRange(); 1208 } 1209 1210 if (PtrArgNum >= 0) { 1211 // Check that pointer arguments have the specified type. 1212 Expr *Arg = TheCall->getArg(PtrArgNum); 1213 if (ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(Arg)) 1214 Arg = ICE->getSubExpr(); 1215 ExprResult RHS = DefaultFunctionArrayLvalueConversion(Arg); 1216 QualType RHSTy = RHS.get()->getType(); 1217 1218 llvm::Triple::ArchType Arch = Context.getTargetInfo().getTriple().getArch(); 1219 bool IsPolyUnsigned = Arch == llvm::Triple::aarch64; 1220 bool IsInt64Long = 1221 Context.getTargetInfo().getInt64Type() == TargetInfo::SignedLong; 1222 QualType EltTy = 1223 getNeonEltType(NeonTypeFlags(TV), Context, IsPolyUnsigned, IsInt64Long); 1224 if (HasConstPtr) 1225 EltTy = EltTy.withConst(); 1226 QualType LHSTy = Context.getPointerType(EltTy); 1227 AssignConvertType ConvTy; 1228 ConvTy = CheckSingleAssignmentConstraints(LHSTy, RHS); 1229 if (RHS.isInvalid()) 1230 return true; 1231 if (DiagnoseAssignmentResult(ConvTy, Arg->getLocStart(), LHSTy, RHSTy, 1232 RHS.get(), AA_Assigning)) 1233 return true; 1234 } 1235 1236 // For NEON intrinsics which take an immediate value as part of the 1237 // instruction, range check them here. 1238 unsigned i = 0, l = 0, u = 0; 1239 switch (BuiltinID) { 1240 default: 1241 return false; 1242 #define GET_NEON_IMMEDIATE_CHECK 1243 #include "clang/Basic/arm_neon.inc" 1244 #undef GET_NEON_IMMEDIATE_CHECK 1245 } 1246 1247 return SemaBuiltinConstantArgRange(TheCall, i, l, u + l); 1248 } 1249 1250 bool Sema::CheckARMBuiltinExclusiveCall(unsigned BuiltinID, CallExpr *TheCall, 1251 unsigned MaxWidth) { 1252 assert((BuiltinID == ARM::BI__builtin_arm_ldrex || 1253 BuiltinID == ARM::BI__builtin_arm_ldaex || 1254 BuiltinID == ARM::BI__builtin_arm_strex || 1255 BuiltinID == ARM::BI__builtin_arm_stlex || 1256 BuiltinID == AArch64::BI__builtin_arm_ldrex || 1257 BuiltinID == AArch64::BI__builtin_arm_ldaex || 1258 BuiltinID == AArch64::BI__builtin_arm_strex || 1259 BuiltinID == AArch64::BI__builtin_arm_stlex) && 1260 "unexpected ARM builtin"); 1261 bool IsLdrex = BuiltinID == ARM::BI__builtin_arm_ldrex || 1262 BuiltinID == ARM::BI__builtin_arm_ldaex || 1263 BuiltinID == AArch64::BI__builtin_arm_ldrex || 1264 BuiltinID == AArch64::BI__builtin_arm_ldaex; 1265 1266 DeclRefExpr *DRE =cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 1267 1268 // Ensure that we have the proper number of arguments. 1269 if (checkArgCount(*this, TheCall, IsLdrex ? 1 : 2)) 1270 return true; 1271 1272 // Inspect the pointer argument of the atomic builtin. This should always be 1273 // a pointer type, whose element is an integral scalar or pointer type. 1274 // Because it is a pointer type, we don't have to worry about any implicit 1275 // casts here. 1276 Expr *PointerArg = TheCall->getArg(IsLdrex ? 0 : 1); 1277 ExprResult PointerArgRes = DefaultFunctionArrayLvalueConversion(PointerArg); 1278 if (PointerArgRes.isInvalid()) 1279 return true; 1280 PointerArg = PointerArgRes.get(); 1281 1282 const PointerType *pointerType = PointerArg->getType()->getAs<PointerType>(); 1283 if (!pointerType) { 1284 Diag(DRE->getLocStart(), diag::err_atomic_builtin_must_be_pointer) 1285 << PointerArg->getType() << PointerArg->getSourceRange(); 1286 return true; 1287 } 1288 1289 // ldrex takes a "const volatile T*" and strex takes a "volatile T*". Our next 1290 // task is to insert the appropriate casts into the AST. First work out just 1291 // what the appropriate type is. 1292 QualType ValType = pointerType->getPointeeType(); 1293 QualType AddrType = ValType.getUnqualifiedType().withVolatile(); 1294 if (IsLdrex) 1295 AddrType.addConst(); 1296 1297 // Issue a warning if the cast is dodgy. 1298 CastKind CastNeeded = CK_NoOp; 1299 if (!AddrType.isAtLeastAsQualifiedAs(ValType)) { 1300 CastNeeded = CK_BitCast; 1301 Diag(DRE->getLocStart(), diag::ext_typecheck_convert_discards_qualifiers) 1302 << PointerArg->getType() 1303 << Context.getPointerType(AddrType) 1304 << AA_Passing << PointerArg->getSourceRange(); 1305 } 1306 1307 // Finally, do the cast and replace the argument with the corrected version. 1308 AddrType = Context.getPointerType(AddrType); 1309 PointerArgRes = ImpCastExprToType(PointerArg, AddrType, CastNeeded); 1310 if (PointerArgRes.isInvalid()) 1311 return true; 1312 PointerArg = PointerArgRes.get(); 1313 1314 TheCall->setArg(IsLdrex ? 0 : 1, PointerArg); 1315 1316 // In general, we allow ints, floats and pointers to be loaded and stored. 1317 if (!ValType->isIntegerType() && !ValType->isAnyPointerType() && 1318 !ValType->isBlockPointerType() && !ValType->isFloatingType()) { 1319 Diag(DRE->getLocStart(), diag::err_atomic_builtin_must_be_pointer_intfltptr) 1320 << PointerArg->getType() << PointerArg->getSourceRange(); 1321 return true; 1322 } 1323 1324 // But ARM doesn't have instructions to deal with 128-bit versions. 1325 if (Context.getTypeSize(ValType) > MaxWidth) { 1326 assert(MaxWidth == 64 && "Diagnostic unexpectedly inaccurate"); 1327 Diag(DRE->getLocStart(), diag::err_atomic_exclusive_builtin_pointer_size) 1328 << PointerArg->getType() << PointerArg->getSourceRange(); 1329 return true; 1330 } 1331 1332 switch (ValType.getObjCLifetime()) { 1333 case Qualifiers::OCL_None: 1334 case Qualifiers::OCL_ExplicitNone: 1335 // okay 1336 break; 1337 1338 case Qualifiers::OCL_Weak: 1339 case Qualifiers::OCL_Strong: 1340 case Qualifiers::OCL_Autoreleasing: 1341 Diag(DRE->getLocStart(), diag::err_arc_atomic_ownership) 1342 << ValType << PointerArg->getSourceRange(); 1343 return true; 1344 } 1345 1346 if (IsLdrex) { 1347 TheCall->setType(ValType); 1348 return false; 1349 } 1350 1351 // Initialize the argument to be stored. 1352 ExprResult ValArg = TheCall->getArg(0); 1353 InitializedEntity Entity = InitializedEntity::InitializeParameter( 1354 Context, ValType, /*consume*/ false); 1355 ValArg = PerformCopyInitialization(Entity, SourceLocation(), ValArg); 1356 if (ValArg.isInvalid()) 1357 return true; 1358 TheCall->setArg(0, ValArg.get()); 1359 1360 // __builtin_arm_strex always returns an int. It's marked as such in the .def, 1361 // but the custom checker bypasses all default analysis. 1362 TheCall->setType(Context.IntTy); 1363 return false; 1364 } 1365 1366 bool Sema::CheckARMBuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 1367 llvm::APSInt Result; 1368 1369 if (BuiltinID == ARM::BI__builtin_arm_ldrex || 1370 BuiltinID == ARM::BI__builtin_arm_ldaex || 1371 BuiltinID == ARM::BI__builtin_arm_strex || 1372 BuiltinID == ARM::BI__builtin_arm_stlex) { 1373 return CheckARMBuiltinExclusiveCall(BuiltinID, TheCall, 64); 1374 } 1375 1376 if (BuiltinID == ARM::BI__builtin_arm_prefetch) { 1377 return SemaBuiltinConstantArgRange(TheCall, 1, 0, 1) || 1378 SemaBuiltinConstantArgRange(TheCall, 2, 0, 1); 1379 } 1380 1381 if (BuiltinID == ARM::BI__builtin_arm_rsr64 || 1382 BuiltinID == ARM::BI__builtin_arm_wsr64) 1383 return SemaBuiltinARMSpecialReg(BuiltinID, TheCall, 0, 3, false); 1384 1385 if (BuiltinID == ARM::BI__builtin_arm_rsr || 1386 BuiltinID == ARM::BI__builtin_arm_rsrp || 1387 BuiltinID == ARM::BI__builtin_arm_wsr || 1388 BuiltinID == ARM::BI__builtin_arm_wsrp) 1389 return SemaBuiltinARMSpecialReg(BuiltinID, TheCall, 0, 5, true); 1390 1391 if (CheckNeonBuiltinFunctionCall(BuiltinID, TheCall)) 1392 return true; 1393 1394 // For intrinsics which take an immediate value as part of the instruction, 1395 // range check them here. 1396 unsigned i = 0, l = 0, u = 0; 1397 switch (BuiltinID) { 1398 default: return false; 1399 case ARM::BI__builtin_arm_ssat: i = 1; l = 1; u = 31; break; 1400 case ARM::BI__builtin_arm_usat: i = 1; u = 31; break; 1401 case ARM::BI__builtin_arm_vcvtr_f: 1402 case ARM::BI__builtin_arm_vcvtr_d: i = 1; u = 1; break; 1403 case ARM::BI__builtin_arm_dmb: 1404 case ARM::BI__builtin_arm_dsb: 1405 case ARM::BI__builtin_arm_isb: 1406 case ARM::BI__builtin_arm_dbg: l = 0; u = 15; break; 1407 } 1408 1409 // FIXME: VFP Intrinsics should error if VFP not present. 1410 return SemaBuiltinConstantArgRange(TheCall, i, l, u + l); 1411 } 1412 1413 bool Sema::CheckAArch64BuiltinFunctionCall(unsigned BuiltinID, 1414 CallExpr *TheCall) { 1415 llvm::APSInt Result; 1416 1417 if (BuiltinID == AArch64::BI__builtin_arm_ldrex || 1418 BuiltinID == AArch64::BI__builtin_arm_ldaex || 1419 BuiltinID == AArch64::BI__builtin_arm_strex || 1420 BuiltinID == AArch64::BI__builtin_arm_stlex) { 1421 return CheckARMBuiltinExclusiveCall(BuiltinID, TheCall, 128); 1422 } 1423 1424 if (BuiltinID == AArch64::BI__builtin_arm_prefetch) { 1425 return SemaBuiltinConstantArgRange(TheCall, 1, 0, 1) || 1426 SemaBuiltinConstantArgRange(TheCall, 2, 0, 2) || 1427 SemaBuiltinConstantArgRange(TheCall, 3, 0, 1) || 1428 SemaBuiltinConstantArgRange(TheCall, 4, 0, 1); 1429 } 1430 1431 if (BuiltinID == AArch64::BI__builtin_arm_rsr64 || 1432 BuiltinID == AArch64::BI__builtin_arm_wsr64) 1433 return SemaBuiltinARMSpecialReg(BuiltinID, TheCall, 0, 5, true); 1434 1435 if (BuiltinID == AArch64::BI__builtin_arm_rsr || 1436 BuiltinID == AArch64::BI__builtin_arm_rsrp || 1437 BuiltinID == AArch64::BI__builtin_arm_wsr || 1438 BuiltinID == AArch64::BI__builtin_arm_wsrp) 1439 return SemaBuiltinARMSpecialReg(BuiltinID, TheCall, 0, 5, true); 1440 1441 if (CheckNeonBuiltinFunctionCall(BuiltinID, TheCall)) 1442 return true; 1443 1444 // For intrinsics which take an immediate value as part of the instruction, 1445 // range check them here. 1446 unsigned i = 0, l = 0, u = 0; 1447 switch (BuiltinID) { 1448 default: return false; 1449 case AArch64::BI__builtin_arm_dmb: 1450 case AArch64::BI__builtin_arm_dsb: 1451 case AArch64::BI__builtin_arm_isb: l = 0; u = 15; break; 1452 } 1453 1454 return SemaBuiltinConstantArgRange(TheCall, i, l, u + l); 1455 } 1456 1457 bool Sema::CheckMipsBuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 1458 unsigned i = 0, l = 0, u = 0; 1459 switch (BuiltinID) { 1460 default: return false; 1461 case Mips::BI__builtin_mips_wrdsp: i = 1; l = 0; u = 63; break; 1462 case Mips::BI__builtin_mips_rddsp: i = 0; l = 0; u = 63; break; 1463 case Mips::BI__builtin_mips_append: i = 2; l = 0; u = 31; break; 1464 case Mips::BI__builtin_mips_balign: i = 2; l = 0; u = 3; break; 1465 case Mips::BI__builtin_mips_precr_sra_ph_w: i = 2; l = 0; u = 31; break; 1466 case Mips::BI__builtin_mips_precr_sra_r_ph_w: i = 2; l = 0; u = 31; break; 1467 case Mips::BI__builtin_mips_prepend: i = 2; l = 0; u = 31; break; 1468 } 1469 1470 return SemaBuiltinConstantArgRange(TheCall, i, l, u); 1471 } 1472 1473 bool Sema::CheckPPCBuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 1474 unsigned i = 0, l = 0, u = 0; 1475 bool Is64BitBltin = BuiltinID == PPC::BI__builtin_divde || 1476 BuiltinID == PPC::BI__builtin_divdeu || 1477 BuiltinID == PPC::BI__builtin_bpermd; 1478 bool IsTarget64Bit = Context.getTargetInfo() 1479 .getTypeWidth(Context 1480 .getTargetInfo() 1481 .getIntPtrType()) == 64; 1482 bool IsBltinExtDiv = BuiltinID == PPC::BI__builtin_divwe || 1483 BuiltinID == PPC::BI__builtin_divweu || 1484 BuiltinID == PPC::BI__builtin_divde || 1485 BuiltinID == PPC::BI__builtin_divdeu; 1486 1487 if (Is64BitBltin && !IsTarget64Bit) 1488 return Diag(TheCall->getLocStart(), diag::err_64_bit_builtin_32_bit_tgt) 1489 << TheCall->getSourceRange(); 1490 1491 if ((IsBltinExtDiv && !Context.getTargetInfo().hasFeature("extdiv")) || 1492 (BuiltinID == PPC::BI__builtin_bpermd && 1493 !Context.getTargetInfo().hasFeature("bpermd"))) 1494 return Diag(TheCall->getLocStart(), diag::err_ppc_builtin_only_on_pwr7) 1495 << TheCall->getSourceRange(); 1496 1497 switch (BuiltinID) { 1498 default: return false; 1499 case PPC::BI__builtin_altivec_crypto_vshasigmaw: 1500 case PPC::BI__builtin_altivec_crypto_vshasigmad: 1501 return SemaBuiltinConstantArgRange(TheCall, 1, 0, 1) || 1502 SemaBuiltinConstantArgRange(TheCall, 2, 0, 15); 1503 case PPC::BI__builtin_tbegin: 1504 case PPC::BI__builtin_tend: i = 0; l = 0; u = 1; break; 1505 case PPC::BI__builtin_tsr: i = 0; l = 0; u = 7; break; 1506 case PPC::BI__builtin_tabortwc: 1507 case PPC::BI__builtin_tabortdc: i = 0; l = 0; u = 31; break; 1508 case PPC::BI__builtin_tabortwci: 1509 case PPC::BI__builtin_tabortdci: 1510 return SemaBuiltinConstantArgRange(TheCall, 0, 0, 31) || 1511 SemaBuiltinConstantArgRange(TheCall, 2, 0, 31); 1512 } 1513 return SemaBuiltinConstantArgRange(TheCall, i, l, u); 1514 } 1515 1516 bool Sema::CheckSystemZBuiltinFunctionCall(unsigned BuiltinID, 1517 CallExpr *TheCall) { 1518 if (BuiltinID == SystemZ::BI__builtin_tabort) { 1519 Expr *Arg = TheCall->getArg(0); 1520 llvm::APSInt AbortCode(32); 1521 if (Arg->isIntegerConstantExpr(AbortCode, Context) && 1522 AbortCode.getSExtValue() >= 0 && AbortCode.getSExtValue() < 256) 1523 return Diag(Arg->getLocStart(), diag::err_systemz_invalid_tabort_code) 1524 << Arg->getSourceRange(); 1525 } 1526 1527 // For intrinsics which take an immediate value as part of the instruction, 1528 // range check them here. 1529 unsigned i = 0, l = 0, u = 0; 1530 switch (BuiltinID) { 1531 default: return false; 1532 case SystemZ::BI__builtin_s390_lcbb: i = 1; l = 0; u = 15; break; 1533 case SystemZ::BI__builtin_s390_verimb: 1534 case SystemZ::BI__builtin_s390_verimh: 1535 case SystemZ::BI__builtin_s390_verimf: 1536 case SystemZ::BI__builtin_s390_verimg: i = 3; l = 0; u = 255; break; 1537 case SystemZ::BI__builtin_s390_vfaeb: 1538 case SystemZ::BI__builtin_s390_vfaeh: 1539 case SystemZ::BI__builtin_s390_vfaef: 1540 case SystemZ::BI__builtin_s390_vfaebs: 1541 case SystemZ::BI__builtin_s390_vfaehs: 1542 case SystemZ::BI__builtin_s390_vfaefs: 1543 case SystemZ::BI__builtin_s390_vfaezb: 1544 case SystemZ::BI__builtin_s390_vfaezh: 1545 case SystemZ::BI__builtin_s390_vfaezf: 1546 case SystemZ::BI__builtin_s390_vfaezbs: 1547 case SystemZ::BI__builtin_s390_vfaezhs: 1548 case SystemZ::BI__builtin_s390_vfaezfs: i = 2; l = 0; u = 15; break; 1549 case SystemZ::BI__builtin_s390_vfidb: 1550 return SemaBuiltinConstantArgRange(TheCall, 1, 0, 15) || 1551 SemaBuiltinConstantArgRange(TheCall, 2, 0, 15); 1552 case SystemZ::BI__builtin_s390_vftcidb: i = 1; l = 0; u = 4095; break; 1553 case SystemZ::BI__builtin_s390_vlbb: i = 1; l = 0; u = 15; break; 1554 case SystemZ::BI__builtin_s390_vpdi: i = 2; l = 0; u = 15; break; 1555 case SystemZ::BI__builtin_s390_vsldb: i = 2; l = 0; u = 15; break; 1556 case SystemZ::BI__builtin_s390_vstrcb: 1557 case SystemZ::BI__builtin_s390_vstrch: 1558 case SystemZ::BI__builtin_s390_vstrcf: 1559 case SystemZ::BI__builtin_s390_vstrczb: 1560 case SystemZ::BI__builtin_s390_vstrczh: 1561 case SystemZ::BI__builtin_s390_vstrczf: 1562 case SystemZ::BI__builtin_s390_vstrcbs: 1563 case SystemZ::BI__builtin_s390_vstrchs: 1564 case SystemZ::BI__builtin_s390_vstrcfs: 1565 case SystemZ::BI__builtin_s390_vstrczbs: 1566 case SystemZ::BI__builtin_s390_vstrczhs: 1567 case SystemZ::BI__builtin_s390_vstrczfs: i = 3; l = 0; u = 15; break; 1568 } 1569 return SemaBuiltinConstantArgRange(TheCall, i, l, u); 1570 } 1571 1572 /// SemaBuiltinCpuSupports - Handle __builtin_cpu_supports(char *). 1573 /// This checks that the target supports __builtin_cpu_supports and 1574 /// that the string argument is constant and valid. 1575 static bool SemaBuiltinCpuSupports(Sema &S, CallExpr *TheCall) { 1576 Expr *Arg = TheCall->getArg(0); 1577 1578 // Check if the argument is a string literal. 1579 if (!isa<StringLiteral>(Arg->IgnoreParenImpCasts())) 1580 return S.Diag(TheCall->getLocStart(), diag::err_expr_not_string_literal) 1581 << Arg->getSourceRange(); 1582 1583 // Check the contents of the string. 1584 StringRef Feature = 1585 cast<StringLiteral>(Arg->IgnoreParenImpCasts())->getString(); 1586 if (!S.Context.getTargetInfo().validateCpuSupports(Feature)) 1587 return S.Diag(TheCall->getLocStart(), diag::err_invalid_cpu_supports) 1588 << Arg->getSourceRange(); 1589 return false; 1590 } 1591 1592 bool Sema::CheckX86BuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) { 1593 int i = 0, l = 0, u = 0; 1594 switch (BuiltinID) { 1595 default: 1596 return false; 1597 case X86::BI__builtin_cpu_supports: 1598 return SemaBuiltinCpuSupports(*this, TheCall); 1599 case X86::BI__builtin_ms_va_start: 1600 return SemaBuiltinMSVAStart(TheCall); 1601 case X86::BI__builtin_ia32_extractf64x4_mask: 1602 case X86::BI__builtin_ia32_extracti64x4_mask: 1603 case X86::BI__builtin_ia32_extractf32x8_mask: 1604 case X86::BI__builtin_ia32_extracti32x8_mask: 1605 case X86::BI__builtin_ia32_extractf64x2_256_mask: 1606 case X86::BI__builtin_ia32_extracti64x2_256_mask: 1607 case X86::BI__builtin_ia32_extractf32x4_256_mask: 1608 case X86::BI__builtin_ia32_extracti32x4_256_mask: 1609 i = 1; l = 0; u = 1; 1610 break; 1611 case X86::BI_mm_prefetch: 1612 case X86::BI__builtin_ia32_extractf32x4_mask: 1613 case X86::BI__builtin_ia32_extracti32x4_mask: 1614 case X86::BI__builtin_ia32_extractf64x2_512_mask: 1615 case X86::BI__builtin_ia32_extracti64x2_512_mask: 1616 i = 1; l = 0; u = 3; 1617 break; 1618 case X86::BI__builtin_ia32_insertf32x8_mask: 1619 case X86::BI__builtin_ia32_inserti32x8_mask: 1620 case X86::BI__builtin_ia32_insertf64x4_mask: 1621 case X86::BI__builtin_ia32_inserti64x4_mask: 1622 case X86::BI__builtin_ia32_insertf64x2_256_mask: 1623 case X86::BI__builtin_ia32_inserti64x2_256_mask: 1624 case X86::BI__builtin_ia32_insertf32x4_256_mask: 1625 case X86::BI__builtin_ia32_inserti32x4_256_mask: 1626 i = 2; l = 0; u = 1; 1627 break; 1628 case X86::BI__builtin_ia32_sha1rnds4: 1629 case X86::BI__builtin_ia32_shuf_f32x4_256_mask: 1630 case X86::BI__builtin_ia32_shuf_f64x2_256_mask: 1631 case X86::BI__builtin_ia32_shuf_i32x4_256_mask: 1632 case X86::BI__builtin_ia32_shuf_i64x2_256_mask: 1633 case X86::BI__builtin_ia32_insertf64x2_512_mask: 1634 case X86::BI__builtin_ia32_inserti64x2_512_mask: 1635 case X86::BI__builtin_ia32_insertf32x4_mask: 1636 case X86::BI__builtin_ia32_inserti32x4_mask: 1637 i = 2; l = 0; u = 3; 1638 break; 1639 case X86::BI__builtin_ia32_vpermil2pd: 1640 case X86::BI__builtin_ia32_vpermil2pd256: 1641 case X86::BI__builtin_ia32_vpermil2ps: 1642 case X86::BI__builtin_ia32_vpermil2ps256: 1643 i = 3; l = 0; u = 3; 1644 break; 1645 case X86::BI__builtin_ia32_cmpb128_mask: 1646 case X86::BI__builtin_ia32_cmpw128_mask: 1647 case X86::BI__builtin_ia32_cmpd128_mask: 1648 case X86::BI__builtin_ia32_cmpq128_mask: 1649 case X86::BI__builtin_ia32_cmpb256_mask: 1650 case X86::BI__builtin_ia32_cmpw256_mask: 1651 case X86::BI__builtin_ia32_cmpd256_mask: 1652 case X86::BI__builtin_ia32_cmpq256_mask: 1653 case X86::BI__builtin_ia32_cmpb512_mask: 1654 case X86::BI__builtin_ia32_cmpw512_mask: 1655 case X86::BI__builtin_ia32_cmpd512_mask: 1656 case X86::BI__builtin_ia32_cmpq512_mask: 1657 case X86::BI__builtin_ia32_ucmpb128_mask: 1658 case X86::BI__builtin_ia32_ucmpw128_mask: 1659 case X86::BI__builtin_ia32_ucmpd128_mask: 1660 case X86::BI__builtin_ia32_ucmpq128_mask: 1661 case X86::BI__builtin_ia32_ucmpb256_mask: 1662 case X86::BI__builtin_ia32_ucmpw256_mask: 1663 case X86::BI__builtin_ia32_ucmpd256_mask: 1664 case X86::BI__builtin_ia32_ucmpq256_mask: 1665 case X86::BI__builtin_ia32_ucmpb512_mask: 1666 case X86::BI__builtin_ia32_ucmpw512_mask: 1667 case X86::BI__builtin_ia32_ucmpd512_mask: 1668 case X86::BI__builtin_ia32_ucmpq512_mask: 1669 case X86::BI__builtin_ia32_vpcomub: 1670 case X86::BI__builtin_ia32_vpcomuw: 1671 case X86::BI__builtin_ia32_vpcomud: 1672 case X86::BI__builtin_ia32_vpcomuq: 1673 case X86::BI__builtin_ia32_vpcomb: 1674 case X86::BI__builtin_ia32_vpcomw: 1675 case X86::BI__builtin_ia32_vpcomd: 1676 case X86::BI__builtin_ia32_vpcomq: 1677 i = 2; l = 0; u = 7; 1678 break; 1679 case X86::BI__builtin_ia32_roundps: 1680 case X86::BI__builtin_ia32_roundpd: 1681 case X86::BI__builtin_ia32_roundps256: 1682 case X86::BI__builtin_ia32_roundpd256: 1683 i = 1; l = 0; u = 15; 1684 break; 1685 case X86::BI__builtin_ia32_roundss: 1686 case X86::BI__builtin_ia32_roundsd: 1687 case X86::BI__builtin_ia32_rangepd128_mask: 1688 case X86::BI__builtin_ia32_rangepd256_mask: 1689 case X86::BI__builtin_ia32_rangepd512_mask: 1690 case X86::BI__builtin_ia32_rangeps128_mask: 1691 case X86::BI__builtin_ia32_rangeps256_mask: 1692 case X86::BI__builtin_ia32_rangeps512_mask: 1693 case X86::BI__builtin_ia32_getmantsd_round_mask: 1694 case X86::BI__builtin_ia32_getmantss_round_mask: 1695 i = 2; l = 0; u = 15; 1696 break; 1697 case X86::BI__builtin_ia32_cmpps: 1698 case X86::BI__builtin_ia32_cmpss: 1699 case X86::BI__builtin_ia32_cmppd: 1700 case X86::BI__builtin_ia32_cmpsd: 1701 case X86::BI__builtin_ia32_cmpps256: 1702 case X86::BI__builtin_ia32_cmppd256: 1703 case X86::BI__builtin_ia32_cmpps128_mask: 1704 case X86::BI__builtin_ia32_cmppd128_mask: 1705 case X86::BI__builtin_ia32_cmpps256_mask: 1706 case X86::BI__builtin_ia32_cmppd256_mask: 1707 case X86::BI__builtin_ia32_cmpps512_mask: 1708 case X86::BI__builtin_ia32_cmppd512_mask: 1709 case X86::BI__builtin_ia32_cmpsd_mask: 1710 case X86::BI__builtin_ia32_cmpss_mask: 1711 i = 2; l = 0; u = 31; 1712 break; 1713 case X86::BI__builtin_ia32_xabort: 1714 i = 0; l = -128; u = 255; 1715 break; 1716 case X86::BI__builtin_ia32_pshufw: 1717 case X86::BI__builtin_ia32_aeskeygenassist128: 1718 i = 1; l = -128; u = 255; 1719 break; 1720 case X86::BI__builtin_ia32_vcvtps2ph: 1721 case X86::BI__builtin_ia32_vcvtps2ph256: 1722 case X86::BI__builtin_ia32_rndscaleps_128_mask: 1723 case X86::BI__builtin_ia32_rndscalepd_128_mask: 1724 case X86::BI__builtin_ia32_rndscaleps_256_mask: 1725 case X86::BI__builtin_ia32_rndscalepd_256_mask: 1726 case X86::BI__builtin_ia32_rndscaleps_mask: 1727 case X86::BI__builtin_ia32_rndscalepd_mask: 1728 case X86::BI__builtin_ia32_reducepd128_mask: 1729 case X86::BI__builtin_ia32_reducepd256_mask: 1730 case X86::BI__builtin_ia32_reducepd512_mask: 1731 case X86::BI__builtin_ia32_reduceps128_mask: 1732 case X86::BI__builtin_ia32_reduceps256_mask: 1733 case X86::BI__builtin_ia32_reduceps512_mask: 1734 case X86::BI__builtin_ia32_prold512_mask: 1735 case X86::BI__builtin_ia32_prolq512_mask: 1736 case X86::BI__builtin_ia32_prold128_mask: 1737 case X86::BI__builtin_ia32_prold256_mask: 1738 case X86::BI__builtin_ia32_prolq128_mask: 1739 case X86::BI__builtin_ia32_prolq256_mask: 1740 case X86::BI__builtin_ia32_prord128_mask: 1741 case X86::BI__builtin_ia32_prord256_mask: 1742 case X86::BI__builtin_ia32_prorq128_mask: 1743 case X86::BI__builtin_ia32_prorq256_mask: 1744 case X86::BI__builtin_ia32_psllwi512_mask: 1745 case X86::BI__builtin_ia32_psllwi128_mask: 1746 case X86::BI__builtin_ia32_psllwi256_mask: 1747 case X86::BI__builtin_ia32_psrldi128_mask: 1748 case X86::BI__builtin_ia32_psrldi256_mask: 1749 case X86::BI__builtin_ia32_psrldi512_mask: 1750 case X86::BI__builtin_ia32_psrlqi128_mask: 1751 case X86::BI__builtin_ia32_psrlqi256_mask: 1752 case X86::BI__builtin_ia32_psrlqi512_mask: 1753 case X86::BI__builtin_ia32_psrawi512_mask: 1754 case X86::BI__builtin_ia32_psrawi128_mask: 1755 case X86::BI__builtin_ia32_psrawi256_mask: 1756 case X86::BI__builtin_ia32_psrlwi512_mask: 1757 case X86::BI__builtin_ia32_psrlwi128_mask: 1758 case X86::BI__builtin_ia32_psrlwi256_mask: 1759 case X86::BI__builtin_ia32_psradi128_mask: 1760 case X86::BI__builtin_ia32_psradi256_mask: 1761 case X86::BI__builtin_ia32_psradi512_mask: 1762 case X86::BI__builtin_ia32_psraqi128_mask: 1763 case X86::BI__builtin_ia32_psraqi256_mask: 1764 case X86::BI__builtin_ia32_psraqi512_mask: 1765 case X86::BI__builtin_ia32_pslldi128_mask: 1766 case X86::BI__builtin_ia32_pslldi256_mask: 1767 case X86::BI__builtin_ia32_pslldi512_mask: 1768 case X86::BI__builtin_ia32_psllqi128_mask: 1769 case X86::BI__builtin_ia32_psllqi256_mask: 1770 case X86::BI__builtin_ia32_psllqi512_mask: 1771 case X86::BI__builtin_ia32_fpclasspd128_mask: 1772 case X86::BI__builtin_ia32_fpclasspd256_mask: 1773 case X86::BI__builtin_ia32_fpclassps128_mask: 1774 case X86::BI__builtin_ia32_fpclassps256_mask: 1775 case X86::BI__builtin_ia32_fpclassps512_mask: 1776 case X86::BI__builtin_ia32_fpclasspd512_mask: 1777 case X86::BI__builtin_ia32_fpclasssd_mask: 1778 case X86::BI__builtin_ia32_fpclassss_mask: 1779 i = 1; l = 0; u = 255; 1780 break; 1781 case X86::BI__builtin_ia32_palignr: 1782 case X86::BI__builtin_ia32_insertps128: 1783 case X86::BI__builtin_ia32_dpps: 1784 case X86::BI__builtin_ia32_dppd: 1785 case X86::BI__builtin_ia32_dpps256: 1786 case X86::BI__builtin_ia32_mpsadbw128: 1787 case X86::BI__builtin_ia32_mpsadbw256: 1788 case X86::BI__builtin_ia32_pcmpistrm128: 1789 case X86::BI__builtin_ia32_pcmpistri128: 1790 case X86::BI__builtin_ia32_pcmpistria128: 1791 case X86::BI__builtin_ia32_pcmpistric128: 1792 case X86::BI__builtin_ia32_pcmpistrio128: 1793 case X86::BI__builtin_ia32_pcmpistris128: 1794 case X86::BI__builtin_ia32_pcmpistriz128: 1795 case X86::BI__builtin_ia32_pclmulqdq128: 1796 case X86::BI__builtin_ia32_vperm2f128_pd256: 1797 case X86::BI__builtin_ia32_vperm2f128_ps256: 1798 case X86::BI__builtin_ia32_vperm2f128_si256: 1799 case X86::BI__builtin_ia32_permti256: 1800 i = 2; l = -128; u = 255; 1801 break; 1802 case X86::BI__builtin_ia32_palignr128: 1803 case X86::BI__builtin_ia32_palignr256: 1804 case X86::BI__builtin_ia32_palignr128_mask: 1805 case X86::BI__builtin_ia32_palignr256_mask: 1806 case X86::BI__builtin_ia32_palignr512_mask: 1807 case X86::BI__builtin_ia32_alignq512_mask: 1808 case X86::BI__builtin_ia32_alignd512_mask: 1809 case X86::BI__builtin_ia32_alignd128_mask: 1810 case X86::BI__builtin_ia32_alignd256_mask: 1811 case X86::BI__builtin_ia32_alignq128_mask: 1812 case X86::BI__builtin_ia32_alignq256_mask: 1813 case X86::BI__builtin_ia32_vcomisd: 1814 case X86::BI__builtin_ia32_vcomiss: 1815 case X86::BI__builtin_ia32_shuf_f32x4_mask: 1816 case X86::BI__builtin_ia32_shuf_f64x2_mask: 1817 case X86::BI__builtin_ia32_shuf_i32x4_mask: 1818 case X86::BI__builtin_ia32_shuf_i64x2_mask: 1819 case X86::BI__builtin_ia32_dbpsadbw128_mask: 1820 case X86::BI__builtin_ia32_dbpsadbw256_mask: 1821 case X86::BI__builtin_ia32_dbpsadbw512_mask: 1822 i = 2; l = 0; u = 255; 1823 break; 1824 case X86::BI__builtin_ia32_fixupimmpd512_mask: 1825 case X86::BI__builtin_ia32_fixupimmpd512_maskz: 1826 case X86::BI__builtin_ia32_fixupimmps512_mask: 1827 case X86::BI__builtin_ia32_fixupimmps512_maskz: 1828 case X86::BI__builtin_ia32_fixupimmsd_mask: 1829 case X86::BI__builtin_ia32_fixupimmsd_maskz: 1830 case X86::BI__builtin_ia32_fixupimmss_mask: 1831 case X86::BI__builtin_ia32_fixupimmss_maskz: 1832 case X86::BI__builtin_ia32_fixupimmpd128_mask: 1833 case X86::BI__builtin_ia32_fixupimmpd128_maskz: 1834 case X86::BI__builtin_ia32_fixupimmpd256_mask: 1835 case X86::BI__builtin_ia32_fixupimmpd256_maskz: 1836 case X86::BI__builtin_ia32_fixupimmps128_mask: 1837 case X86::BI__builtin_ia32_fixupimmps128_maskz: 1838 case X86::BI__builtin_ia32_fixupimmps256_mask: 1839 case X86::BI__builtin_ia32_fixupimmps256_maskz: 1840 case X86::BI__builtin_ia32_pternlogd512_mask: 1841 case X86::BI__builtin_ia32_pternlogd512_maskz: 1842 case X86::BI__builtin_ia32_pternlogq512_mask: 1843 case X86::BI__builtin_ia32_pternlogq512_maskz: 1844 case X86::BI__builtin_ia32_pternlogd128_mask: 1845 case X86::BI__builtin_ia32_pternlogd128_maskz: 1846 case X86::BI__builtin_ia32_pternlogd256_mask: 1847 case X86::BI__builtin_ia32_pternlogd256_maskz: 1848 case X86::BI__builtin_ia32_pternlogq128_mask: 1849 case X86::BI__builtin_ia32_pternlogq128_maskz: 1850 case X86::BI__builtin_ia32_pternlogq256_mask: 1851 case X86::BI__builtin_ia32_pternlogq256_maskz: 1852 i = 3; l = 0; u = 255; 1853 break; 1854 case X86::BI__builtin_ia32_pcmpestrm128: 1855 case X86::BI__builtin_ia32_pcmpestri128: 1856 case X86::BI__builtin_ia32_pcmpestria128: 1857 case X86::BI__builtin_ia32_pcmpestric128: 1858 case X86::BI__builtin_ia32_pcmpestrio128: 1859 case X86::BI__builtin_ia32_pcmpestris128: 1860 case X86::BI__builtin_ia32_pcmpestriz128: 1861 i = 4; l = -128; u = 255; 1862 break; 1863 case X86::BI__builtin_ia32_rndscalesd_round_mask: 1864 case X86::BI__builtin_ia32_rndscaless_round_mask: 1865 i = 4; l = 0; u = 255; 1866 break; 1867 } 1868 return SemaBuiltinConstantArgRange(TheCall, i, l, u); 1869 } 1870 1871 /// Given a FunctionDecl's FormatAttr, attempts to populate the FomatStringInfo 1872 /// parameter with the FormatAttr's correct format_idx and firstDataArg. 1873 /// Returns true when the format fits the function and the FormatStringInfo has 1874 /// been populated. 1875 bool Sema::getFormatStringInfo(const FormatAttr *Format, bool IsCXXMember, 1876 FormatStringInfo *FSI) { 1877 FSI->HasVAListArg = Format->getFirstArg() == 0; 1878 FSI->FormatIdx = Format->getFormatIdx() - 1; 1879 FSI->FirstDataArg = FSI->HasVAListArg ? 0 : Format->getFirstArg() - 1; 1880 1881 // The way the format attribute works in GCC, the implicit this argument 1882 // of member functions is counted. However, it doesn't appear in our own 1883 // lists, so decrement format_idx in that case. 1884 if (IsCXXMember) { 1885 if(FSI->FormatIdx == 0) 1886 return false; 1887 --FSI->FormatIdx; 1888 if (FSI->FirstDataArg != 0) 1889 --FSI->FirstDataArg; 1890 } 1891 return true; 1892 } 1893 1894 /// Checks if a the given expression evaluates to null. 1895 /// 1896 /// \brief Returns true if the value evaluates to null. 1897 static bool CheckNonNullExpr(Sema &S, const Expr *Expr) { 1898 // If the expression has non-null type, it doesn't evaluate to null. 1899 if (auto nullability 1900 = Expr->IgnoreImplicit()->getType()->getNullability(S.Context)) { 1901 if (*nullability == NullabilityKind::NonNull) 1902 return false; 1903 } 1904 1905 // As a special case, transparent unions initialized with zero are 1906 // considered null for the purposes of the nonnull attribute. 1907 if (const RecordType *UT = Expr->getType()->getAsUnionType()) { 1908 if (UT->getDecl()->hasAttr<TransparentUnionAttr>()) 1909 if (const CompoundLiteralExpr *CLE = 1910 dyn_cast<CompoundLiteralExpr>(Expr)) 1911 if (const InitListExpr *ILE = 1912 dyn_cast<InitListExpr>(CLE->getInitializer())) 1913 Expr = ILE->getInit(0); 1914 } 1915 1916 bool Result; 1917 return (!Expr->isValueDependent() && 1918 Expr->EvaluateAsBooleanCondition(Result, S.Context) && 1919 !Result); 1920 } 1921 1922 static void CheckNonNullArgument(Sema &S, 1923 const Expr *ArgExpr, 1924 SourceLocation CallSiteLoc) { 1925 if (CheckNonNullExpr(S, ArgExpr)) 1926 S.DiagRuntimeBehavior(CallSiteLoc, ArgExpr, 1927 S.PDiag(diag::warn_null_arg) << ArgExpr->getSourceRange()); 1928 } 1929 1930 bool Sema::GetFormatNSStringIdx(const FormatAttr *Format, unsigned &Idx) { 1931 FormatStringInfo FSI; 1932 if ((GetFormatStringType(Format) == FST_NSString) && 1933 getFormatStringInfo(Format, false, &FSI)) { 1934 Idx = FSI.FormatIdx; 1935 return true; 1936 } 1937 return false; 1938 } 1939 /// \brief Diagnose use of %s directive in an NSString which is being passed 1940 /// as formatting string to formatting method. 1941 static void 1942 DiagnoseCStringFormatDirectiveInCFAPI(Sema &S, 1943 const NamedDecl *FDecl, 1944 Expr **Args, 1945 unsigned NumArgs) { 1946 unsigned Idx = 0; 1947 bool Format = false; 1948 ObjCStringFormatFamily SFFamily = FDecl->getObjCFStringFormattingFamily(); 1949 if (SFFamily == ObjCStringFormatFamily::SFF_CFString) { 1950 Idx = 2; 1951 Format = true; 1952 } 1953 else 1954 for (const auto *I : FDecl->specific_attrs<FormatAttr>()) { 1955 if (S.GetFormatNSStringIdx(I, Idx)) { 1956 Format = true; 1957 break; 1958 } 1959 } 1960 if (!Format || NumArgs <= Idx) 1961 return; 1962 const Expr *FormatExpr = Args[Idx]; 1963 if (const CStyleCastExpr *CSCE = dyn_cast<CStyleCastExpr>(FormatExpr)) 1964 FormatExpr = CSCE->getSubExpr(); 1965 const StringLiteral *FormatString; 1966 if (const ObjCStringLiteral *OSL = 1967 dyn_cast<ObjCStringLiteral>(FormatExpr->IgnoreParenImpCasts())) 1968 FormatString = OSL->getString(); 1969 else 1970 FormatString = dyn_cast<StringLiteral>(FormatExpr->IgnoreParenImpCasts()); 1971 if (!FormatString) 1972 return; 1973 if (S.FormatStringHasSArg(FormatString)) { 1974 S.Diag(FormatExpr->getExprLoc(), diag::warn_objc_cdirective_format_string) 1975 << "%s" << 1 << 1; 1976 S.Diag(FDecl->getLocation(), diag::note_entity_declared_at) 1977 << FDecl->getDeclName(); 1978 } 1979 } 1980 1981 /// Determine whether the given type has a non-null nullability annotation. 1982 static bool isNonNullType(ASTContext &ctx, QualType type) { 1983 if (auto nullability = type->getNullability(ctx)) 1984 return *nullability == NullabilityKind::NonNull; 1985 1986 return false; 1987 } 1988 1989 static void CheckNonNullArguments(Sema &S, 1990 const NamedDecl *FDecl, 1991 const FunctionProtoType *Proto, 1992 ArrayRef<const Expr *> Args, 1993 SourceLocation CallSiteLoc) { 1994 assert((FDecl || Proto) && "Need a function declaration or prototype"); 1995 1996 // Check the attributes attached to the method/function itself. 1997 llvm::SmallBitVector NonNullArgs; 1998 if (FDecl) { 1999 // Handle the nonnull attribute on the function/method declaration itself. 2000 for (const auto *NonNull : FDecl->specific_attrs<NonNullAttr>()) { 2001 if (!NonNull->args_size()) { 2002 // Easy case: all pointer arguments are nonnull. 2003 for (const auto *Arg : Args) 2004 if (S.isValidPointerAttrType(Arg->getType())) 2005 CheckNonNullArgument(S, Arg, CallSiteLoc); 2006 return; 2007 } 2008 2009 for (unsigned Val : NonNull->args()) { 2010 if (Val >= Args.size()) 2011 continue; 2012 if (NonNullArgs.empty()) 2013 NonNullArgs.resize(Args.size()); 2014 NonNullArgs.set(Val); 2015 } 2016 } 2017 } 2018 2019 if (FDecl && (isa<FunctionDecl>(FDecl) || isa<ObjCMethodDecl>(FDecl))) { 2020 // Handle the nonnull attribute on the parameters of the 2021 // function/method. 2022 ArrayRef<ParmVarDecl*> parms; 2023 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(FDecl)) 2024 parms = FD->parameters(); 2025 else 2026 parms = cast<ObjCMethodDecl>(FDecl)->parameters(); 2027 2028 unsigned ParamIndex = 0; 2029 for (ArrayRef<ParmVarDecl*>::iterator I = parms.begin(), E = parms.end(); 2030 I != E; ++I, ++ParamIndex) { 2031 const ParmVarDecl *PVD = *I; 2032 if (PVD->hasAttr<NonNullAttr>() || 2033 isNonNullType(S.Context, PVD->getType())) { 2034 if (NonNullArgs.empty()) 2035 NonNullArgs.resize(Args.size()); 2036 2037 NonNullArgs.set(ParamIndex); 2038 } 2039 } 2040 } else { 2041 // If we have a non-function, non-method declaration but no 2042 // function prototype, try to dig out the function prototype. 2043 if (!Proto) { 2044 if (const ValueDecl *VD = dyn_cast<ValueDecl>(FDecl)) { 2045 QualType type = VD->getType().getNonReferenceType(); 2046 if (auto pointerType = type->getAs<PointerType>()) 2047 type = pointerType->getPointeeType(); 2048 else if (auto blockType = type->getAs<BlockPointerType>()) 2049 type = blockType->getPointeeType(); 2050 // FIXME: data member pointers? 2051 2052 // Dig out the function prototype, if there is one. 2053 Proto = type->getAs<FunctionProtoType>(); 2054 } 2055 } 2056 2057 // Fill in non-null argument information from the nullability 2058 // information on the parameter types (if we have them). 2059 if (Proto) { 2060 unsigned Index = 0; 2061 for (auto paramType : Proto->getParamTypes()) { 2062 if (isNonNullType(S.Context, paramType)) { 2063 if (NonNullArgs.empty()) 2064 NonNullArgs.resize(Args.size()); 2065 2066 NonNullArgs.set(Index); 2067 } 2068 2069 ++Index; 2070 } 2071 } 2072 } 2073 2074 // Check for non-null arguments. 2075 for (unsigned ArgIndex = 0, ArgIndexEnd = NonNullArgs.size(); 2076 ArgIndex != ArgIndexEnd; ++ArgIndex) { 2077 if (NonNullArgs[ArgIndex]) 2078 CheckNonNullArgument(S, Args[ArgIndex], CallSiteLoc); 2079 } 2080 } 2081 2082 /// Handles the checks for format strings, non-POD arguments to vararg 2083 /// functions, and NULL arguments passed to non-NULL parameters. 2084 void Sema::checkCall(NamedDecl *FDecl, const FunctionProtoType *Proto, 2085 ArrayRef<const Expr *> Args, bool IsMemberFunction, 2086 SourceLocation Loc, SourceRange Range, 2087 VariadicCallType CallType) { 2088 // FIXME: We should check as much as we can in the template definition. 2089 if (CurContext->isDependentContext()) 2090 return; 2091 2092 // Printf and scanf checking. 2093 llvm::SmallBitVector CheckedVarArgs; 2094 if (FDecl) { 2095 for (const auto *I : FDecl->specific_attrs<FormatAttr>()) { 2096 // Only create vector if there are format attributes. 2097 CheckedVarArgs.resize(Args.size()); 2098 2099 CheckFormatArguments(I, Args, IsMemberFunction, CallType, Loc, Range, 2100 CheckedVarArgs); 2101 } 2102 } 2103 2104 // Refuse POD arguments that weren't caught by the format string 2105 // checks above. 2106 if (CallType != VariadicDoesNotApply) { 2107 unsigned NumParams = Proto ? Proto->getNumParams() 2108 : FDecl && isa<FunctionDecl>(FDecl) 2109 ? cast<FunctionDecl>(FDecl)->getNumParams() 2110 : FDecl && isa<ObjCMethodDecl>(FDecl) 2111 ? cast<ObjCMethodDecl>(FDecl)->param_size() 2112 : 0; 2113 2114 for (unsigned ArgIdx = NumParams; ArgIdx < Args.size(); ++ArgIdx) { 2115 // Args[ArgIdx] can be null in malformed code. 2116 if (const Expr *Arg = Args[ArgIdx]) { 2117 if (CheckedVarArgs.empty() || !CheckedVarArgs[ArgIdx]) 2118 checkVariadicArgument(Arg, CallType); 2119 } 2120 } 2121 } 2122 2123 if (FDecl || Proto) { 2124 CheckNonNullArguments(*this, FDecl, Proto, Args, Loc); 2125 2126 // Type safety checking. 2127 if (FDecl) { 2128 for (const auto *I : FDecl->specific_attrs<ArgumentWithTypeTagAttr>()) 2129 CheckArgumentWithTypeTag(I, Args.data()); 2130 } 2131 } 2132 } 2133 2134 /// CheckConstructorCall - Check a constructor call for correctness and safety 2135 /// properties not enforced by the C type system. 2136 void Sema::CheckConstructorCall(FunctionDecl *FDecl, 2137 ArrayRef<const Expr *> Args, 2138 const FunctionProtoType *Proto, 2139 SourceLocation Loc) { 2140 VariadicCallType CallType = 2141 Proto->isVariadic() ? VariadicConstructor : VariadicDoesNotApply; 2142 checkCall(FDecl, Proto, Args, /*IsMemberFunction=*/true, Loc, SourceRange(), 2143 CallType); 2144 } 2145 2146 /// CheckFunctionCall - Check a direct function call for various correctness 2147 /// and safety properties not strictly enforced by the C type system. 2148 bool Sema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCall, 2149 const FunctionProtoType *Proto) { 2150 bool IsMemberOperatorCall = isa<CXXOperatorCallExpr>(TheCall) && 2151 isa<CXXMethodDecl>(FDecl); 2152 bool IsMemberFunction = isa<CXXMemberCallExpr>(TheCall) || 2153 IsMemberOperatorCall; 2154 VariadicCallType CallType = getVariadicCallType(FDecl, Proto, 2155 TheCall->getCallee()); 2156 Expr** Args = TheCall->getArgs(); 2157 unsigned NumArgs = TheCall->getNumArgs(); 2158 if (IsMemberOperatorCall) { 2159 // If this is a call to a member operator, hide the first argument 2160 // from checkCall. 2161 // FIXME: Our choice of AST representation here is less than ideal. 2162 ++Args; 2163 --NumArgs; 2164 } 2165 checkCall(FDecl, Proto, llvm::makeArrayRef(Args, NumArgs), 2166 IsMemberFunction, TheCall->getRParenLoc(), 2167 TheCall->getCallee()->getSourceRange(), CallType); 2168 2169 IdentifierInfo *FnInfo = FDecl->getIdentifier(); 2170 // None of the checks below are needed for functions that don't have 2171 // simple names (e.g., C++ conversion functions). 2172 if (!FnInfo) 2173 return false; 2174 2175 CheckAbsoluteValueFunction(TheCall, FDecl, FnInfo); 2176 if (getLangOpts().ObjC1) 2177 DiagnoseCStringFormatDirectiveInCFAPI(*this, FDecl, Args, NumArgs); 2178 2179 unsigned CMId = FDecl->getMemoryFunctionKind(); 2180 if (CMId == 0) 2181 return false; 2182 2183 // Handle memory setting and copying functions. 2184 if (CMId == Builtin::BIstrlcpy || CMId == Builtin::BIstrlcat) 2185 CheckStrlcpycatArguments(TheCall, FnInfo); 2186 else if (CMId == Builtin::BIstrncat) 2187 CheckStrncatArguments(TheCall, FnInfo); 2188 else 2189 CheckMemaccessArguments(TheCall, CMId, FnInfo); 2190 2191 return false; 2192 } 2193 2194 bool Sema::CheckObjCMethodCall(ObjCMethodDecl *Method, SourceLocation lbrac, 2195 ArrayRef<const Expr *> Args) { 2196 VariadicCallType CallType = 2197 Method->isVariadic() ? VariadicMethod : VariadicDoesNotApply; 2198 2199 checkCall(Method, nullptr, Args, 2200 /*IsMemberFunction=*/false, lbrac, Method->getSourceRange(), 2201 CallType); 2202 2203 return false; 2204 } 2205 2206 bool Sema::CheckPointerCall(NamedDecl *NDecl, CallExpr *TheCall, 2207 const FunctionProtoType *Proto) { 2208 QualType Ty; 2209 if (const auto *V = dyn_cast<VarDecl>(NDecl)) 2210 Ty = V->getType().getNonReferenceType(); 2211 else if (const auto *F = dyn_cast<FieldDecl>(NDecl)) 2212 Ty = F->getType().getNonReferenceType(); 2213 else 2214 return false; 2215 2216 if (!Ty->isBlockPointerType() && !Ty->isFunctionPointerType() && 2217 !Ty->isFunctionProtoType()) 2218 return false; 2219 2220 VariadicCallType CallType; 2221 if (!Proto || !Proto->isVariadic()) { 2222 CallType = VariadicDoesNotApply; 2223 } else if (Ty->isBlockPointerType()) { 2224 CallType = VariadicBlock; 2225 } else { // Ty->isFunctionPointerType() 2226 CallType = VariadicFunction; 2227 } 2228 2229 checkCall(NDecl, Proto, 2230 llvm::makeArrayRef(TheCall->getArgs(), TheCall->getNumArgs()), 2231 /*IsMemberFunction=*/false, TheCall->getRParenLoc(), 2232 TheCall->getCallee()->getSourceRange(), CallType); 2233 2234 return false; 2235 } 2236 2237 /// Checks function calls when a FunctionDecl or a NamedDecl is not available, 2238 /// such as function pointers returned from functions. 2239 bool Sema::CheckOtherCall(CallExpr *TheCall, const FunctionProtoType *Proto) { 2240 VariadicCallType CallType = getVariadicCallType(/*FDecl=*/nullptr, Proto, 2241 TheCall->getCallee()); 2242 checkCall(/*FDecl=*/nullptr, Proto, 2243 llvm::makeArrayRef(TheCall->getArgs(), TheCall->getNumArgs()), 2244 /*IsMemberFunction=*/false, TheCall->getRParenLoc(), 2245 TheCall->getCallee()->getSourceRange(), CallType); 2246 2247 return false; 2248 } 2249 2250 static bool isValidOrderingForOp(int64_t Ordering, AtomicExpr::AtomicOp Op) { 2251 if (!llvm::isValidAtomicOrderingCABI(Ordering)) 2252 return false; 2253 2254 auto OrderingCABI = (llvm::AtomicOrderingCABI)Ordering; 2255 switch (Op) { 2256 case AtomicExpr::AO__c11_atomic_init: 2257 llvm_unreachable("There is no ordering argument for an init"); 2258 2259 case AtomicExpr::AO__c11_atomic_load: 2260 case AtomicExpr::AO__atomic_load_n: 2261 case AtomicExpr::AO__atomic_load: 2262 return OrderingCABI != llvm::AtomicOrderingCABI::release && 2263 OrderingCABI != llvm::AtomicOrderingCABI::acq_rel; 2264 2265 case AtomicExpr::AO__c11_atomic_store: 2266 case AtomicExpr::AO__atomic_store: 2267 case AtomicExpr::AO__atomic_store_n: 2268 return OrderingCABI != llvm::AtomicOrderingCABI::consume && 2269 OrderingCABI != llvm::AtomicOrderingCABI::acquire && 2270 OrderingCABI != llvm::AtomicOrderingCABI::acq_rel; 2271 2272 default: 2273 return true; 2274 } 2275 } 2276 2277 ExprResult Sema::SemaAtomicOpsOverloaded(ExprResult TheCallResult, 2278 AtomicExpr::AtomicOp Op) { 2279 CallExpr *TheCall = cast<CallExpr>(TheCallResult.get()); 2280 DeclRefExpr *DRE =cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 2281 2282 // All these operations take one of the following forms: 2283 enum { 2284 // C __c11_atomic_init(A *, C) 2285 Init, 2286 // C __c11_atomic_load(A *, int) 2287 Load, 2288 // void __atomic_load(A *, CP, int) 2289 LoadCopy, 2290 // void __atomic_store(A *, CP, int) 2291 Copy, 2292 // C __c11_atomic_add(A *, M, int) 2293 Arithmetic, 2294 // C __atomic_exchange_n(A *, CP, int) 2295 Xchg, 2296 // void __atomic_exchange(A *, C *, CP, int) 2297 GNUXchg, 2298 // bool __c11_atomic_compare_exchange_strong(A *, C *, CP, int, int) 2299 C11CmpXchg, 2300 // bool __atomic_compare_exchange(A *, C *, CP, bool, int, int) 2301 GNUCmpXchg 2302 } Form = Init; 2303 const unsigned NumArgs[] = { 2, 2, 3, 3, 3, 3, 4, 5, 6 }; 2304 const unsigned NumVals[] = { 1, 0, 1, 1, 1, 1, 2, 2, 3 }; 2305 // where: 2306 // C is an appropriate type, 2307 // A is volatile _Atomic(C) for __c11 builtins and is C for GNU builtins, 2308 // CP is C for __c11 builtins and GNU _n builtins and is C * otherwise, 2309 // M is C if C is an integer, and ptrdiff_t if C is a pointer, and 2310 // the int parameters are for orderings. 2311 2312 static_assert(AtomicExpr::AO__c11_atomic_init == 0 && 2313 AtomicExpr::AO__c11_atomic_fetch_xor + 1 == 2314 AtomicExpr::AO__atomic_load, 2315 "need to update code for modified C11 atomics"); 2316 bool IsC11 = Op >= AtomicExpr::AO__c11_atomic_init && 2317 Op <= AtomicExpr::AO__c11_atomic_fetch_xor; 2318 bool IsN = Op == AtomicExpr::AO__atomic_load_n || 2319 Op == AtomicExpr::AO__atomic_store_n || 2320 Op == AtomicExpr::AO__atomic_exchange_n || 2321 Op == AtomicExpr::AO__atomic_compare_exchange_n; 2322 bool IsAddSub = false; 2323 2324 switch (Op) { 2325 case AtomicExpr::AO__c11_atomic_init: 2326 Form = Init; 2327 break; 2328 2329 case AtomicExpr::AO__c11_atomic_load: 2330 case AtomicExpr::AO__atomic_load_n: 2331 Form = Load; 2332 break; 2333 2334 case AtomicExpr::AO__atomic_load: 2335 Form = LoadCopy; 2336 break; 2337 2338 case AtomicExpr::AO__c11_atomic_store: 2339 case AtomicExpr::AO__atomic_store: 2340 case AtomicExpr::AO__atomic_store_n: 2341 Form = Copy; 2342 break; 2343 2344 case AtomicExpr::AO__c11_atomic_fetch_add: 2345 case AtomicExpr::AO__c11_atomic_fetch_sub: 2346 case AtomicExpr::AO__atomic_fetch_add: 2347 case AtomicExpr::AO__atomic_fetch_sub: 2348 case AtomicExpr::AO__atomic_add_fetch: 2349 case AtomicExpr::AO__atomic_sub_fetch: 2350 IsAddSub = true; 2351 // Fall through. 2352 case AtomicExpr::AO__c11_atomic_fetch_and: 2353 case AtomicExpr::AO__c11_atomic_fetch_or: 2354 case AtomicExpr::AO__c11_atomic_fetch_xor: 2355 case AtomicExpr::AO__atomic_fetch_and: 2356 case AtomicExpr::AO__atomic_fetch_or: 2357 case AtomicExpr::AO__atomic_fetch_xor: 2358 case AtomicExpr::AO__atomic_fetch_nand: 2359 case AtomicExpr::AO__atomic_and_fetch: 2360 case AtomicExpr::AO__atomic_or_fetch: 2361 case AtomicExpr::AO__atomic_xor_fetch: 2362 case AtomicExpr::AO__atomic_nand_fetch: 2363 Form = Arithmetic; 2364 break; 2365 2366 case AtomicExpr::AO__c11_atomic_exchange: 2367 case AtomicExpr::AO__atomic_exchange_n: 2368 Form = Xchg; 2369 break; 2370 2371 case AtomicExpr::AO__atomic_exchange: 2372 Form = GNUXchg; 2373 break; 2374 2375 case AtomicExpr::AO__c11_atomic_compare_exchange_strong: 2376 case AtomicExpr::AO__c11_atomic_compare_exchange_weak: 2377 Form = C11CmpXchg; 2378 break; 2379 2380 case AtomicExpr::AO__atomic_compare_exchange: 2381 case AtomicExpr::AO__atomic_compare_exchange_n: 2382 Form = GNUCmpXchg; 2383 break; 2384 } 2385 2386 // Check we have the right number of arguments. 2387 if (TheCall->getNumArgs() < NumArgs[Form]) { 2388 Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args) 2389 << 0 << NumArgs[Form] << TheCall->getNumArgs() 2390 << TheCall->getCallee()->getSourceRange(); 2391 return ExprError(); 2392 } else if (TheCall->getNumArgs() > NumArgs[Form]) { 2393 Diag(TheCall->getArg(NumArgs[Form])->getLocStart(), 2394 diag::err_typecheck_call_too_many_args) 2395 << 0 << NumArgs[Form] << TheCall->getNumArgs() 2396 << TheCall->getCallee()->getSourceRange(); 2397 return ExprError(); 2398 } 2399 2400 // Inspect the first argument of the atomic operation. 2401 Expr *Ptr = TheCall->getArg(0); 2402 Ptr = DefaultFunctionArrayLvalueConversion(Ptr).get(); 2403 const PointerType *pointerType = Ptr->getType()->getAs<PointerType>(); 2404 if (!pointerType) { 2405 Diag(DRE->getLocStart(), diag::err_atomic_builtin_must_be_pointer) 2406 << Ptr->getType() << Ptr->getSourceRange(); 2407 return ExprError(); 2408 } 2409 2410 // For a __c11 builtin, this should be a pointer to an _Atomic type. 2411 QualType AtomTy = pointerType->getPointeeType(); // 'A' 2412 QualType ValType = AtomTy; // 'C' 2413 if (IsC11) { 2414 if (!AtomTy->isAtomicType()) { 2415 Diag(DRE->getLocStart(), diag::err_atomic_op_needs_atomic) 2416 << Ptr->getType() << Ptr->getSourceRange(); 2417 return ExprError(); 2418 } 2419 if (AtomTy.isConstQualified()) { 2420 Diag(DRE->getLocStart(), diag::err_atomic_op_needs_non_const_atomic) 2421 << Ptr->getType() << Ptr->getSourceRange(); 2422 return ExprError(); 2423 } 2424 ValType = AtomTy->getAs<AtomicType>()->getValueType(); 2425 } else if (Form != Load && Form != LoadCopy) { 2426 if (ValType.isConstQualified()) { 2427 Diag(DRE->getLocStart(), diag::err_atomic_op_needs_non_const_pointer) 2428 << Ptr->getType() << Ptr->getSourceRange(); 2429 return ExprError(); 2430 } 2431 } 2432 2433 // For an arithmetic operation, the implied arithmetic must be well-formed. 2434 if (Form == Arithmetic) { 2435 // gcc does not enforce these rules for GNU atomics, but we do so for sanity. 2436 if (IsAddSub && !ValType->isIntegerType() && !ValType->isPointerType()) { 2437 Diag(DRE->getLocStart(), diag::err_atomic_op_needs_atomic_int_or_ptr) 2438 << IsC11 << Ptr->getType() << Ptr->getSourceRange(); 2439 return ExprError(); 2440 } 2441 if (!IsAddSub && !ValType->isIntegerType()) { 2442 Diag(DRE->getLocStart(), diag::err_atomic_op_bitwise_needs_atomic_int) 2443 << IsC11 << Ptr->getType() << Ptr->getSourceRange(); 2444 return ExprError(); 2445 } 2446 if (IsC11 && ValType->isPointerType() && 2447 RequireCompleteType(Ptr->getLocStart(), ValType->getPointeeType(), 2448 diag::err_incomplete_type)) { 2449 return ExprError(); 2450 } 2451 } else if (IsN && !ValType->isIntegerType() && !ValType->isPointerType()) { 2452 // For __atomic_*_n operations, the value type must be a scalar integral or 2453 // pointer type which is 1, 2, 4, 8 or 16 bytes in length. 2454 Diag(DRE->getLocStart(), diag::err_atomic_op_needs_atomic_int_or_ptr) 2455 << IsC11 << Ptr->getType() << Ptr->getSourceRange(); 2456 return ExprError(); 2457 } 2458 2459 if (!IsC11 && !AtomTy.isTriviallyCopyableType(Context) && 2460 !AtomTy->isScalarType()) { 2461 // For GNU atomics, require a trivially-copyable type. This is not part of 2462 // the GNU atomics specification, but we enforce it for sanity. 2463 Diag(DRE->getLocStart(), diag::err_atomic_op_needs_trivial_copy) 2464 << Ptr->getType() << Ptr->getSourceRange(); 2465 return ExprError(); 2466 } 2467 2468 switch (ValType.getObjCLifetime()) { 2469 case Qualifiers::OCL_None: 2470 case Qualifiers::OCL_ExplicitNone: 2471 // okay 2472 break; 2473 2474 case Qualifiers::OCL_Weak: 2475 case Qualifiers::OCL_Strong: 2476 case Qualifiers::OCL_Autoreleasing: 2477 // FIXME: Can this happen? By this point, ValType should be known 2478 // to be trivially copyable. 2479 Diag(DRE->getLocStart(), diag::err_arc_atomic_ownership) 2480 << ValType << Ptr->getSourceRange(); 2481 return ExprError(); 2482 } 2483 2484 // atomic_fetch_or takes a pointer to a volatile 'A'. We shouldn't let the 2485 // volatile-ness of the pointee-type inject itself into the result or the 2486 // other operands. Similarly atomic_load can take a pointer to a const 'A'. 2487 ValType.removeLocalVolatile(); 2488 ValType.removeLocalConst(); 2489 QualType ResultType = ValType; 2490 if (Form == Copy || Form == LoadCopy || Form == GNUXchg || Form == Init) 2491 ResultType = Context.VoidTy; 2492 else if (Form == C11CmpXchg || Form == GNUCmpXchg) 2493 ResultType = Context.BoolTy; 2494 2495 // The type of a parameter passed 'by value'. In the GNU atomics, such 2496 // arguments are actually passed as pointers. 2497 QualType ByValType = ValType; // 'CP' 2498 if (!IsC11 && !IsN) 2499 ByValType = Ptr->getType(); 2500 2501 // The first argument --- the pointer --- has a fixed type; we 2502 // deduce the types of the rest of the arguments accordingly. Walk 2503 // the remaining arguments, converting them to the deduced value type. 2504 for (unsigned i = 1; i != NumArgs[Form]; ++i) { 2505 QualType Ty; 2506 if (i < NumVals[Form] + 1) { 2507 switch (i) { 2508 case 1: 2509 // The second argument is the non-atomic operand. For arithmetic, this 2510 // is always passed by value, and for a compare_exchange it is always 2511 // passed by address. For the rest, GNU uses by-address and C11 uses 2512 // by-value. 2513 assert(Form != Load); 2514 if (Form == Init || (Form == Arithmetic && ValType->isIntegerType())) 2515 Ty = ValType; 2516 else if (Form == Copy || Form == Xchg) 2517 Ty = ByValType; 2518 else if (Form == Arithmetic) 2519 Ty = Context.getPointerDiffType(); 2520 else { 2521 Expr *ValArg = TheCall->getArg(i); 2522 unsigned AS = 0; 2523 // Keep address space of non-atomic pointer type. 2524 if (const PointerType *PtrTy = 2525 ValArg->getType()->getAs<PointerType>()) { 2526 AS = PtrTy->getPointeeType().getAddressSpace(); 2527 } 2528 Ty = Context.getPointerType( 2529 Context.getAddrSpaceQualType(ValType.getUnqualifiedType(), AS)); 2530 } 2531 break; 2532 case 2: 2533 // The third argument to compare_exchange / GNU exchange is a 2534 // (pointer to a) desired value. 2535 Ty = ByValType; 2536 break; 2537 case 3: 2538 // The fourth argument to GNU compare_exchange is a 'weak' flag. 2539 Ty = Context.BoolTy; 2540 break; 2541 } 2542 } else { 2543 // The order(s) are always converted to int. 2544 Ty = Context.IntTy; 2545 } 2546 2547 InitializedEntity Entity = 2548 InitializedEntity::InitializeParameter(Context, Ty, false); 2549 ExprResult Arg = TheCall->getArg(i); 2550 Arg = PerformCopyInitialization(Entity, SourceLocation(), Arg); 2551 if (Arg.isInvalid()) 2552 return true; 2553 TheCall->setArg(i, Arg.get()); 2554 } 2555 2556 // Permute the arguments into a 'consistent' order. 2557 SmallVector<Expr*, 5> SubExprs; 2558 SubExprs.push_back(Ptr); 2559 switch (Form) { 2560 case Init: 2561 // Note, AtomicExpr::getVal1() has a special case for this atomic. 2562 SubExprs.push_back(TheCall->getArg(1)); // Val1 2563 break; 2564 case Load: 2565 SubExprs.push_back(TheCall->getArg(1)); // Order 2566 break; 2567 case LoadCopy: 2568 case Copy: 2569 case Arithmetic: 2570 case Xchg: 2571 SubExprs.push_back(TheCall->getArg(2)); // Order 2572 SubExprs.push_back(TheCall->getArg(1)); // Val1 2573 break; 2574 case GNUXchg: 2575 // Note, AtomicExpr::getVal2() has a special case for this atomic. 2576 SubExprs.push_back(TheCall->getArg(3)); // Order 2577 SubExprs.push_back(TheCall->getArg(1)); // Val1 2578 SubExprs.push_back(TheCall->getArg(2)); // Val2 2579 break; 2580 case C11CmpXchg: 2581 SubExprs.push_back(TheCall->getArg(3)); // Order 2582 SubExprs.push_back(TheCall->getArg(1)); // Val1 2583 SubExprs.push_back(TheCall->getArg(4)); // OrderFail 2584 SubExprs.push_back(TheCall->getArg(2)); // Val2 2585 break; 2586 case GNUCmpXchg: 2587 SubExprs.push_back(TheCall->getArg(4)); // Order 2588 SubExprs.push_back(TheCall->getArg(1)); // Val1 2589 SubExprs.push_back(TheCall->getArg(5)); // OrderFail 2590 SubExprs.push_back(TheCall->getArg(2)); // Val2 2591 SubExprs.push_back(TheCall->getArg(3)); // Weak 2592 break; 2593 } 2594 2595 if (SubExprs.size() >= 2 && Form != Init) { 2596 llvm::APSInt Result(32); 2597 if (SubExprs[1]->isIntegerConstantExpr(Result, Context) && 2598 !isValidOrderingForOp(Result.getSExtValue(), Op)) 2599 Diag(SubExprs[1]->getLocStart(), 2600 diag::warn_atomic_op_has_invalid_memory_order) 2601 << SubExprs[1]->getSourceRange(); 2602 } 2603 2604 AtomicExpr *AE = new (Context) AtomicExpr(TheCall->getCallee()->getLocStart(), 2605 SubExprs, ResultType, Op, 2606 TheCall->getRParenLoc()); 2607 2608 if ((Op == AtomicExpr::AO__c11_atomic_load || 2609 (Op == AtomicExpr::AO__c11_atomic_store)) && 2610 Context.AtomicUsesUnsupportedLibcall(AE)) 2611 Diag(AE->getLocStart(), diag::err_atomic_load_store_uses_lib) << 2612 ((Op == AtomicExpr::AO__c11_atomic_load) ? 0 : 1); 2613 2614 return AE; 2615 } 2616 2617 /// checkBuiltinArgument - Given a call to a builtin function, perform 2618 /// normal type-checking on the given argument, updating the call in 2619 /// place. This is useful when a builtin function requires custom 2620 /// type-checking for some of its arguments but not necessarily all of 2621 /// them. 2622 /// 2623 /// Returns true on error. 2624 static bool checkBuiltinArgument(Sema &S, CallExpr *E, unsigned ArgIndex) { 2625 FunctionDecl *Fn = E->getDirectCallee(); 2626 assert(Fn && "builtin call without direct callee!"); 2627 2628 ParmVarDecl *Param = Fn->getParamDecl(ArgIndex); 2629 InitializedEntity Entity = 2630 InitializedEntity::InitializeParameter(S.Context, Param); 2631 2632 ExprResult Arg = E->getArg(0); 2633 Arg = S.PerformCopyInitialization(Entity, SourceLocation(), Arg); 2634 if (Arg.isInvalid()) 2635 return true; 2636 2637 E->setArg(ArgIndex, Arg.get()); 2638 return false; 2639 } 2640 2641 /// SemaBuiltinAtomicOverloaded - We have a call to a function like 2642 /// __sync_fetch_and_add, which is an overloaded function based on the pointer 2643 /// type of its first argument. The main ActOnCallExpr routines have already 2644 /// promoted the types of arguments because all of these calls are prototyped as 2645 /// void(...). 2646 /// 2647 /// This function goes through and does final semantic checking for these 2648 /// builtins, 2649 ExprResult 2650 Sema::SemaBuiltinAtomicOverloaded(ExprResult TheCallResult) { 2651 CallExpr *TheCall = (CallExpr *)TheCallResult.get(); 2652 DeclRefExpr *DRE =cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 2653 FunctionDecl *FDecl = cast<FunctionDecl>(DRE->getDecl()); 2654 2655 // Ensure that we have at least one argument to do type inference from. 2656 if (TheCall->getNumArgs() < 1) { 2657 Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args_at_least) 2658 << 0 << 1 << TheCall->getNumArgs() 2659 << TheCall->getCallee()->getSourceRange(); 2660 return ExprError(); 2661 } 2662 2663 // Inspect the first argument of the atomic builtin. This should always be 2664 // a pointer type, whose element is an integral scalar or pointer type. 2665 // Because it is a pointer type, we don't have to worry about any implicit 2666 // casts here. 2667 // FIXME: We don't allow floating point scalars as input. 2668 Expr *FirstArg = TheCall->getArg(0); 2669 ExprResult FirstArgResult = DefaultFunctionArrayLvalueConversion(FirstArg); 2670 if (FirstArgResult.isInvalid()) 2671 return ExprError(); 2672 FirstArg = FirstArgResult.get(); 2673 TheCall->setArg(0, FirstArg); 2674 2675 const PointerType *pointerType = FirstArg->getType()->getAs<PointerType>(); 2676 if (!pointerType) { 2677 Diag(DRE->getLocStart(), diag::err_atomic_builtin_must_be_pointer) 2678 << FirstArg->getType() << FirstArg->getSourceRange(); 2679 return ExprError(); 2680 } 2681 2682 QualType ValType = pointerType->getPointeeType(); 2683 if (!ValType->isIntegerType() && !ValType->isAnyPointerType() && 2684 !ValType->isBlockPointerType()) { 2685 Diag(DRE->getLocStart(), diag::err_atomic_builtin_must_be_pointer_intptr) 2686 << FirstArg->getType() << FirstArg->getSourceRange(); 2687 return ExprError(); 2688 } 2689 2690 switch (ValType.getObjCLifetime()) { 2691 case Qualifiers::OCL_None: 2692 case Qualifiers::OCL_ExplicitNone: 2693 // okay 2694 break; 2695 2696 case Qualifiers::OCL_Weak: 2697 case Qualifiers::OCL_Strong: 2698 case Qualifiers::OCL_Autoreleasing: 2699 Diag(DRE->getLocStart(), diag::err_arc_atomic_ownership) 2700 << ValType << FirstArg->getSourceRange(); 2701 return ExprError(); 2702 } 2703 2704 // Strip any qualifiers off ValType. 2705 ValType = ValType.getUnqualifiedType(); 2706 2707 // The majority of builtins return a value, but a few have special return 2708 // types, so allow them to override appropriately below. 2709 QualType ResultType = ValType; 2710 2711 // We need to figure out which concrete builtin this maps onto. For example, 2712 // __sync_fetch_and_add with a 2 byte object turns into 2713 // __sync_fetch_and_add_2. 2714 #define BUILTIN_ROW(x) \ 2715 { Builtin::BI##x##_1, Builtin::BI##x##_2, Builtin::BI##x##_4, \ 2716 Builtin::BI##x##_8, Builtin::BI##x##_16 } 2717 2718 static const unsigned BuiltinIndices[][5] = { 2719 BUILTIN_ROW(__sync_fetch_and_add), 2720 BUILTIN_ROW(__sync_fetch_and_sub), 2721 BUILTIN_ROW(__sync_fetch_and_or), 2722 BUILTIN_ROW(__sync_fetch_and_and), 2723 BUILTIN_ROW(__sync_fetch_and_xor), 2724 BUILTIN_ROW(__sync_fetch_and_nand), 2725 2726 BUILTIN_ROW(__sync_add_and_fetch), 2727 BUILTIN_ROW(__sync_sub_and_fetch), 2728 BUILTIN_ROW(__sync_and_and_fetch), 2729 BUILTIN_ROW(__sync_or_and_fetch), 2730 BUILTIN_ROW(__sync_xor_and_fetch), 2731 BUILTIN_ROW(__sync_nand_and_fetch), 2732 2733 BUILTIN_ROW(__sync_val_compare_and_swap), 2734 BUILTIN_ROW(__sync_bool_compare_and_swap), 2735 BUILTIN_ROW(__sync_lock_test_and_set), 2736 BUILTIN_ROW(__sync_lock_release), 2737 BUILTIN_ROW(__sync_swap) 2738 }; 2739 #undef BUILTIN_ROW 2740 2741 // Determine the index of the size. 2742 unsigned SizeIndex; 2743 switch (Context.getTypeSizeInChars(ValType).getQuantity()) { 2744 case 1: SizeIndex = 0; break; 2745 case 2: SizeIndex = 1; break; 2746 case 4: SizeIndex = 2; break; 2747 case 8: SizeIndex = 3; break; 2748 case 16: SizeIndex = 4; break; 2749 default: 2750 Diag(DRE->getLocStart(), diag::err_atomic_builtin_pointer_size) 2751 << FirstArg->getType() << FirstArg->getSourceRange(); 2752 return ExprError(); 2753 } 2754 2755 // Each of these builtins has one pointer argument, followed by some number of 2756 // values (0, 1 or 2) followed by a potentially empty varags list of stuff 2757 // that we ignore. Find out which row of BuiltinIndices to read from as well 2758 // as the number of fixed args. 2759 unsigned BuiltinID = FDecl->getBuiltinID(); 2760 unsigned BuiltinIndex, NumFixed = 1; 2761 bool WarnAboutSemanticsChange = false; 2762 switch (BuiltinID) { 2763 default: llvm_unreachable("Unknown overloaded atomic builtin!"); 2764 case Builtin::BI__sync_fetch_and_add: 2765 case Builtin::BI__sync_fetch_and_add_1: 2766 case Builtin::BI__sync_fetch_and_add_2: 2767 case Builtin::BI__sync_fetch_and_add_4: 2768 case Builtin::BI__sync_fetch_and_add_8: 2769 case Builtin::BI__sync_fetch_and_add_16: 2770 BuiltinIndex = 0; 2771 break; 2772 2773 case Builtin::BI__sync_fetch_and_sub: 2774 case Builtin::BI__sync_fetch_and_sub_1: 2775 case Builtin::BI__sync_fetch_and_sub_2: 2776 case Builtin::BI__sync_fetch_and_sub_4: 2777 case Builtin::BI__sync_fetch_and_sub_8: 2778 case Builtin::BI__sync_fetch_and_sub_16: 2779 BuiltinIndex = 1; 2780 break; 2781 2782 case Builtin::BI__sync_fetch_and_or: 2783 case Builtin::BI__sync_fetch_and_or_1: 2784 case Builtin::BI__sync_fetch_and_or_2: 2785 case Builtin::BI__sync_fetch_and_or_4: 2786 case Builtin::BI__sync_fetch_and_or_8: 2787 case Builtin::BI__sync_fetch_and_or_16: 2788 BuiltinIndex = 2; 2789 break; 2790 2791 case Builtin::BI__sync_fetch_and_and: 2792 case Builtin::BI__sync_fetch_and_and_1: 2793 case Builtin::BI__sync_fetch_and_and_2: 2794 case Builtin::BI__sync_fetch_and_and_4: 2795 case Builtin::BI__sync_fetch_and_and_8: 2796 case Builtin::BI__sync_fetch_and_and_16: 2797 BuiltinIndex = 3; 2798 break; 2799 2800 case Builtin::BI__sync_fetch_and_xor: 2801 case Builtin::BI__sync_fetch_and_xor_1: 2802 case Builtin::BI__sync_fetch_and_xor_2: 2803 case Builtin::BI__sync_fetch_and_xor_4: 2804 case Builtin::BI__sync_fetch_and_xor_8: 2805 case Builtin::BI__sync_fetch_and_xor_16: 2806 BuiltinIndex = 4; 2807 break; 2808 2809 case Builtin::BI__sync_fetch_and_nand: 2810 case Builtin::BI__sync_fetch_and_nand_1: 2811 case Builtin::BI__sync_fetch_and_nand_2: 2812 case Builtin::BI__sync_fetch_and_nand_4: 2813 case Builtin::BI__sync_fetch_and_nand_8: 2814 case Builtin::BI__sync_fetch_and_nand_16: 2815 BuiltinIndex = 5; 2816 WarnAboutSemanticsChange = true; 2817 break; 2818 2819 case Builtin::BI__sync_add_and_fetch: 2820 case Builtin::BI__sync_add_and_fetch_1: 2821 case Builtin::BI__sync_add_and_fetch_2: 2822 case Builtin::BI__sync_add_and_fetch_4: 2823 case Builtin::BI__sync_add_and_fetch_8: 2824 case Builtin::BI__sync_add_and_fetch_16: 2825 BuiltinIndex = 6; 2826 break; 2827 2828 case Builtin::BI__sync_sub_and_fetch: 2829 case Builtin::BI__sync_sub_and_fetch_1: 2830 case Builtin::BI__sync_sub_and_fetch_2: 2831 case Builtin::BI__sync_sub_and_fetch_4: 2832 case Builtin::BI__sync_sub_and_fetch_8: 2833 case Builtin::BI__sync_sub_and_fetch_16: 2834 BuiltinIndex = 7; 2835 break; 2836 2837 case Builtin::BI__sync_and_and_fetch: 2838 case Builtin::BI__sync_and_and_fetch_1: 2839 case Builtin::BI__sync_and_and_fetch_2: 2840 case Builtin::BI__sync_and_and_fetch_4: 2841 case Builtin::BI__sync_and_and_fetch_8: 2842 case Builtin::BI__sync_and_and_fetch_16: 2843 BuiltinIndex = 8; 2844 break; 2845 2846 case Builtin::BI__sync_or_and_fetch: 2847 case Builtin::BI__sync_or_and_fetch_1: 2848 case Builtin::BI__sync_or_and_fetch_2: 2849 case Builtin::BI__sync_or_and_fetch_4: 2850 case Builtin::BI__sync_or_and_fetch_8: 2851 case Builtin::BI__sync_or_and_fetch_16: 2852 BuiltinIndex = 9; 2853 break; 2854 2855 case Builtin::BI__sync_xor_and_fetch: 2856 case Builtin::BI__sync_xor_and_fetch_1: 2857 case Builtin::BI__sync_xor_and_fetch_2: 2858 case Builtin::BI__sync_xor_and_fetch_4: 2859 case Builtin::BI__sync_xor_and_fetch_8: 2860 case Builtin::BI__sync_xor_and_fetch_16: 2861 BuiltinIndex = 10; 2862 break; 2863 2864 case Builtin::BI__sync_nand_and_fetch: 2865 case Builtin::BI__sync_nand_and_fetch_1: 2866 case Builtin::BI__sync_nand_and_fetch_2: 2867 case Builtin::BI__sync_nand_and_fetch_4: 2868 case Builtin::BI__sync_nand_and_fetch_8: 2869 case Builtin::BI__sync_nand_and_fetch_16: 2870 BuiltinIndex = 11; 2871 WarnAboutSemanticsChange = true; 2872 break; 2873 2874 case Builtin::BI__sync_val_compare_and_swap: 2875 case Builtin::BI__sync_val_compare_and_swap_1: 2876 case Builtin::BI__sync_val_compare_and_swap_2: 2877 case Builtin::BI__sync_val_compare_and_swap_4: 2878 case Builtin::BI__sync_val_compare_and_swap_8: 2879 case Builtin::BI__sync_val_compare_and_swap_16: 2880 BuiltinIndex = 12; 2881 NumFixed = 2; 2882 break; 2883 2884 case Builtin::BI__sync_bool_compare_and_swap: 2885 case Builtin::BI__sync_bool_compare_and_swap_1: 2886 case Builtin::BI__sync_bool_compare_and_swap_2: 2887 case Builtin::BI__sync_bool_compare_and_swap_4: 2888 case Builtin::BI__sync_bool_compare_and_swap_8: 2889 case Builtin::BI__sync_bool_compare_and_swap_16: 2890 BuiltinIndex = 13; 2891 NumFixed = 2; 2892 ResultType = Context.BoolTy; 2893 break; 2894 2895 case Builtin::BI__sync_lock_test_and_set: 2896 case Builtin::BI__sync_lock_test_and_set_1: 2897 case Builtin::BI__sync_lock_test_and_set_2: 2898 case Builtin::BI__sync_lock_test_and_set_4: 2899 case Builtin::BI__sync_lock_test_and_set_8: 2900 case Builtin::BI__sync_lock_test_and_set_16: 2901 BuiltinIndex = 14; 2902 break; 2903 2904 case Builtin::BI__sync_lock_release: 2905 case Builtin::BI__sync_lock_release_1: 2906 case Builtin::BI__sync_lock_release_2: 2907 case Builtin::BI__sync_lock_release_4: 2908 case Builtin::BI__sync_lock_release_8: 2909 case Builtin::BI__sync_lock_release_16: 2910 BuiltinIndex = 15; 2911 NumFixed = 0; 2912 ResultType = Context.VoidTy; 2913 break; 2914 2915 case Builtin::BI__sync_swap: 2916 case Builtin::BI__sync_swap_1: 2917 case Builtin::BI__sync_swap_2: 2918 case Builtin::BI__sync_swap_4: 2919 case Builtin::BI__sync_swap_8: 2920 case Builtin::BI__sync_swap_16: 2921 BuiltinIndex = 16; 2922 break; 2923 } 2924 2925 // Now that we know how many fixed arguments we expect, first check that we 2926 // have at least that many. 2927 if (TheCall->getNumArgs() < 1+NumFixed) { 2928 Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args_at_least) 2929 << 0 << 1+NumFixed << TheCall->getNumArgs() 2930 << TheCall->getCallee()->getSourceRange(); 2931 return ExprError(); 2932 } 2933 2934 if (WarnAboutSemanticsChange) { 2935 Diag(TheCall->getLocEnd(), diag::warn_sync_fetch_and_nand_semantics_change) 2936 << TheCall->getCallee()->getSourceRange(); 2937 } 2938 2939 // Get the decl for the concrete builtin from this, we can tell what the 2940 // concrete integer type we should convert to is. 2941 unsigned NewBuiltinID = BuiltinIndices[BuiltinIndex][SizeIndex]; 2942 const char *NewBuiltinName = Context.BuiltinInfo.getName(NewBuiltinID); 2943 FunctionDecl *NewBuiltinDecl; 2944 if (NewBuiltinID == BuiltinID) 2945 NewBuiltinDecl = FDecl; 2946 else { 2947 // Perform builtin lookup to avoid redeclaring it. 2948 DeclarationName DN(&Context.Idents.get(NewBuiltinName)); 2949 LookupResult Res(*this, DN, DRE->getLocStart(), LookupOrdinaryName); 2950 LookupName(Res, TUScope, /*AllowBuiltinCreation=*/true); 2951 assert(Res.getFoundDecl()); 2952 NewBuiltinDecl = dyn_cast<FunctionDecl>(Res.getFoundDecl()); 2953 if (!NewBuiltinDecl) 2954 return ExprError(); 2955 } 2956 2957 // The first argument --- the pointer --- has a fixed type; we 2958 // deduce the types of the rest of the arguments accordingly. Walk 2959 // the remaining arguments, converting them to the deduced value type. 2960 for (unsigned i = 0; i != NumFixed; ++i) { 2961 ExprResult Arg = TheCall->getArg(i+1); 2962 2963 // GCC does an implicit conversion to the pointer or integer ValType. This 2964 // can fail in some cases (1i -> int**), check for this error case now. 2965 // Initialize the argument. 2966 InitializedEntity Entity = InitializedEntity::InitializeParameter(Context, 2967 ValType, /*consume*/ false); 2968 Arg = PerformCopyInitialization(Entity, SourceLocation(), Arg); 2969 if (Arg.isInvalid()) 2970 return ExprError(); 2971 2972 // Okay, we have something that *can* be converted to the right type. Check 2973 // to see if there is a potentially weird extension going on here. This can 2974 // happen when you do an atomic operation on something like an char* and 2975 // pass in 42. The 42 gets converted to char. This is even more strange 2976 // for things like 45.123 -> char, etc. 2977 // FIXME: Do this check. 2978 TheCall->setArg(i+1, Arg.get()); 2979 } 2980 2981 ASTContext& Context = this->getASTContext(); 2982 2983 // Create a new DeclRefExpr to refer to the new decl. 2984 DeclRefExpr* NewDRE = DeclRefExpr::Create( 2985 Context, 2986 DRE->getQualifierLoc(), 2987 SourceLocation(), 2988 NewBuiltinDecl, 2989 /*enclosing*/ false, 2990 DRE->getLocation(), 2991 Context.BuiltinFnTy, 2992 DRE->getValueKind()); 2993 2994 // Set the callee in the CallExpr. 2995 // FIXME: This loses syntactic information. 2996 QualType CalleePtrTy = Context.getPointerType(NewBuiltinDecl->getType()); 2997 ExprResult PromotedCall = ImpCastExprToType(NewDRE, CalleePtrTy, 2998 CK_BuiltinFnToFnPtr); 2999 TheCall->setCallee(PromotedCall.get()); 3000 3001 // Change the result type of the call to match the original value type. This 3002 // is arbitrary, but the codegen for these builtins ins design to handle it 3003 // gracefully. 3004 TheCall->setType(ResultType); 3005 3006 return TheCallResult; 3007 } 3008 3009 /// SemaBuiltinNontemporalOverloaded - We have a call to 3010 /// __builtin_nontemporal_store or __builtin_nontemporal_load, which is an 3011 /// overloaded function based on the pointer type of its last argument. 3012 /// 3013 /// This function goes through and does final semantic checking for these 3014 /// builtins. 3015 ExprResult Sema::SemaBuiltinNontemporalOverloaded(ExprResult TheCallResult) { 3016 CallExpr *TheCall = (CallExpr *)TheCallResult.get(); 3017 DeclRefExpr *DRE = 3018 cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 3019 FunctionDecl *FDecl = cast<FunctionDecl>(DRE->getDecl()); 3020 unsigned BuiltinID = FDecl->getBuiltinID(); 3021 assert((BuiltinID == Builtin::BI__builtin_nontemporal_store || 3022 BuiltinID == Builtin::BI__builtin_nontemporal_load) && 3023 "Unexpected nontemporal load/store builtin!"); 3024 bool isStore = BuiltinID == Builtin::BI__builtin_nontemporal_store; 3025 unsigned numArgs = isStore ? 2 : 1; 3026 3027 // Ensure that we have the proper number of arguments. 3028 if (checkArgCount(*this, TheCall, numArgs)) 3029 return ExprError(); 3030 3031 // Inspect the last argument of the nontemporal builtin. This should always 3032 // be a pointer type, from which we imply the type of the memory access. 3033 // Because it is a pointer type, we don't have to worry about any implicit 3034 // casts here. 3035 Expr *PointerArg = TheCall->getArg(numArgs - 1); 3036 ExprResult PointerArgResult = 3037 DefaultFunctionArrayLvalueConversion(PointerArg); 3038 3039 if (PointerArgResult.isInvalid()) 3040 return ExprError(); 3041 PointerArg = PointerArgResult.get(); 3042 TheCall->setArg(numArgs - 1, PointerArg); 3043 3044 const PointerType *pointerType = PointerArg->getType()->getAs<PointerType>(); 3045 if (!pointerType) { 3046 Diag(DRE->getLocStart(), diag::err_nontemporal_builtin_must_be_pointer) 3047 << PointerArg->getType() << PointerArg->getSourceRange(); 3048 return ExprError(); 3049 } 3050 3051 QualType ValType = pointerType->getPointeeType(); 3052 3053 // Strip any qualifiers off ValType. 3054 ValType = ValType.getUnqualifiedType(); 3055 if (!ValType->isIntegerType() && !ValType->isAnyPointerType() && 3056 !ValType->isBlockPointerType() && !ValType->isFloatingType() && 3057 !ValType->isVectorType()) { 3058 Diag(DRE->getLocStart(), 3059 diag::err_nontemporal_builtin_must_be_pointer_intfltptr_or_vector) 3060 << PointerArg->getType() << PointerArg->getSourceRange(); 3061 return ExprError(); 3062 } 3063 3064 if (!isStore) { 3065 TheCall->setType(ValType); 3066 return TheCallResult; 3067 } 3068 3069 ExprResult ValArg = TheCall->getArg(0); 3070 InitializedEntity Entity = InitializedEntity::InitializeParameter( 3071 Context, ValType, /*consume*/ false); 3072 ValArg = PerformCopyInitialization(Entity, SourceLocation(), ValArg); 3073 if (ValArg.isInvalid()) 3074 return ExprError(); 3075 3076 TheCall->setArg(0, ValArg.get()); 3077 TheCall->setType(Context.VoidTy); 3078 return TheCallResult; 3079 } 3080 3081 /// CheckObjCString - Checks that the argument to the builtin 3082 /// CFString constructor is correct 3083 /// Note: It might also make sense to do the UTF-16 conversion here (would 3084 /// simplify the backend). 3085 bool Sema::CheckObjCString(Expr *Arg) { 3086 Arg = Arg->IgnoreParenCasts(); 3087 StringLiteral *Literal = dyn_cast<StringLiteral>(Arg); 3088 3089 if (!Literal || !Literal->isAscii()) { 3090 Diag(Arg->getLocStart(), diag::err_cfstring_literal_not_string_constant) 3091 << Arg->getSourceRange(); 3092 return true; 3093 } 3094 3095 if (Literal->containsNonAsciiOrNull()) { 3096 StringRef String = Literal->getString(); 3097 unsigned NumBytes = String.size(); 3098 SmallVector<UTF16, 128> ToBuf(NumBytes); 3099 const UTF8 *FromPtr = (const UTF8 *)String.data(); 3100 UTF16 *ToPtr = &ToBuf[0]; 3101 3102 ConversionResult Result = ConvertUTF8toUTF16(&FromPtr, FromPtr + NumBytes, 3103 &ToPtr, ToPtr + NumBytes, 3104 strictConversion); 3105 // Check for conversion failure. 3106 if (Result != conversionOK) 3107 Diag(Arg->getLocStart(), 3108 diag::warn_cfstring_truncated) << Arg->getSourceRange(); 3109 } 3110 return false; 3111 } 3112 3113 /// Check the arguments to '__builtin_va_start' or '__builtin_ms_va_start' 3114 /// for validity. Emit an error and return true on failure; return false 3115 /// on success. 3116 bool Sema::SemaBuiltinVAStartImpl(CallExpr *TheCall) { 3117 Expr *Fn = TheCall->getCallee(); 3118 if (TheCall->getNumArgs() > 2) { 3119 Diag(TheCall->getArg(2)->getLocStart(), 3120 diag::err_typecheck_call_too_many_args) 3121 << 0 /*function call*/ << 2 << TheCall->getNumArgs() 3122 << Fn->getSourceRange() 3123 << SourceRange(TheCall->getArg(2)->getLocStart(), 3124 (*(TheCall->arg_end()-1))->getLocEnd()); 3125 return true; 3126 } 3127 3128 if (TheCall->getNumArgs() < 2) { 3129 return Diag(TheCall->getLocEnd(), 3130 diag::err_typecheck_call_too_few_args_at_least) 3131 << 0 /*function call*/ << 2 << TheCall->getNumArgs(); 3132 } 3133 3134 // Type-check the first argument normally. 3135 if (checkBuiltinArgument(*this, TheCall, 0)) 3136 return true; 3137 3138 // Determine whether the current function is variadic or not. 3139 BlockScopeInfo *CurBlock = getCurBlock(); 3140 bool isVariadic; 3141 if (CurBlock) 3142 isVariadic = CurBlock->TheDecl->isVariadic(); 3143 else if (FunctionDecl *FD = getCurFunctionDecl()) 3144 isVariadic = FD->isVariadic(); 3145 else 3146 isVariadic = getCurMethodDecl()->isVariadic(); 3147 3148 if (!isVariadic) { 3149 Diag(Fn->getLocStart(), diag::err_va_start_used_in_non_variadic_function); 3150 return true; 3151 } 3152 3153 // Verify that the second argument to the builtin is the last argument of the 3154 // current function or method. 3155 bool SecondArgIsLastNamedArgument = false; 3156 const Expr *Arg = TheCall->getArg(1)->IgnoreParenCasts(); 3157 3158 // These are valid if SecondArgIsLastNamedArgument is false after the next 3159 // block. 3160 QualType Type; 3161 SourceLocation ParamLoc; 3162 bool IsCRegister = false; 3163 3164 if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Arg)) { 3165 if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(DR->getDecl())) { 3166 // FIXME: This isn't correct for methods (results in bogus warning). 3167 // Get the last formal in the current function. 3168 const ParmVarDecl *LastArg; 3169 if (CurBlock) 3170 LastArg = CurBlock->TheDecl->parameters().back(); 3171 else if (FunctionDecl *FD = getCurFunctionDecl()) 3172 LastArg = FD->parameters().back(); 3173 else 3174 LastArg = getCurMethodDecl()->parameters().back(); 3175 SecondArgIsLastNamedArgument = PV == LastArg; 3176 3177 Type = PV->getType(); 3178 ParamLoc = PV->getLocation(); 3179 IsCRegister = 3180 PV->getStorageClass() == SC_Register && !getLangOpts().CPlusPlus; 3181 } 3182 } 3183 3184 if (!SecondArgIsLastNamedArgument) 3185 Diag(TheCall->getArg(1)->getLocStart(), 3186 diag::warn_second_arg_of_va_start_not_last_named_param); 3187 else if (IsCRegister || Type->isReferenceType() || 3188 Type->isPromotableIntegerType() || 3189 Type->isSpecificBuiltinType(BuiltinType::Float)) { 3190 unsigned Reason = 0; 3191 if (Type->isReferenceType()) Reason = 1; 3192 else if (IsCRegister) Reason = 2; 3193 Diag(Arg->getLocStart(), diag::warn_va_start_type_is_undefined) << Reason; 3194 Diag(ParamLoc, diag::note_parameter_type) << Type; 3195 } 3196 3197 TheCall->setType(Context.VoidTy); 3198 return false; 3199 } 3200 3201 /// Check the arguments to '__builtin_va_start' for validity, and that 3202 /// it was called from a function of the native ABI. 3203 /// Emit an error and return true on failure; return false on success. 3204 bool Sema::SemaBuiltinVAStart(CallExpr *TheCall) { 3205 // On x86-64 Unix, don't allow this in Win64 ABI functions. 3206 // On x64 Windows, don't allow this in System V ABI functions. 3207 // (Yes, that means there's no corresponding way to support variadic 3208 // System V ABI functions on Windows.) 3209 if (Context.getTargetInfo().getTriple().getArch() == llvm::Triple::x86_64) { 3210 unsigned OS = Context.getTargetInfo().getTriple().getOS(); 3211 clang::CallingConv CC = CC_C; 3212 if (const FunctionDecl *FD = getCurFunctionDecl()) 3213 CC = FD->getType()->getAs<FunctionType>()->getCallConv(); 3214 if ((OS == llvm::Triple::Win32 && CC == CC_X86_64SysV) || 3215 (OS != llvm::Triple::Win32 && CC == CC_X86_64Win64)) 3216 return Diag(TheCall->getCallee()->getLocStart(), 3217 diag::err_va_start_used_in_wrong_abi_function) 3218 << (OS != llvm::Triple::Win32); 3219 } 3220 return SemaBuiltinVAStartImpl(TheCall); 3221 } 3222 3223 /// Check the arguments to '__builtin_ms_va_start' for validity, and that 3224 /// it was called from a Win64 ABI function. 3225 /// Emit an error and return true on failure; return false on success. 3226 bool Sema::SemaBuiltinMSVAStart(CallExpr *TheCall) { 3227 // This only makes sense for x86-64. 3228 const llvm::Triple &TT = Context.getTargetInfo().getTriple(); 3229 Expr *Callee = TheCall->getCallee(); 3230 if (TT.getArch() != llvm::Triple::x86_64) 3231 return Diag(Callee->getLocStart(), diag::err_x86_builtin_32_bit_tgt); 3232 // Don't allow this in System V ABI functions. 3233 clang::CallingConv CC = CC_C; 3234 if (const FunctionDecl *FD = getCurFunctionDecl()) 3235 CC = FD->getType()->getAs<FunctionType>()->getCallConv(); 3236 if (CC == CC_X86_64SysV || 3237 (TT.getOS() != llvm::Triple::Win32 && CC != CC_X86_64Win64)) 3238 return Diag(Callee->getLocStart(), 3239 diag::err_ms_va_start_used_in_sysv_function); 3240 return SemaBuiltinVAStartImpl(TheCall); 3241 } 3242 3243 bool Sema::SemaBuiltinVAStartARM(CallExpr *Call) { 3244 // void __va_start(va_list *ap, const char *named_addr, size_t slot_size, 3245 // const char *named_addr); 3246 3247 Expr *Func = Call->getCallee(); 3248 3249 if (Call->getNumArgs() < 3) 3250 return Diag(Call->getLocEnd(), 3251 diag::err_typecheck_call_too_few_args_at_least) 3252 << 0 /*function call*/ << 3 << Call->getNumArgs(); 3253 3254 // Determine whether the current function is variadic or not. 3255 bool IsVariadic; 3256 if (BlockScopeInfo *CurBlock = getCurBlock()) 3257 IsVariadic = CurBlock->TheDecl->isVariadic(); 3258 else if (FunctionDecl *FD = getCurFunctionDecl()) 3259 IsVariadic = FD->isVariadic(); 3260 else if (ObjCMethodDecl *MD = getCurMethodDecl()) 3261 IsVariadic = MD->isVariadic(); 3262 else 3263 llvm_unreachable("unexpected statement type"); 3264 3265 if (!IsVariadic) { 3266 Diag(Func->getLocStart(), diag::err_va_start_used_in_non_variadic_function); 3267 return true; 3268 } 3269 3270 // Type-check the first argument normally. 3271 if (checkBuiltinArgument(*this, Call, 0)) 3272 return true; 3273 3274 const struct { 3275 unsigned ArgNo; 3276 QualType Type; 3277 } ArgumentTypes[] = { 3278 { 1, Context.getPointerType(Context.CharTy.withConst()) }, 3279 { 2, Context.getSizeType() }, 3280 }; 3281 3282 for (const auto &AT : ArgumentTypes) { 3283 const Expr *Arg = Call->getArg(AT.ArgNo)->IgnoreParens(); 3284 if (Arg->getType().getCanonicalType() == AT.Type.getCanonicalType()) 3285 continue; 3286 Diag(Arg->getLocStart(), diag::err_typecheck_convert_incompatible) 3287 << Arg->getType() << AT.Type << 1 /* different class */ 3288 << 0 /* qualifier difference */ << 3 /* parameter mismatch */ 3289 << AT.ArgNo + 1 << Arg->getType() << AT.Type; 3290 } 3291 3292 return false; 3293 } 3294 3295 /// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isgreater and 3296 /// friends. This is declared to take (...), so we have to check everything. 3297 bool Sema::SemaBuiltinUnorderedCompare(CallExpr *TheCall) { 3298 if (TheCall->getNumArgs() < 2) 3299 return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args) 3300 << 0 << 2 << TheCall->getNumArgs()/*function call*/; 3301 if (TheCall->getNumArgs() > 2) 3302 return Diag(TheCall->getArg(2)->getLocStart(), 3303 diag::err_typecheck_call_too_many_args) 3304 << 0 /*function call*/ << 2 << TheCall->getNumArgs() 3305 << SourceRange(TheCall->getArg(2)->getLocStart(), 3306 (*(TheCall->arg_end()-1))->getLocEnd()); 3307 3308 ExprResult OrigArg0 = TheCall->getArg(0); 3309 ExprResult OrigArg1 = TheCall->getArg(1); 3310 3311 // Do standard promotions between the two arguments, returning their common 3312 // type. 3313 QualType Res = UsualArithmeticConversions(OrigArg0, OrigArg1, false); 3314 if (OrigArg0.isInvalid() || OrigArg1.isInvalid()) 3315 return true; 3316 3317 // Make sure any conversions are pushed back into the call; this is 3318 // type safe since unordered compare builtins are declared as "_Bool 3319 // foo(...)". 3320 TheCall->setArg(0, OrigArg0.get()); 3321 TheCall->setArg(1, OrigArg1.get()); 3322 3323 if (OrigArg0.get()->isTypeDependent() || OrigArg1.get()->isTypeDependent()) 3324 return false; 3325 3326 // If the common type isn't a real floating type, then the arguments were 3327 // invalid for this operation. 3328 if (Res.isNull() || !Res->isRealFloatingType()) 3329 return Diag(OrigArg0.get()->getLocStart(), 3330 diag::err_typecheck_call_invalid_ordered_compare) 3331 << OrigArg0.get()->getType() << OrigArg1.get()->getType() 3332 << SourceRange(OrigArg0.get()->getLocStart(), OrigArg1.get()->getLocEnd()); 3333 3334 return false; 3335 } 3336 3337 /// SemaBuiltinSemaBuiltinFPClassification - Handle functions like 3338 /// __builtin_isnan and friends. This is declared to take (...), so we have 3339 /// to check everything. We expect the last argument to be a floating point 3340 /// value. 3341 bool Sema::SemaBuiltinFPClassification(CallExpr *TheCall, unsigned NumArgs) { 3342 if (TheCall->getNumArgs() < NumArgs) 3343 return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args) 3344 << 0 << NumArgs << TheCall->getNumArgs()/*function call*/; 3345 if (TheCall->getNumArgs() > NumArgs) 3346 return Diag(TheCall->getArg(NumArgs)->getLocStart(), 3347 diag::err_typecheck_call_too_many_args) 3348 << 0 /*function call*/ << NumArgs << TheCall->getNumArgs() 3349 << SourceRange(TheCall->getArg(NumArgs)->getLocStart(), 3350 (*(TheCall->arg_end()-1))->getLocEnd()); 3351 3352 Expr *OrigArg = TheCall->getArg(NumArgs-1); 3353 3354 if (OrigArg->isTypeDependent()) 3355 return false; 3356 3357 // This operation requires a non-_Complex floating-point number. 3358 if (!OrigArg->getType()->isRealFloatingType()) 3359 return Diag(OrigArg->getLocStart(), 3360 diag::err_typecheck_call_invalid_unary_fp) 3361 << OrigArg->getType() << OrigArg->getSourceRange(); 3362 3363 // If this is an implicit conversion from float -> double, remove it. 3364 if (ImplicitCastExpr *Cast = dyn_cast<ImplicitCastExpr>(OrigArg)) { 3365 Expr *CastArg = Cast->getSubExpr(); 3366 if (CastArg->getType()->isSpecificBuiltinType(BuiltinType::Float)) { 3367 assert(Cast->getType()->isSpecificBuiltinType(BuiltinType::Double) && 3368 "promotion from float to double is the only expected cast here"); 3369 Cast->setSubExpr(nullptr); 3370 TheCall->setArg(NumArgs-1, CastArg); 3371 } 3372 } 3373 3374 return false; 3375 } 3376 3377 /// SemaBuiltinShuffleVector - Handle __builtin_shufflevector. 3378 // This is declared to take (...), so we have to check everything. 3379 ExprResult Sema::SemaBuiltinShuffleVector(CallExpr *TheCall) { 3380 if (TheCall->getNumArgs() < 2) 3381 return ExprError(Diag(TheCall->getLocEnd(), 3382 diag::err_typecheck_call_too_few_args_at_least) 3383 << 0 /*function call*/ << 2 << TheCall->getNumArgs() 3384 << TheCall->getSourceRange()); 3385 3386 // Determine which of the following types of shufflevector we're checking: 3387 // 1) unary, vector mask: (lhs, mask) 3388 // 2) binary, scalar mask: (lhs, rhs, index, ..., index) 3389 QualType resType = TheCall->getArg(0)->getType(); 3390 unsigned numElements = 0; 3391 3392 if (!TheCall->getArg(0)->isTypeDependent() && 3393 !TheCall->getArg(1)->isTypeDependent()) { 3394 QualType LHSType = TheCall->getArg(0)->getType(); 3395 QualType RHSType = TheCall->getArg(1)->getType(); 3396 3397 if (!LHSType->isVectorType() || !RHSType->isVectorType()) 3398 return ExprError(Diag(TheCall->getLocStart(), 3399 diag::err_shufflevector_non_vector) 3400 << SourceRange(TheCall->getArg(0)->getLocStart(), 3401 TheCall->getArg(1)->getLocEnd())); 3402 3403 numElements = LHSType->getAs<VectorType>()->getNumElements(); 3404 unsigned numResElements = TheCall->getNumArgs() - 2; 3405 3406 // Check to see if we have a call with 2 vector arguments, the unary shuffle 3407 // with mask. If so, verify that RHS is an integer vector type with the 3408 // same number of elts as lhs. 3409 if (TheCall->getNumArgs() == 2) { 3410 if (!RHSType->hasIntegerRepresentation() || 3411 RHSType->getAs<VectorType>()->getNumElements() != numElements) 3412 return ExprError(Diag(TheCall->getLocStart(), 3413 diag::err_shufflevector_incompatible_vector) 3414 << SourceRange(TheCall->getArg(1)->getLocStart(), 3415 TheCall->getArg(1)->getLocEnd())); 3416 } else if (!Context.hasSameUnqualifiedType(LHSType, RHSType)) { 3417 return ExprError(Diag(TheCall->getLocStart(), 3418 diag::err_shufflevector_incompatible_vector) 3419 << SourceRange(TheCall->getArg(0)->getLocStart(), 3420 TheCall->getArg(1)->getLocEnd())); 3421 } else if (numElements != numResElements) { 3422 QualType eltType = LHSType->getAs<VectorType>()->getElementType(); 3423 resType = Context.getVectorType(eltType, numResElements, 3424 VectorType::GenericVector); 3425 } 3426 } 3427 3428 for (unsigned i = 2; i < TheCall->getNumArgs(); i++) { 3429 if (TheCall->getArg(i)->isTypeDependent() || 3430 TheCall->getArg(i)->isValueDependent()) 3431 continue; 3432 3433 llvm::APSInt Result(32); 3434 if (!TheCall->getArg(i)->isIntegerConstantExpr(Result, Context)) 3435 return ExprError(Diag(TheCall->getLocStart(), 3436 diag::err_shufflevector_nonconstant_argument) 3437 << TheCall->getArg(i)->getSourceRange()); 3438 3439 // Allow -1 which will be translated to undef in the IR. 3440 if (Result.isSigned() && Result.isAllOnesValue()) 3441 continue; 3442 3443 if (Result.getActiveBits() > 64 || Result.getZExtValue() >= numElements*2) 3444 return ExprError(Diag(TheCall->getLocStart(), 3445 diag::err_shufflevector_argument_too_large) 3446 << TheCall->getArg(i)->getSourceRange()); 3447 } 3448 3449 SmallVector<Expr*, 32> exprs; 3450 3451 for (unsigned i = 0, e = TheCall->getNumArgs(); i != e; i++) { 3452 exprs.push_back(TheCall->getArg(i)); 3453 TheCall->setArg(i, nullptr); 3454 } 3455 3456 return new (Context) ShuffleVectorExpr(Context, exprs, resType, 3457 TheCall->getCallee()->getLocStart(), 3458 TheCall->getRParenLoc()); 3459 } 3460 3461 /// SemaConvertVectorExpr - Handle __builtin_convertvector 3462 ExprResult Sema::SemaConvertVectorExpr(Expr *E, TypeSourceInfo *TInfo, 3463 SourceLocation BuiltinLoc, 3464 SourceLocation RParenLoc) { 3465 ExprValueKind VK = VK_RValue; 3466 ExprObjectKind OK = OK_Ordinary; 3467 QualType DstTy = TInfo->getType(); 3468 QualType SrcTy = E->getType(); 3469 3470 if (!SrcTy->isVectorType() && !SrcTy->isDependentType()) 3471 return ExprError(Diag(BuiltinLoc, 3472 diag::err_convertvector_non_vector) 3473 << E->getSourceRange()); 3474 if (!DstTy->isVectorType() && !DstTy->isDependentType()) 3475 return ExprError(Diag(BuiltinLoc, 3476 diag::err_convertvector_non_vector_type)); 3477 3478 if (!SrcTy->isDependentType() && !DstTy->isDependentType()) { 3479 unsigned SrcElts = SrcTy->getAs<VectorType>()->getNumElements(); 3480 unsigned DstElts = DstTy->getAs<VectorType>()->getNumElements(); 3481 if (SrcElts != DstElts) 3482 return ExprError(Diag(BuiltinLoc, 3483 diag::err_convertvector_incompatible_vector) 3484 << E->getSourceRange()); 3485 } 3486 3487 return new (Context) 3488 ConvertVectorExpr(E, TInfo, DstTy, VK, OK, BuiltinLoc, RParenLoc); 3489 } 3490 3491 /// SemaBuiltinPrefetch - Handle __builtin_prefetch. 3492 // This is declared to take (const void*, ...) and can take two 3493 // optional constant int args. 3494 bool Sema::SemaBuiltinPrefetch(CallExpr *TheCall) { 3495 unsigned NumArgs = TheCall->getNumArgs(); 3496 3497 if (NumArgs > 3) 3498 return Diag(TheCall->getLocEnd(), 3499 diag::err_typecheck_call_too_many_args_at_most) 3500 << 0 /*function call*/ << 3 << NumArgs 3501 << TheCall->getSourceRange(); 3502 3503 // Argument 0 is checked for us and the remaining arguments must be 3504 // constant integers. 3505 for (unsigned i = 1; i != NumArgs; ++i) 3506 if (SemaBuiltinConstantArgRange(TheCall, i, 0, i == 1 ? 1 : 3)) 3507 return true; 3508 3509 return false; 3510 } 3511 3512 /// SemaBuiltinAssume - Handle __assume (MS Extension). 3513 // __assume does not evaluate its arguments, and should warn if its argument 3514 // has side effects. 3515 bool Sema::SemaBuiltinAssume(CallExpr *TheCall) { 3516 Expr *Arg = TheCall->getArg(0); 3517 if (Arg->isInstantiationDependent()) return false; 3518 3519 if (Arg->HasSideEffects(Context)) 3520 Diag(Arg->getLocStart(), diag::warn_assume_side_effects) 3521 << Arg->getSourceRange() 3522 << cast<FunctionDecl>(TheCall->getCalleeDecl())->getIdentifier(); 3523 3524 return false; 3525 } 3526 3527 /// Handle __builtin_assume_aligned. This is declared 3528 /// as (const void*, size_t, ...) and can take one optional constant int arg. 3529 bool Sema::SemaBuiltinAssumeAligned(CallExpr *TheCall) { 3530 unsigned NumArgs = TheCall->getNumArgs(); 3531 3532 if (NumArgs > 3) 3533 return Diag(TheCall->getLocEnd(), 3534 diag::err_typecheck_call_too_many_args_at_most) 3535 << 0 /*function call*/ << 3 << NumArgs 3536 << TheCall->getSourceRange(); 3537 3538 // The alignment must be a constant integer. 3539 Expr *Arg = TheCall->getArg(1); 3540 3541 // We can't check the value of a dependent argument. 3542 if (!Arg->isTypeDependent() && !Arg->isValueDependent()) { 3543 llvm::APSInt Result; 3544 if (SemaBuiltinConstantArg(TheCall, 1, Result)) 3545 return true; 3546 3547 if (!Result.isPowerOf2()) 3548 return Diag(TheCall->getLocStart(), 3549 diag::err_alignment_not_power_of_two) 3550 << Arg->getSourceRange(); 3551 } 3552 3553 if (NumArgs > 2) { 3554 ExprResult Arg(TheCall->getArg(2)); 3555 InitializedEntity Entity = InitializedEntity::InitializeParameter(Context, 3556 Context.getSizeType(), false); 3557 Arg = PerformCopyInitialization(Entity, SourceLocation(), Arg); 3558 if (Arg.isInvalid()) return true; 3559 TheCall->setArg(2, Arg.get()); 3560 } 3561 3562 return false; 3563 } 3564 3565 /// SemaBuiltinConstantArg - Handle a check if argument ArgNum of CallExpr 3566 /// TheCall is a constant expression. 3567 bool Sema::SemaBuiltinConstantArg(CallExpr *TheCall, int ArgNum, 3568 llvm::APSInt &Result) { 3569 Expr *Arg = TheCall->getArg(ArgNum); 3570 DeclRefExpr *DRE =cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts()); 3571 FunctionDecl *FDecl = cast<FunctionDecl>(DRE->getDecl()); 3572 3573 if (Arg->isTypeDependent() || Arg->isValueDependent()) return false; 3574 3575 if (!Arg->isIntegerConstantExpr(Result, Context)) 3576 return Diag(TheCall->getLocStart(), diag::err_constant_integer_arg_type) 3577 << FDecl->getDeclName() << Arg->getSourceRange(); 3578 3579 return false; 3580 } 3581 3582 /// SemaBuiltinConstantArgRange - Handle a check if argument ArgNum of CallExpr 3583 /// TheCall is a constant expression in the range [Low, High]. 3584 bool Sema::SemaBuiltinConstantArgRange(CallExpr *TheCall, int ArgNum, 3585 int Low, int High) { 3586 llvm::APSInt Result; 3587 3588 // We can't check the value of a dependent argument. 3589 Expr *Arg = TheCall->getArg(ArgNum); 3590 if (Arg->isTypeDependent() || Arg->isValueDependent()) 3591 return false; 3592 3593 // Check constant-ness first. 3594 if (SemaBuiltinConstantArg(TheCall, ArgNum, Result)) 3595 return true; 3596 3597 if (Result.getSExtValue() < Low || Result.getSExtValue() > High) 3598 return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range) 3599 << Low << High << Arg->getSourceRange(); 3600 3601 return false; 3602 } 3603 3604 /// SemaBuiltinARMSpecialReg - Handle a check if argument ArgNum of CallExpr 3605 /// TheCall is an ARM/AArch64 special register string literal. 3606 bool Sema::SemaBuiltinARMSpecialReg(unsigned BuiltinID, CallExpr *TheCall, 3607 int ArgNum, unsigned ExpectedFieldNum, 3608 bool AllowName) { 3609 bool IsARMBuiltin = BuiltinID == ARM::BI__builtin_arm_rsr64 || 3610 BuiltinID == ARM::BI__builtin_arm_wsr64 || 3611 BuiltinID == ARM::BI__builtin_arm_rsr || 3612 BuiltinID == ARM::BI__builtin_arm_rsrp || 3613 BuiltinID == ARM::BI__builtin_arm_wsr || 3614 BuiltinID == ARM::BI__builtin_arm_wsrp; 3615 bool IsAArch64Builtin = BuiltinID == AArch64::BI__builtin_arm_rsr64 || 3616 BuiltinID == AArch64::BI__builtin_arm_wsr64 || 3617 BuiltinID == AArch64::BI__builtin_arm_rsr || 3618 BuiltinID == AArch64::BI__builtin_arm_rsrp || 3619 BuiltinID == AArch64::BI__builtin_arm_wsr || 3620 BuiltinID == AArch64::BI__builtin_arm_wsrp; 3621 assert((IsARMBuiltin || IsAArch64Builtin) && "Unexpected ARM builtin."); 3622 3623 // We can't check the value of a dependent argument. 3624 Expr *Arg = TheCall->getArg(ArgNum); 3625 if (Arg->isTypeDependent() || Arg->isValueDependent()) 3626 return false; 3627 3628 // Check if the argument is a string literal. 3629 if (!isa<StringLiteral>(Arg->IgnoreParenImpCasts())) 3630 return Diag(TheCall->getLocStart(), diag::err_expr_not_string_literal) 3631 << Arg->getSourceRange(); 3632 3633 // Check the type of special register given. 3634 StringRef Reg = cast<StringLiteral>(Arg->IgnoreParenImpCasts())->getString(); 3635 SmallVector<StringRef, 6> Fields; 3636 Reg.split(Fields, ":"); 3637 3638 if (Fields.size() != ExpectedFieldNum && !(AllowName && Fields.size() == 1)) 3639 return Diag(TheCall->getLocStart(), diag::err_arm_invalid_specialreg) 3640 << Arg->getSourceRange(); 3641 3642 // If the string is the name of a register then we cannot check that it is 3643 // valid here but if the string is of one the forms described in ACLE then we 3644 // can check that the supplied fields are integers and within the valid 3645 // ranges. 3646 if (Fields.size() > 1) { 3647 bool FiveFields = Fields.size() == 5; 3648 3649 bool ValidString = true; 3650 if (IsARMBuiltin) { 3651 ValidString &= Fields[0].startswith_lower("cp") || 3652 Fields[0].startswith_lower("p"); 3653 if (ValidString) 3654 Fields[0] = 3655 Fields[0].drop_front(Fields[0].startswith_lower("cp") ? 2 : 1); 3656 3657 ValidString &= Fields[2].startswith_lower("c"); 3658 if (ValidString) 3659 Fields[2] = Fields[2].drop_front(1); 3660 3661 if (FiveFields) { 3662 ValidString &= Fields[3].startswith_lower("c"); 3663 if (ValidString) 3664 Fields[3] = Fields[3].drop_front(1); 3665 } 3666 } 3667 3668 SmallVector<int, 5> Ranges; 3669 if (FiveFields) 3670 Ranges.append({IsAArch64Builtin ? 1 : 15, 7, 7, 15, 15}); 3671 else 3672 Ranges.append({15, 7, 15}); 3673 3674 for (unsigned i=0; i<Fields.size(); ++i) { 3675 int IntField; 3676 ValidString &= !Fields[i].getAsInteger(10, IntField); 3677 ValidString &= (IntField >= 0 && IntField <= Ranges[i]); 3678 } 3679 3680 if (!ValidString) 3681 return Diag(TheCall->getLocStart(), diag::err_arm_invalid_specialreg) 3682 << Arg->getSourceRange(); 3683 3684 } else if (IsAArch64Builtin && Fields.size() == 1) { 3685 // If the register name is one of those that appear in the condition below 3686 // and the special register builtin being used is one of the write builtins, 3687 // then we require that the argument provided for writing to the register 3688 // is an integer constant expression. This is because it will be lowered to 3689 // an MSR (immediate) instruction, so we need to know the immediate at 3690 // compile time. 3691 if (TheCall->getNumArgs() != 2) 3692 return false; 3693 3694 std::string RegLower = Reg.lower(); 3695 if (RegLower != "spsel" && RegLower != "daifset" && RegLower != "daifclr" && 3696 RegLower != "pan" && RegLower != "uao") 3697 return false; 3698 3699 return SemaBuiltinConstantArgRange(TheCall, 1, 0, 15); 3700 } 3701 3702 return false; 3703 } 3704 3705 /// SemaBuiltinLongjmp - Handle __builtin_longjmp(void *env[5], int val). 3706 /// This checks that the target supports __builtin_longjmp and 3707 /// that val is a constant 1. 3708 bool Sema::SemaBuiltinLongjmp(CallExpr *TheCall) { 3709 if (!Context.getTargetInfo().hasSjLjLowering()) 3710 return Diag(TheCall->getLocStart(), diag::err_builtin_longjmp_unsupported) 3711 << SourceRange(TheCall->getLocStart(), TheCall->getLocEnd()); 3712 3713 Expr *Arg = TheCall->getArg(1); 3714 llvm::APSInt Result; 3715 3716 // TODO: This is less than ideal. Overload this to take a value. 3717 if (SemaBuiltinConstantArg(TheCall, 1, Result)) 3718 return true; 3719 3720 if (Result != 1) 3721 return Diag(TheCall->getLocStart(), diag::err_builtin_longjmp_invalid_val) 3722 << SourceRange(Arg->getLocStart(), Arg->getLocEnd()); 3723 3724 return false; 3725 } 3726 3727 /// SemaBuiltinSetjmp - Handle __builtin_setjmp(void *env[5]). 3728 /// This checks that the target supports __builtin_setjmp. 3729 bool Sema::SemaBuiltinSetjmp(CallExpr *TheCall) { 3730 if (!Context.getTargetInfo().hasSjLjLowering()) 3731 return Diag(TheCall->getLocStart(), diag::err_builtin_setjmp_unsupported) 3732 << SourceRange(TheCall->getLocStart(), TheCall->getLocEnd()); 3733 return false; 3734 } 3735 3736 namespace { 3737 class UncoveredArgHandler { 3738 enum { Unknown = -1, AllCovered = -2 }; 3739 signed FirstUncoveredArg; 3740 SmallVector<const Expr *, 4> DiagnosticExprs; 3741 3742 public: 3743 UncoveredArgHandler() : FirstUncoveredArg(Unknown) { } 3744 3745 bool hasUncoveredArg() const { 3746 return (FirstUncoveredArg >= 0); 3747 } 3748 3749 unsigned getUncoveredArg() const { 3750 assert(hasUncoveredArg() && "no uncovered argument"); 3751 return FirstUncoveredArg; 3752 } 3753 3754 void setAllCovered() { 3755 // A string has been found with all arguments covered, so clear out 3756 // the diagnostics. 3757 DiagnosticExprs.clear(); 3758 FirstUncoveredArg = AllCovered; 3759 } 3760 3761 void Update(signed NewFirstUncoveredArg, const Expr *StrExpr) { 3762 assert(NewFirstUncoveredArg >= 0 && "Outside range"); 3763 3764 // Don't update if a previous string covers all arguments. 3765 if (FirstUncoveredArg == AllCovered) 3766 return; 3767 3768 // UncoveredArgHandler tracks the highest uncovered argument index 3769 // and with it all the strings that match this index. 3770 if (NewFirstUncoveredArg == FirstUncoveredArg) 3771 DiagnosticExprs.push_back(StrExpr); 3772 else if (NewFirstUncoveredArg > FirstUncoveredArg) { 3773 DiagnosticExprs.clear(); 3774 DiagnosticExprs.push_back(StrExpr); 3775 FirstUncoveredArg = NewFirstUncoveredArg; 3776 } 3777 } 3778 3779 void Diagnose(Sema &S, bool IsFunctionCall, const Expr *ArgExpr); 3780 }; 3781 3782 enum StringLiteralCheckType { 3783 SLCT_NotALiteral, 3784 SLCT_UncheckedLiteral, 3785 SLCT_CheckedLiteral 3786 }; 3787 } // end anonymous namespace 3788 3789 static void CheckFormatString(Sema &S, const StringLiteral *FExpr, 3790 const Expr *OrigFormatExpr, 3791 ArrayRef<const Expr *> Args, 3792 bool HasVAListArg, unsigned format_idx, 3793 unsigned firstDataArg, 3794 Sema::FormatStringType Type, 3795 bool inFunctionCall, 3796 Sema::VariadicCallType CallType, 3797 llvm::SmallBitVector &CheckedVarArgs, 3798 UncoveredArgHandler &UncoveredArg); 3799 3800 // Determine if an expression is a string literal or constant string. 3801 // If this function returns false on the arguments to a function expecting a 3802 // format string, we will usually need to emit a warning. 3803 // True string literals are then checked by CheckFormatString. 3804 static StringLiteralCheckType 3805 checkFormatStringExpr(Sema &S, const Expr *E, ArrayRef<const Expr *> Args, 3806 bool HasVAListArg, unsigned format_idx, 3807 unsigned firstDataArg, Sema::FormatStringType Type, 3808 Sema::VariadicCallType CallType, bool InFunctionCall, 3809 llvm::SmallBitVector &CheckedVarArgs, 3810 UncoveredArgHandler &UncoveredArg) { 3811 tryAgain: 3812 if (E->isTypeDependent() || E->isValueDependent()) 3813 return SLCT_NotALiteral; 3814 3815 E = E->IgnoreParenCasts(); 3816 3817 if (E->isNullPointerConstant(S.Context, Expr::NPC_ValueDependentIsNotNull)) 3818 // Technically -Wformat-nonliteral does not warn about this case. 3819 // The behavior of printf and friends in this case is implementation 3820 // dependent. Ideally if the format string cannot be null then 3821 // it should have a 'nonnull' attribute in the function prototype. 3822 return SLCT_UncheckedLiteral; 3823 3824 switch (E->getStmtClass()) { 3825 case Stmt::BinaryConditionalOperatorClass: 3826 case Stmt::ConditionalOperatorClass: { 3827 // The expression is a literal if both sub-expressions were, and it was 3828 // completely checked only if both sub-expressions were checked. 3829 const AbstractConditionalOperator *C = 3830 cast<AbstractConditionalOperator>(E); 3831 3832 // Determine whether it is necessary to check both sub-expressions, for 3833 // example, because the condition expression is a constant that can be 3834 // evaluated at compile time. 3835 bool CheckLeft = true, CheckRight = true; 3836 3837 bool Cond; 3838 if (C->getCond()->EvaluateAsBooleanCondition(Cond, S.getASTContext())) { 3839 if (Cond) 3840 CheckRight = false; 3841 else 3842 CheckLeft = false; 3843 } 3844 3845 StringLiteralCheckType Left; 3846 if (!CheckLeft) 3847 Left = SLCT_UncheckedLiteral; 3848 else { 3849 Left = checkFormatStringExpr(S, C->getTrueExpr(), Args, 3850 HasVAListArg, format_idx, firstDataArg, 3851 Type, CallType, InFunctionCall, 3852 CheckedVarArgs, UncoveredArg); 3853 if (Left == SLCT_NotALiteral || !CheckRight) 3854 return Left; 3855 } 3856 3857 StringLiteralCheckType Right = 3858 checkFormatStringExpr(S, C->getFalseExpr(), Args, 3859 HasVAListArg, format_idx, firstDataArg, 3860 Type, CallType, InFunctionCall, CheckedVarArgs, 3861 UncoveredArg); 3862 3863 return (CheckLeft && Left < Right) ? Left : Right; 3864 } 3865 3866 case Stmt::ImplicitCastExprClass: { 3867 E = cast<ImplicitCastExpr>(E)->getSubExpr(); 3868 goto tryAgain; 3869 } 3870 3871 case Stmt::OpaqueValueExprClass: 3872 if (const Expr *src = cast<OpaqueValueExpr>(E)->getSourceExpr()) { 3873 E = src; 3874 goto tryAgain; 3875 } 3876 return SLCT_NotALiteral; 3877 3878 case Stmt::PredefinedExprClass: 3879 // While __func__, etc., are technically not string literals, they 3880 // cannot contain format specifiers and thus are not a security 3881 // liability. 3882 return SLCT_UncheckedLiteral; 3883 3884 case Stmt::DeclRefExprClass: { 3885 const DeclRefExpr *DR = cast<DeclRefExpr>(E); 3886 3887 // As an exception, do not flag errors for variables binding to 3888 // const string literals. 3889 if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) { 3890 bool isConstant = false; 3891 QualType T = DR->getType(); 3892 3893 if (const ArrayType *AT = S.Context.getAsArrayType(T)) { 3894 isConstant = AT->getElementType().isConstant(S.Context); 3895 } else if (const PointerType *PT = T->getAs<PointerType>()) { 3896 isConstant = T.isConstant(S.Context) && 3897 PT->getPointeeType().isConstant(S.Context); 3898 } else if (T->isObjCObjectPointerType()) { 3899 // In ObjC, there is usually no "const ObjectPointer" type, 3900 // so don't check if the pointee type is constant. 3901 isConstant = T.isConstant(S.Context); 3902 } 3903 3904 if (isConstant) { 3905 if (const Expr *Init = VD->getAnyInitializer()) { 3906 // Look through initializers like const char c[] = { "foo" } 3907 if (const InitListExpr *InitList = dyn_cast<InitListExpr>(Init)) { 3908 if (InitList->isStringLiteralInit()) 3909 Init = InitList->getInit(0)->IgnoreParenImpCasts(); 3910 } 3911 return checkFormatStringExpr(S, Init, Args, 3912 HasVAListArg, format_idx, 3913 firstDataArg, Type, CallType, 3914 /*InFunctionCall*/false, CheckedVarArgs, 3915 UncoveredArg); 3916 } 3917 } 3918 3919 // For vprintf* functions (i.e., HasVAListArg==true), we add a 3920 // special check to see if the format string is a function parameter 3921 // of the function calling the printf function. If the function 3922 // has an attribute indicating it is a printf-like function, then we 3923 // should suppress warnings concerning non-literals being used in a call 3924 // to a vprintf function. For example: 3925 // 3926 // void 3927 // logmessage(char const *fmt __attribute__ (format (printf, 1, 2)), ...){ 3928 // va_list ap; 3929 // va_start(ap, fmt); 3930 // vprintf(fmt, ap); // Do NOT emit a warning about "fmt". 3931 // ... 3932 // } 3933 if (HasVAListArg) { 3934 if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(VD)) { 3935 if (const NamedDecl *ND = dyn_cast<NamedDecl>(PV->getDeclContext())) { 3936 int PVIndex = PV->getFunctionScopeIndex() + 1; 3937 for (const auto *PVFormat : ND->specific_attrs<FormatAttr>()) { 3938 // adjust for implicit parameter 3939 if (const CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(ND)) 3940 if (MD->isInstance()) 3941 ++PVIndex; 3942 // We also check if the formats are compatible. 3943 // We can't pass a 'scanf' string to a 'printf' function. 3944 if (PVIndex == PVFormat->getFormatIdx() && 3945 Type == S.GetFormatStringType(PVFormat)) 3946 return SLCT_UncheckedLiteral; 3947 } 3948 } 3949 } 3950 } 3951 } 3952 3953 return SLCT_NotALiteral; 3954 } 3955 3956 case Stmt::CallExprClass: 3957 case Stmt::CXXMemberCallExprClass: { 3958 const CallExpr *CE = cast<CallExpr>(E); 3959 if (const NamedDecl *ND = dyn_cast_or_null<NamedDecl>(CE->getCalleeDecl())) { 3960 if (const FormatArgAttr *FA = ND->getAttr<FormatArgAttr>()) { 3961 unsigned ArgIndex = FA->getFormatIdx(); 3962 if (const CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(ND)) 3963 if (MD->isInstance()) 3964 --ArgIndex; 3965 const Expr *Arg = CE->getArg(ArgIndex - 1); 3966 3967 return checkFormatStringExpr(S, Arg, Args, 3968 HasVAListArg, format_idx, firstDataArg, 3969 Type, CallType, InFunctionCall, 3970 CheckedVarArgs, UncoveredArg); 3971 } else if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(ND)) { 3972 unsigned BuiltinID = FD->getBuiltinID(); 3973 if (BuiltinID == Builtin::BI__builtin___CFStringMakeConstantString || 3974 BuiltinID == Builtin::BI__builtin___NSStringMakeConstantString) { 3975 const Expr *Arg = CE->getArg(0); 3976 return checkFormatStringExpr(S, Arg, Args, 3977 HasVAListArg, format_idx, 3978 firstDataArg, Type, CallType, 3979 InFunctionCall, CheckedVarArgs, 3980 UncoveredArg); 3981 } 3982 } 3983 } 3984 3985 return SLCT_NotALiteral; 3986 } 3987 case Stmt::ObjCStringLiteralClass: 3988 case Stmt::StringLiteralClass: { 3989 const StringLiteral *StrE = nullptr; 3990 3991 if (const ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(E)) 3992 StrE = ObjCFExpr->getString(); 3993 else 3994 StrE = cast<StringLiteral>(E); 3995 3996 if (StrE) { 3997 CheckFormatString(S, StrE, E, Args, HasVAListArg, format_idx, 3998 firstDataArg, Type, InFunctionCall, CallType, 3999 CheckedVarArgs, UncoveredArg); 4000 return SLCT_CheckedLiteral; 4001 } 4002 4003 return SLCT_NotALiteral; 4004 } 4005 4006 default: 4007 return SLCT_NotALiteral; 4008 } 4009 } 4010 4011 Sema::FormatStringType Sema::GetFormatStringType(const FormatAttr *Format) { 4012 return llvm::StringSwitch<FormatStringType>(Format->getType()->getName()) 4013 .Case("scanf", FST_Scanf) 4014 .Cases("printf", "printf0", FST_Printf) 4015 .Cases("NSString", "CFString", FST_NSString) 4016 .Case("strftime", FST_Strftime) 4017 .Case("strfmon", FST_Strfmon) 4018 .Cases("kprintf", "cmn_err", "vcmn_err", "zcmn_err", FST_Kprintf) 4019 .Case("freebsd_kprintf", FST_FreeBSDKPrintf) 4020 .Case("os_trace", FST_OSTrace) 4021 .Default(FST_Unknown); 4022 } 4023 4024 /// CheckFormatArguments - Check calls to printf and scanf (and similar 4025 /// functions) for correct use of format strings. 4026 /// Returns true if a format string has been fully checked. 4027 bool Sema::CheckFormatArguments(const FormatAttr *Format, 4028 ArrayRef<const Expr *> Args, 4029 bool IsCXXMember, 4030 VariadicCallType CallType, 4031 SourceLocation Loc, SourceRange Range, 4032 llvm::SmallBitVector &CheckedVarArgs) { 4033 FormatStringInfo FSI; 4034 if (getFormatStringInfo(Format, IsCXXMember, &FSI)) 4035 return CheckFormatArguments(Args, FSI.HasVAListArg, FSI.FormatIdx, 4036 FSI.FirstDataArg, GetFormatStringType(Format), 4037 CallType, Loc, Range, CheckedVarArgs); 4038 return false; 4039 } 4040 4041 bool Sema::CheckFormatArguments(ArrayRef<const Expr *> Args, 4042 bool HasVAListArg, unsigned format_idx, 4043 unsigned firstDataArg, FormatStringType Type, 4044 VariadicCallType CallType, 4045 SourceLocation Loc, SourceRange Range, 4046 llvm::SmallBitVector &CheckedVarArgs) { 4047 // CHECK: printf/scanf-like function is called with no format string. 4048 if (format_idx >= Args.size()) { 4049 Diag(Loc, diag::warn_missing_format_string) << Range; 4050 return false; 4051 } 4052 4053 const Expr *OrigFormatExpr = Args[format_idx]->IgnoreParenCasts(); 4054 4055 // CHECK: format string is not a string literal. 4056 // 4057 // Dynamically generated format strings are difficult to 4058 // automatically vet at compile time. Requiring that format strings 4059 // are string literals: (1) permits the checking of format strings by 4060 // the compiler and thereby (2) can practically remove the source of 4061 // many format string exploits. 4062 4063 // Format string can be either ObjC string (e.g. @"%d") or 4064 // C string (e.g. "%d") 4065 // ObjC string uses the same format specifiers as C string, so we can use 4066 // the same format string checking logic for both ObjC and C strings. 4067 UncoveredArgHandler UncoveredArg; 4068 StringLiteralCheckType CT = 4069 checkFormatStringExpr(*this, OrigFormatExpr, Args, HasVAListArg, 4070 format_idx, firstDataArg, Type, CallType, 4071 /*IsFunctionCall*/true, CheckedVarArgs, 4072 UncoveredArg); 4073 4074 // Generate a diagnostic where an uncovered argument is detected. 4075 if (UncoveredArg.hasUncoveredArg()) { 4076 unsigned ArgIdx = UncoveredArg.getUncoveredArg() + firstDataArg; 4077 assert(ArgIdx < Args.size() && "ArgIdx outside bounds"); 4078 UncoveredArg.Diagnose(*this, /*IsFunctionCall*/true, Args[ArgIdx]); 4079 } 4080 4081 if (CT != SLCT_NotALiteral) 4082 // Literal format string found, check done! 4083 return CT == SLCT_CheckedLiteral; 4084 4085 // Strftime is particular as it always uses a single 'time' argument, 4086 // so it is safe to pass a non-literal string. 4087 if (Type == FST_Strftime) 4088 return false; 4089 4090 // Do not emit diag when the string param is a macro expansion and the 4091 // format is either NSString or CFString. This is a hack to prevent 4092 // diag when using the NSLocalizedString and CFCopyLocalizedString macros 4093 // which are usually used in place of NS and CF string literals. 4094 SourceLocation FormatLoc = Args[format_idx]->getLocStart(); 4095 if (Type == FST_NSString && SourceMgr.isInSystemMacro(FormatLoc)) 4096 return false; 4097 4098 // If there are no arguments specified, warn with -Wformat-security, otherwise 4099 // warn only with -Wformat-nonliteral. 4100 if (Args.size() == firstDataArg) { 4101 Diag(FormatLoc, diag::warn_format_nonliteral_noargs) 4102 << OrigFormatExpr->getSourceRange(); 4103 switch (Type) { 4104 default: 4105 break; 4106 case FST_Kprintf: 4107 case FST_FreeBSDKPrintf: 4108 case FST_Printf: 4109 Diag(FormatLoc, diag::note_format_security_fixit) 4110 << FixItHint::CreateInsertion(FormatLoc, "\"%s\", "); 4111 break; 4112 case FST_NSString: 4113 Diag(FormatLoc, diag::note_format_security_fixit) 4114 << FixItHint::CreateInsertion(FormatLoc, "@\"%@\", "); 4115 break; 4116 } 4117 } else { 4118 Diag(FormatLoc, diag::warn_format_nonliteral) 4119 << OrigFormatExpr->getSourceRange(); 4120 } 4121 return false; 4122 } 4123 4124 namespace { 4125 class CheckFormatHandler : public analyze_format_string::FormatStringHandler { 4126 protected: 4127 Sema &S; 4128 const StringLiteral *FExpr; 4129 const Expr *OrigFormatExpr; 4130 const unsigned FirstDataArg; 4131 const unsigned NumDataArgs; 4132 const char *Beg; // Start of format string. 4133 const bool HasVAListArg; 4134 ArrayRef<const Expr *> Args; 4135 unsigned FormatIdx; 4136 llvm::SmallBitVector CoveredArgs; 4137 bool usesPositionalArgs; 4138 bool atFirstArg; 4139 bool inFunctionCall; 4140 Sema::VariadicCallType CallType; 4141 llvm::SmallBitVector &CheckedVarArgs; 4142 UncoveredArgHandler &UncoveredArg; 4143 4144 public: 4145 CheckFormatHandler(Sema &s, const StringLiteral *fexpr, 4146 const Expr *origFormatExpr, unsigned firstDataArg, 4147 unsigned numDataArgs, const char *beg, bool hasVAListArg, 4148 ArrayRef<const Expr *> Args, 4149 unsigned formatIdx, bool inFunctionCall, 4150 Sema::VariadicCallType callType, 4151 llvm::SmallBitVector &CheckedVarArgs, 4152 UncoveredArgHandler &UncoveredArg) 4153 : S(s), FExpr(fexpr), OrigFormatExpr(origFormatExpr), 4154 FirstDataArg(firstDataArg), NumDataArgs(numDataArgs), 4155 Beg(beg), HasVAListArg(hasVAListArg), 4156 Args(Args), FormatIdx(formatIdx), 4157 usesPositionalArgs(false), atFirstArg(true), 4158 inFunctionCall(inFunctionCall), CallType(callType), 4159 CheckedVarArgs(CheckedVarArgs), UncoveredArg(UncoveredArg) { 4160 CoveredArgs.resize(numDataArgs); 4161 CoveredArgs.reset(); 4162 } 4163 4164 void DoneProcessing(); 4165 4166 void HandleIncompleteSpecifier(const char *startSpecifier, 4167 unsigned specifierLen) override; 4168 4169 void HandleInvalidLengthModifier( 4170 const analyze_format_string::FormatSpecifier &FS, 4171 const analyze_format_string::ConversionSpecifier &CS, 4172 const char *startSpecifier, unsigned specifierLen, 4173 unsigned DiagID); 4174 4175 void HandleNonStandardLengthModifier( 4176 const analyze_format_string::FormatSpecifier &FS, 4177 const char *startSpecifier, unsigned specifierLen); 4178 4179 void HandleNonStandardConversionSpecifier( 4180 const analyze_format_string::ConversionSpecifier &CS, 4181 const char *startSpecifier, unsigned specifierLen); 4182 4183 void HandlePosition(const char *startPos, unsigned posLen) override; 4184 4185 void HandleInvalidPosition(const char *startSpecifier, 4186 unsigned specifierLen, 4187 analyze_format_string::PositionContext p) override; 4188 4189 void HandleZeroPosition(const char *startPos, unsigned posLen) override; 4190 4191 void HandleNullChar(const char *nullCharacter) override; 4192 4193 template <typename Range> 4194 static void 4195 EmitFormatDiagnostic(Sema &S, bool inFunctionCall, const Expr *ArgumentExpr, 4196 const PartialDiagnostic &PDiag, SourceLocation StringLoc, 4197 bool IsStringLocation, Range StringRange, 4198 ArrayRef<FixItHint> Fixit = None); 4199 4200 protected: 4201 bool HandleInvalidConversionSpecifier(unsigned argIndex, SourceLocation Loc, 4202 const char *startSpec, 4203 unsigned specifierLen, 4204 const char *csStart, unsigned csLen); 4205 4206 void HandlePositionalNonpositionalArgs(SourceLocation Loc, 4207 const char *startSpec, 4208 unsigned specifierLen); 4209 4210 SourceRange getFormatStringRange(); 4211 CharSourceRange getSpecifierRange(const char *startSpecifier, 4212 unsigned specifierLen); 4213 SourceLocation getLocationOfByte(const char *x); 4214 4215 const Expr *getDataArg(unsigned i) const; 4216 4217 bool CheckNumArgs(const analyze_format_string::FormatSpecifier &FS, 4218 const analyze_format_string::ConversionSpecifier &CS, 4219 const char *startSpecifier, unsigned specifierLen, 4220 unsigned argIndex); 4221 4222 template <typename Range> 4223 void EmitFormatDiagnostic(PartialDiagnostic PDiag, SourceLocation StringLoc, 4224 bool IsStringLocation, Range StringRange, 4225 ArrayRef<FixItHint> Fixit = None); 4226 }; 4227 } // end anonymous namespace 4228 4229 SourceRange CheckFormatHandler::getFormatStringRange() { 4230 return OrigFormatExpr->getSourceRange(); 4231 } 4232 4233 CharSourceRange CheckFormatHandler:: 4234 getSpecifierRange(const char *startSpecifier, unsigned specifierLen) { 4235 SourceLocation Start = getLocationOfByte(startSpecifier); 4236 SourceLocation End = getLocationOfByte(startSpecifier + specifierLen - 1); 4237 4238 // Advance the end SourceLocation by one due to half-open ranges. 4239 End = End.getLocWithOffset(1); 4240 4241 return CharSourceRange::getCharRange(Start, End); 4242 } 4243 4244 SourceLocation CheckFormatHandler::getLocationOfByte(const char *x) { 4245 return S.getLocationOfStringLiteralByte(FExpr, x - Beg); 4246 } 4247 4248 void CheckFormatHandler::HandleIncompleteSpecifier(const char *startSpecifier, 4249 unsigned specifierLen){ 4250 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_incomplete_specifier), 4251 getLocationOfByte(startSpecifier), 4252 /*IsStringLocation*/true, 4253 getSpecifierRange(startSpecifier, specifierLen)); 4254 } 4255 4256 void CheckFormatHandler::HandleInvalidLengthModifier( 4257 const analyze_format_string::FormatSpecifier &FS, 4258 const analyze_format_string::ConversionSpecifier &CS, 4259 const char *startSpecifier, unsigned specifierLen, unsigned DiagID) { 4260 using namespace analyze_format_string; 4261 4262 const LengthModifier &LM = FS.getLengthModifier(); 4263 CharSourceRange LMRange = getSpecifierRange(LM.getStart(), LM.getLength()); 4264 4265 // See if we know how to fix this length modifier. 4266 Optional<LengthModifier> FixedLM = FS.getCorrectedLengthModifier(); 4267 if (FixedLM) { 4268 EmitFormatDiagnostic(S.PDiag(DiagID) << LM.toString() << CS.toString(), 4269 getLocationOfByte(LM.getStart()), 4270 /*IsStringLocation*/true, 4271 getSpecifierRange(startSpecifier, specifierLen)); 4272 4273 S.Diag(getLocationOfByte(LM.getStart()), diag::note_format_fix_specifier) 4274 << FixedLM->toString() 4275 << FixItHint::CreateReplacement(LMRange, FixedLM->toString()); 4276 4277 } else { 4278 FixItHint Hint; 4279 if (DiagID == diag::warn_format_nonsensical_length) 4280 Hint = FixItHint::CreateRemoval(LMRange); 4281 4282 EmitFormatDiagnostic(S.PDiag(DiagID) << LM.toString() << CS.toString(), 4283 getLocationOfByte(LM.getStart()), 4284 /*IsStringLocation*/true, 4285 getSpecifierRange(startSpecifier, specifierLen), 4286 Hint); 4287 } 4288 } 4289 4290 void CheckFormatHandler::HandleNonStandardLengthModifier( 4291 const analyze_format_string::FormatSpecifier &FS, 4292 const char *startSpecifier, unsigned specifierLen) { 4293 using namespace analyze_format_string; 4294 4295 const LengthModifier &LM = FS.getLengthModifier(); 4296 CharSourceRange LMRange = getSpecifierRange(LM.getStart(), LM.getLength()); 4297 4298 // See if we know how to fix this length modifier. 4299 Optional<LengthModifier> FixedLM = FS.getCorrectedLengthModifier(); 4300 if (FixedLM) { 4301 EmitFormatDiagnostic(S.PDiag(diag::warn_format_non_standard) 4302 << LM.toString() << 0, 4303 getLocationOfByte(LM.getStart()), 4304 /*IsStringLocation*/true, 4305 getSpecifierRange(startSpecifier, specifierLen)); 4306 4307 S.Diag(getLocationOfByte(LM.getStart()), diag::note_format_fix_specifier) 4308 << FixedLM->toString() 4309 << FixItHint::CreateReplacement(LMRange, FixedLM->toString()); 4310 4311 } else { 4312 EmitFormatDiagnostic(S.PDiag(diag::warn_format_non_standard) 4313 << LM.toString() << 0, 4314 getLocationOfByte(LM.getStart()), 4315 /*IsStringLocation*/true, 4316 getSpecifierRange(startSpecifier, specifierLen)); 4317 } 4318 } 4319 4320 void CheckFormatHandler::HandleNonStandardConversionSpecifier( 4321 const analyze_format_string::ConversionSpecifier &CS, 4322 const char *startSpecifier, unsigned specifierLen) { 4323 using namespace analyze_format_string; 4324 4325 // See if we know how to fix this conversion specifier. 4326 Optional<ConversionSpecifier> FixedCS = CS.getStandardSpecifier(); 4327 if (FixedCS) { 4328 EmitFormatDiagnostic(S.PDiag(diag::warn_format_non_standard) 4329 << CS.toString() << /*conversion specifier*/1, 4330 getLocationOfByte(CS.getStart()), 4331 /*IsStringLocation*/true, 4332 getSpecifierRange(startSpecifier, specifierLen)); 4333 4334 CharSourceRange CSRange = getSpecifierRange(CS.getStart(), CS.getLength()); 4335 S.Diag(getLocationOfByte(CS.getStart()), diag::note_format_fix_specifier) 4336 << FixedCS->toString() 4337 << FixItHint::CreateReplacement(CSRange, FixedCS->toString()); 4338 } else { 4339 EmitFormatDiagnostic(S.PDiag(diag::warn_format_non_standard) 4340 << CS.toString() << /*conversion specifier*/1, 4341 getLocationOfByte(CS.getStart()), 4342 /*IsStringLocation*/true, 4343 getSpecifierRange(startSpecifier, specifierLen)); 4344 } 4345 } 4346 4347 void CheckFormatHandler::HandlePosition(const char *startPos, 4348 unsigned posLen) { 4349 EmitFormatDiagnostic(S.PDiag(diag::warn_format_non_standard_positional_arg), 4350 getLocationOfByte(startPos), 4351 /*IsStringLocation*/true, 4352 getSpecifierRange(startPos, posLen)); 4353 } 4354 4355 void 4356 CheckFormatHandler::HandleInvalidPosition(const char *startPos, unsigned posLen, 4357 analyze_format_string::PositionContext p) { 4358 EmitFormatDiagnostic(S.PDiag(diag::warn_format_invalid_positional_specifier) 4359 << (unsigned) p, 4360 getLocationOfByte(startPos), /*IsStringLocation*/true, 4361 getSpecifierRange(startPos, posLen)); 4362 } 4363 4364 void CheckFormatHandler::HandleZeroPosition(const char *startPos, 4365 unsigned posLen) { 4366 EmitFormatDiagnostic(S.PDiag(diag::warn_format_zero_positional_specifier), 4367 getLocationOfByte(startPos), 4368 /*IsStringLocation*/true, 4369 getSpecifierRange(startPos, posLen)); 4370 } 4371 4372 void CheckFormatHandler::HandleNullChar(const char *nullCharacter) { 4373 if (!isa<ObjCStringLiteral>(OrigFormatExpr)) { 4374 // The presence of a null character is likely an error. 4375 EmitFormatDiagnostic( 4376 S.PDiag(diag::warn_printf_format_string_contains_null_char), 4377 getLocationOfByte(nullCharacter), /*IsStringLocation*/true, 4378 getFormatStringRange()); 4379 } 4380 } 4381 4382 // Note that this may return NULL if there was an error parsing or building 4383 // one of the argument expressions. 4384 const Expr *CheckFormatHandler::getDataArg(unsigned i) const { 4385 return Args[FirstDataArg + i]; 4386 } 4387 4388 void CheckFormatHandler::DoneProcessing() { 4389 // Does the number of data arguments exceed the number of 4390 // format conversions in the format string? 4391 if (!HasVAListArg) { 4392 // Find any arguments that weren't covered. 4393 CoveredArgs.flip(); 4394 signed notCoveredArg = CoveredArgs.find_first(); 4395 if (notCoveredArg >= 0) { 4396 assert((unsigned)notCoveredArg < NumDataArgs); 4397 UncoveredArg.Update(notCoveredArg, OrigFormatExpr); 4398 } else { 4399 UncoveredArg.setAllCovered(); 4400 } 4401 } 4402 } 4403 4404 void UncoveredArgHandler::Diagnose(Sema &S, bool IsFunctionCall, 4405 const Expr *ArgExpr) { 4406 assert(hasUncoveredArg() && DiagnosticExprs.size() > 0 && 4407 "Invalid state"); 4408 4409 if (!ArgExpr) 4410 return; 4411 4412 SourceLocation Loc = ArgExpr->getLocStart(); 4413 4414 if (S.getSourceManager().isInSystemMacro(Loc)) 4415 return; 4416 4417 PartialDiagnostic PDiag = S.PDiag(diag::warn_printf_data_arg_not_used); 4418 for (auto E : DiagnosticExprs) 4419 PDiag << E->getSourceRange(); 4420 4421 CheckFormatHandler::EmitFormatDiagnostic( 4422 S, IsFunctionCall, DiagnosticExprs[0], 4423 PDiag, Loc, /*IsStringLocation*/false, 4424 DiagnosticExprs[0]->getSourceRange()); 4425 } 4426 4427 bool 4428 CheckFormatHandler::HandleInvalidConversionSpecifier(unsigned argIndex, 4429 SourceLocation Loc, 4430 const char *startSpec, 4431 unsigned specifierLen, 4432 const char *csStart, 4433 unsigned csLen) { 4434 bool keepGoing = true; 4435 if (argIndex < NumDataArgs) { 4436 // Consider the argument coverered, even though the specifier doesn't 4437 // make sense. 4438 CoveredArgs.set(argIndex); 4439 } 4440 else { 4441 // If argIndex exceeds the number of data arguments we 4442 // don't issue a warning because that is just a cascade of warnings (and 4443 // they may have intended '%%' anyway). We don't want to continue processing 4444 // the format string after this point, however, as we will like just get 4445 // gibberish when trying to match arguments. 4446 keepGoing = false; 4447 } 4448 4449 StringRef Specifier(csStart, csLen); 4450 4451 // If the specifier in non-printable, it could be the first byte of a UTF-8 4452 // sequence. In that case, print the UTF-8 code point. If not, print the byte 4453 // hex value. 4454 std::string CodePointStr; 4455 if (!llvm::sys::locale::isPrint(*csStart)) { 4456 UTF32 CodePoint; 4457 const UTF8 **B = reinterpret_cast<const UTF8 **>(&csStart); 4458 const UTF8 *E = 4459 reinterpret_cast<const UTF8 *>(csStart + csLen); 4460 ConversionResult Result = 4461 llvm::convertUTF8Sequence(B, E, &CodePoint, strictConversion); 4462 4463 if (Result != conversionOK) { 4464 unsigned char FirstChar = *csStart; 4465 CodePoint = (UTF32)FirstChar; 4466 } 4467 4468 llvm::raw_string_ostream OS(CodePointStr); 4469 if (CodePoint < 256) 4470 OS << "\\x" << llvm::format("%02x", CodePoint); 4471 else if (CodePoint <= 0xFFFF) 4472 OS << "\\u" << llvm::format("%04x", CodePoint); 4473 else 4474 OS << "\\U" << llvm::format("%08x", CodePoint); 4475 OS.flush(); 4476 Specifier = CodePointStr; 4477 } 4478 4479 EmitFormatDiagnostic( 4480 S.PDiag(diag::warn_format_invalid_conversion) << Specifier, Loc, 4481 /*IsStringLocation*/ true, getSpecifierRange(startSpec, specifierLen)); 4482 4483 return keepGoing; 4484 } 4485 4486 void 4487 CheckFormatHandler::HandlePositionalNonpositionalArgs(SourceLocation Loc, 4488 const char *startSpec, 4489 unsigned specifierLen) { 4490 EmitFormatDiagnostic( 4491 S.PDiag(diag::warn_format_mix_positional_nonpositional_args), 4492 Loc, /*isStringLoc*/true, getSpecifierRange(startSpec, specifierLen)); 4493 } 4494 4495 bool 4496 CheckFormatHandler::CheckNumArgs( 4497 const analyze_format_string::FormatSpecifier &FS, 4498 const analyze_format_string::ConversionSpecifier &CS, 4499 const char *startSpecifier, unsigned specifierLen, unsigned argIndex) { 4500 4501 if (argIndex >= NumDataArgs) { 4502 PartialDiagnostic PDiag = FS.usesPositionalArg() 4503 ? (S.PDiag(diag::warn_printf_positional_arg_exceeds_data_args) 4504 << (argIndex+1) << NumDataArgs) 4505 : S.PDiag(diag::warn_printf_insufficient_data_args); 4506 EmitFormatDiagnostic( 4507 PDiag, getLocationOfByte(CS.getStart()), /*IsStringLocation*/true, 4508 getSpecifierRange(startSpecifier, specifierLen)); 4509 4510 // Since more arguments than conversion tokens are given, by extension 4511 // all arguments are covered, so mark this as so. 4512 UncoveredArg.setAllCovered(); 4513 return false; 4514 } 4515 return true; 4516 } 4517 4518 template<typename Range> 4519 void CheckFormatHandler::EmitFormatDiagnostic(PartialDiagnostic PDiag, 4520 SourceLocation Loc, 4521 bool IsStringLocation, 4522 Range StringRange, 4523 ArrayRef<FixItHint> FixIt) { 4524 EmitFormatDiagnostic(S, inFunctionCall, Args[FormatIdx], PDiag, 4525 Loc, IsStringLocation, StringRange, FixIt); 4526 } 4527 4528 /// \brief If the format string is not within the funcion call, emit a note 4529 /// so that the function call and string are in diagnostic messages. 4530 /// 4531 /// \param InFunctionCall if true, the format string is within the function 4532 /// call and only one diagnostic message will be produced. Otherwise, an 4533 /// extra note will be emitted pointing to location of the format string. 4534 /// 4535 /// \param ArgumentExpr the expression that is passed as the format string 4536 /// argument in the function call. Used for getting locations when two 4537 /// diagnostics are emitted. 4538 /// 4539 /// \param PDiag the callee should already have provided any strings for the 4540 /// diagnostic message. This function only adds locations and fixits 4541 /// to diagnostics. 4542 /// 4543 /// \param Loc primary location for diagnostic. If two diagnostics are 4544 /// required, one will be at Loc and a new SourceLocation will be created for 4545 /// the other one. 4546 /// 4547 /// \param IsStringLocation if true, Loc points to the format string should be 4548 /// used for the note. Otherwise, Loc points to the argument list and will 4549 /// be used with PDiag. 4550 /// 4551 /// \param StringRange some or all of the string to highlight. This is 4552 /// templated so it can accept either a CharSourceRange or a SourceRange. 4553 /// 4554 /// \param FixIt optional fix it hint for the format string. 4555 template <typename Range> 4556 void CheckFormatHandler::EmitFormatDiagnostic( 4557 Sema &S, bool InFunctionCall, const Expr *ArgumentExpr, 4558 const PartialDiagnostic &PDiag, SourceLocation Loc, bool IsStringLocation, 4559 Range StringRange, ArrayRef<FixItHint> FixIt) { 4560 if (InFunctionCall) { 4561 const Sema::SemaDiagnosticBuilder &D = S.Diag(Loc, PDiag); 4562 D << StringRange; 4563 D << FixIt; 4564 } else { 4565 S.Diag(IsStringLocation ? ArgumentExpr->getExprLoc() : Loc, PDiag) 4566 << ArgumentExpr->getSourceRange(); 4567 4568 const Sema::SemaDiagnosticBuilder &Note = 4569 S.Diag(IsStringLocation ? Loc : StringRange.getBegin(), 4570 diag::note_format_string_defined); 4571 4572 Note << StringRange; 4573 Note << FixIt; 4574 } 4575 } 4576 4577 //===--- CHECK: Printf format string checking ------------------------------===// 4578 4579 namespace { 4580 class CheckPrintfHandler : public CheckFormatHandler { 4581 bool ObjCContext; 4582 4583 public: 4584 CheckPrintfHandler(Sema &s, const StringLiteral *fexpr, 4585 const Expr *origFormatExpr, unsigned firstDataArg, 4586 unsigned numDataArgs, bool isObjC, 4587 const char *beg, bool hasVAListArg, 4588 ArrayRef<const Expr *> Args, 4589 unsigned formatIdx, bool inFunctionCall, 4590 Sema::VariadicCallType CallType, 4591 llvm::SmallBitVector &CheckedVarArgs, 4592 UncoveredArgHandler &UncoveredArg) 4593 : CheckFormatHandler(s, fexpr, origFormatExpr, firstDataArg, 4594 numDataArgs, beg, hasVAListArg, Args, 4595 formatIdx, inFunctionCall, CallType, CheckedVarArgs, 4596 UncoveredArg), 4597 ObjCContext(isObjC) 4598 {} 4599 4600 bool HandleInvalidPrintfConversionSpecifier( 4601 const analyze_printf::PrintfSpecifier &FS, 4602 const char *startSpecifier, 4603 unsigned specifierLen) override; 4604 4605 bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS, 4606 const char *startSpecifier, 4607 unsigned specifierLen) override; 4608 bool checkFormatExpr(const analyze_printf::PrintfSpecifier &FS, 4609 const char *StartSpecifier, 4610 unsigned SpecifierLen, 4611 const Expr *E); 4612 4613 bool HandleAmount(const analyze_format_string::OptionalAmount &Amt, unsigned k, 4614 const char *startSpecifier, unsigned specifierLen); 4615 void HandleInvalidAmount(const analyze_printf::PrintfSpecifier &FS, 4616 const analyze_printf::OptionalAmount &Amt, 4617 unsigned type, 4618 const char *startSpecifier, unsigned specifierLen); 4619 void HandleFlag(const analyze_printf::PrintfSpecifier &FS, 4620 const analyze_printf::OptionalFlag &flag, 4621 const char *startSpecifier, unsigned specifierLen); 4622 void HandleIgnoredFlag(const analyze_printf::PrintfSpecifier &FS, 4623 const analyze_printf::OptionalFlag &ignoredFlag, 4624 const analyze_printf::OptionalFlag &flag, 4625 const char *startSpecifier, unsigned specifierLen); 4626 bool checkForCStrMembers(const analyze_printf::ArgType &AT, 4627 const Expr *E); 4628 4629 void HandleEmptyObjCModifierFlag(const char *startFlag, 4630 unsigned flagLen) override; 4631 4632 void HandleInvalidObjCModifierFlag(const char *startFlag, 4633 unsigned flagLen) override; 4634 4635 void HandleObjCFlagsWithNonObjCConversion(const char *flagsStart, 4636 const char *flagsEnd, 4637 const char *conversionPosition) 4638 override; 4639 }; 4640 } // end anonymous namespace 4641 4642 bool CheckPrintfHandler::HandleInvalidPrintfConversionSpecifier( 4643 const analyze_printf::PrintfSpecifier &FS, 4644 const char *startSpecifier, 4645 unsigned specifierLen) { 4646 const analyze_printf::PrintfConversionSpecifier &CS = 4647 FS.getConversionSpecifier(); 4648 4649 return HandleInvalidConversionSpecifier(FS.getArgIndex(), 4650 getLocationOfByte(CS.getStart()), 4651 startSpecifier, specifierLen, 4652 CS.getStart(), CS.getLength()); 4653 } 4654 4655 bool CheckPrintfHandler::HandleAmount( 4656 const analyze_format_string::OptionalAmount &Amt, 4657 unsigned k, const char *startSpecifier, 4658 unsigned specifierLen) { 4659 if (Amt.hasDataArgument()) { 4660 if (!HasVAListArg) { 4661 unsigned argIndex = Amt.getArgIndex(); 4662 if (argIndex >= NumDataArgs) { 4663 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_asterisk_missing_arg) 4664 << k, 4665 getLocationOfByte(Amt.getStart()), 4666 /*IsStringLocation*/true, 4667 getSpecifierRange(startSpecifier, specifierLen)); 4668 // Don't do any more checking. We will just emit 4669 // spurious errors. 4670 return false; 4671 } 4672 4673 // Type check the data argument. It should be an 'int'. 4674 // Although not in conformance with C99, we also allow the argument to be 4675 // an 'unsigned int' as that is a reasonably safe case. GCC also 4676 // doesn't emit a warning for that case. 4677 CoveredArgs.set(argIndex); 4678 const Expr *Arg = getDataArg(argIndex); 4679 if (!Arg) 4680 return false; 4681 4682 QualType T = Arg->getType(); 4683 4684 const analyze_printf::ArgType &AT = Amt.getArgType(S.Context); 4685 assert(AT.isValid()); 4686 4687 if (!AT.matchesType(S.Context, T)) { 4688 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_asterisk_wrong_type) 4689 << k << AT.getRepresentativeTypeName(S.Context) 4690 << T << Arg->getSourceRange(), 4691 getLocationOfByte(Amt.getStart()), 4692 /*IsStringLocation*/true, 4693 getSpecifierRange(startSpecifier, specifierLen)); 4694 // Don't do any more checking. We will just emit 4695 // spurious errors. 4696 return false; 4697 } 4698 } 4699 } 4700 return true; 4701 } 4702 4703 void CheckPrintfHandler::HandleInvalidAmount( 4704 const analyze_printf::PrintfSpecifier &FS, 4705 const analyze_printf::OptionalAmount &Amt, 4706 unsigned type, 4707 const char *startSpecifier, 4708 unsigned specifierLen) { 4709 const analyze_printf::PrintfConversionSpecifier &CS = 4710 FS.getConversionSpecifier(); 4711 4712 FixItHint fixit = 4713 Amt.getHowSpecified() == analyze_printf::OptionalAmount::Constant 4714 ? FixItHint::CreateRemoval(getSpecifierRange(Amt.getStart(), 4715 Amt.getConstantLength())) 4716 : FixItHint(); 4717 4718 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_nonsensical_optional_amount) 4719 << type << CS.toString(), 4720 getLocationOfByte(Amt.getStart()), 4721 /*IsStringLocation*/true, 4722 getSpecifierRange(startSpecifier, specifierLen), 4723 fixit); 4724 } 4725 4726 void CheckPrintfHandler::HandleFlag(const analyze_printf::PrintfSpecifier &FS, 4727 const analyze_printf::OptionalFlag &flag, 4728 const char *startSpecifier, 4729 unsigned specifierLen) { 4730 // Warn about pointless flag with a fixit removal. 4731 const analyze_printf::PrintfConversionSpecifier &CS = 4732 FS.getConversionSpecifier(); 4733 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_nonsensical_flag) 4734 << flag.toString() << CS.toString(), 4735 getLocationOfByte(flag.getPosition()), 4736 /*IsStringLocation*/true, 4737 getSpecifierRange(startSpecifier, specifierLen), 4738 FixItHint::CreateRemoval( 4739 getSpecifierRange(flag.getPosition(), 1))); 4740 } 4741 4742 void CheckPrintfHandler::HandleIgnoredFlag( 4743 const analyze_printf::PrintfSpecifier &FS, 4744 const analyze_printf::OptionalFlag &ignoredFlag, 4745 const analyze_printf::OptionalFlag &flag, 4746 const char *startSpecifier, 4747 unsigned specifierLen) { 4748 // Warn about ignored flag with a fixit removal. 4749 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_ignored_flag) 4750 << ignoredFlag.toString() << flag.toString(), 4751 getLocationOfByte(ignoredFlag.getPosition()), 4752 /*IsStringLocation*/true, 4753 getSpecifierRange(startSpecifier, specifierLen), 4754 FixItHint::CreateRemoval( 4755 getSpecifierRange(ignoredFlag.getPosition(), 1))); 4756 } 4757 4758 // void EmitFormatDiagnostic(PartialDiagnostic PDiag, SourceLocation StringLoc, 4759 // bool IsStringLocation, Range StringRange, 4760 // ArrayRef<FixItHint> Fixit = None); 4761 4762 void CheckPrintfHandler::HandleEmptyObjCModifierFlag(const char *startFlag, 4763 unsigned flagLen) { 4764 // Warn about an empty flag. 4765 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_empty_objc_flag), 4766 getLocationOfByte(startFlag), 4767 /*IsStringLocation*/true, 4768 getSpecifierRange(startFlag, flagLen)); 4769 } 4770 4771 void CheckPrintfHandler::HandleInvalidObjCModifierFlag(const char *startFlag, 4772 unsigned flagLen) { 4773 // Warn about an invalid flag. 4774 auto Range = getSpecifierRange(startFlag, flagLen); 4775 StringRef flag(startFlag, flagLen); 4776 EmitFormatDiagnostic(S.PDiag(diag::warn_printf_invalid_objc_flag) << flag, 4777 getLocationOfByte(startFlag), 4778 /*IsStringLocation*/true, 4779 Range, FixItHint::CreateRemoval(Range)); 4780 } 4781 4782 void CheckPrintfHandler::HandleObjCFlagsWithNonObjCConversion( 4783 const char *flagsStart, const char *flagsEnd, const char *conversionPosition) { 4784 // Warn about using '[...]' without a '@' conversion. 4785 auto Range = getSpecifierRange(flagsStart, flagsEnd - flagsStart + 1); 4786 auto diag = diag::warn_printf_ObjCflags_without_ObjCConversion; 4787 EmitFormatDiagnostic(S.PDiag(diag) << StringRef(conversionPosition, 1), 4788 getLocationOfByte(conversionPosition), 4789 /*IsStringLocation*/true, 4790 Range, FixItHint::CreateRemoval(Range)); 4791 } 4792 4793 // Determines if the specified is a C++ class or struct containing 4794 // a member with the specified name and kind (e.g. a CXXMethodDecl named 4795 // "c_str()"). 4796 template<typename MemberKind> 4797 static llvm::SmallPtrSet<MemberKind*, 1> 4798 CXXRecordMembersNamed(StringRef Name, Sema &S, QualType Ty) { 4799 const RecordType *RT = Ty->getAs<RecordType>(); 4800 llvm::SmallPtrSet<MemberKind*, 1> Results; 4801 4802 if (!RT) 4803 return Results; 4804 const CXXRecordDecl *RD = dyn_cast<CXXRecordDecl>(RT->getDecl()); 4805 if (!RD || !RD->getDefinition()) 4806 return Results; 4807 4808 LookupResult R(S, &S.Context.Idents.get(Name), SourceLocation(), 4809 Sema::LookupMemberName); 4810 R.suppressDiagnostics(); 4811 4812 // We just need to include all members of the right kind turned up by the 4813 // filter, at this point. 4814 if (S.LookupQualifiedName(R, RT->getDecl())) 4815 for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) { 4816 NamedDecl *decl = (*I)->getUnderlyingDecl(); 4817 if (MemberKind *FK = dyn_cast<MemberKind>(decl)) 4818 Results.insert(FK); 4819 } 4820 return Results; 4821 } 4822 4823 /// Check if we could call '.c_str()' on an object. 4824 /// 4825 /// FIXME: This returns the wrong results in some cases (if cv-qualifiers don't 4826 /// allow the call, or if it would be ambiguous). 4827 bool Sema::hasCStrMethod(const Expr *E) { 4828 typedef llvm::SmallPtrSet<CXXMethodDecl*, 1> MethodSet; 4829 MethodSet Results = 4830 CXXRecordMembersNamed<CXXMethodDecl>("c_str", *this, E->getType()); 4831 for (MethodSet::iterator MI = Results.begin(), ME = Results.end(); 4832 MI != ME; ++MI) 4833 if ((*MI)->getMinRequiredArguments() == 0) 4834 return true; 4835 return false; 4836 } 4837 4838 // Check if a (w)string was passed when a (w)char* was needed, and offer a 4839 // better diagnostic if so. AT is assumed to be valid. 4840 // Returns true when a c_str() conversion method is found. 4841 bool CheckPrintfHandler::checkForCStrMembers( 4842 const analyze_printf::ArgType &AT, const Expr *E) { 4843 typedef llvm::SmallPtrSet<CXXMethodDecl*, 1> MethodSet; 4844 4845 MethodSet Results = 4846 CXXRecordMembersNamed<CXXMethodDecl>("c_str", S, E->getType()); 4847 4848 for (MethodSet::iterator MI = Results.begin(), ME = Results.end(); 4849 MI != ME; ++MI) { 4850 const CXXMethodDecl *Method = *MI; 4851 if (Method->getMinRequiredArguments() == 0 && 4852 AT.matchesType(S.Context, Method->getReturnType())) { 4853 // FIXME: Suggest parens if the expression needs them. 4854 SourceLocation EndLoc = S.getLocForEndOfToken(E->getLocEnd()); 4855 S.Diag(E->getLocStart(), diag::note_printf_c_str) 4856 << "c_str()" 4857 << FixItHint::CreateInsertion(EndLoc, ".c_str()"); 4858 return true; 4859 } 4860 } 4861 4862 return false; 4863 } 4864 4865 bool 4866 CheckPrintfHandler::HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier 4867 &FS, 4868 const char *startSpecifier, 4869 unsigned specifierLen) { 4870 using namespace analyze_format_string; 4871 using namespace analyze_printf; 4872 const PrintfConversionSpecifier &CS = FS.getConversionSpecifier(); 4873 4874 if (FS.consumesDataArgument()) { 4875 if (atFirstArg) { 4876 atFirstArg = false; 4877 usesPositionalArgs = FS.usesPositionalArg(); 4878 } 4879 else if (usesPositionalArgs != FS.usesPositionalArg()) { 4880 HandlePositionalNonpositionalArgs(getLocationOfByte(CS.getStart()), 4881 startSpecifier, specifierLen); 4882 return false; 4883 } 4884 } 4885 4886 // First check if the field width, precision, and conversion specifier 4887 // have matching data arguments. 4888 if (!HandleAmount(FS.getFieldWidth(), /* field width */ 0, 4889 startSpecifier, specifierLen)) { 4890 return false; 4891 } 4892 4893 if (!HandleAmount(FS.getPrecision(), /* precision */ 1, 4894 startSpecifier, specifierLen)) { 4895 return false; 4896 } 4897 4898 if (!CS.consumesDataArgument()) { 4899 // FIXME: Technically specifying a precision or field width here 4900 // makes no sense. Worth issuing a warning at some point. 4901 return true; 4902 } 4903 4904 // Consume the argument. 4905 unsigned argIndex = FS.getArgIndex(); 4906 if (argIndex < NumDataArgs) { 4907 // The check to see if the argIndex is valid will come later. 4908 // We set the bit here because we may exit early from this 4909 // function if we encounter some other error. 4910 CoveredArgs.set(argIndex); 4911 } 4912 4913 // FreeBSD kernel extensions. 4914 if (CS.getKind() == ConversionSpecifier::FreeBSDbArg || 4915 CS.getKind() == ConversionSpecifier::FreeBSDDArg) { 4916 // We need at least two arguments. 4917 if (!CheckNumArgs(FS, CS, startSpecifier, specifierLen, argIndex + 1)) 4918 return false; 4919 4920 // Claim the second argument. 4921 CoveredArgs.set(argIndex + 1); 4922 4923 // Type check the first argument (int for %b, pointer for %D) 4924 const Expr *Ex = getDataArg(argIndex); 4925 const analyze_printf::ArgType &AT = 4926 (CS.getKind() == ConversionSpecifier::FreeBSDbArg) ? 4927 ArgType(S.Context.IntTy) : ArgType::CPointerTy; 4928 if (AT.isValid() && !AT.matchesType(S.Context, Ex->getType())) 4929 EmitFormatDiagnostic( 4930 S.PDiag(diag::warn_format_conversion_argument_type_mismatch) 4931 << AT.getRepresentativeTypeName(S.Context) << Ex->getType() 4932 << false << Ex->getSourceRange(), 4933 Ex->getLocStart(), /*IsStringLocation*/false, 4934 getSpecifierRange(startSpecifier, specifierLen)); 4935 4936 // Type check the second argument (char * for both %b and %D) 4937 Ex = getDataArg(argIndex + 1); 4938 const analyze_printf::ArgType &AT2 = ArgType::CStrTy; 4939 if (AT2.isValid() && !AT2.matchesType(S.Context, Ex->getType())) 4940 EmitFormatDiagnostic( 4941 S.PDiag(diag::warn_format_conversion_argument_type_mismatch) 4942 << AT2.getRepresentativeTypeName(S.Context) << Ex->getType() 4943 << false << Ex->getSourceRange(), 4944 Ex->getLocStart(), /*IsStringLocation*/false, 4945 getSpecifierRange(startSpecifier, specifierLen)); 4946 4947 return true; 4948 } 4949 4950 // Check for using an Objective-C specific conversion specifier 4951 // in a non-ObjC literal. 4952 if (!ObjCContext && CS.isObjCArg()) { 4953 return HandleInvalidPrintfConversionSpecifier(FS, startSpecifier, 4954 specifierLen); 4955 } 4956 4957 // Check for invalid use of field width 4958 if (!FS.hasValidFieldWidth()) { 4959 HandleInvalidAmount(FS, FS.getFieldWidth(), /* field width */ 0, 4960 startSpecifier, specifierLen); 4961 } 4962 4963 // Check for invalid use of precision 4964 if (!FS.hasValidPrecision()) { 4965 HandleInvalidAmount(FS, FS.getPrecision(), /* precision */ 1, 4966 startSpecifier, specifierLen); 4967 } 4968 4969 // Check each flag does not conflict with any other component. 4970 if (!FS.hasValidThousandsGroupingPrefix()) 4971 HandleFlag(FS, FS.hasThousandsGrouping(), startSpecifier, specifierLen); 4972 if (!FS.hasValidLeadingZeros()) 4973 HandleFlag(FS, FS.hasLeadingZeros(), startSpecifier, specifierLen); 4974 if (!FS.hasValidPlusPrefix()) 4975 HandleFlag(FS, FS.hasPlusPrefix(), startSpecifier, specifierLen); 4976 if (!FS.hasValidSpacePrefix()) 4977 HandleFlag(FS, FS.hasSpacePrefix(), startSpecifier, specifierLen); 4978 if (!FS.hasValidAlternativeForm()) 4979 HandleFlag(FS, FS.hasAlternativeForm(), startSpecifier, specifierLen); 4980 if (!FS.hasValidLeftJustified()) 4981 HandleFlag(FS, FS.isLeftJustified(), startSpecifier, specifierLen); 4982 4983 // Check that flags are not ignored by another flag 4984 if (FS.hasSpacePrefix() && FS.hasPlusPrefix()) // ' ' ignored by '+' 4985 HandleIgnoredFlag(FS, FS.hasSpacePrefix(), FS.hasPlusPrefix(), 4986 startSpecifier, specifierLen); 4987 if (FS.hasLeadingZeros() && FS.isLeftJustified()) // '0' ignored by '-' 4988 HandleIgnoredFlag(FS, FS.hasLeadingZeros(), FS.isLeftJustified(), 4989 startSpecifier, specifierLen); 4990 4991 // Check the length modifier is valid with the given conversion specifier. 4992 if (!FS.hasValidLengthModifier(S.getASTContext().getTargetInfo())) 4993 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen, 4994 diag::warn_format_nonsensical_length); 4995 else if (!FS.hasStandardLengthModifier()) 4996 HandleNonStandardLengthModifier(FS, startSpecifier, specifierLen); 4997 else if (!FS.hasStandardLengthConversionCombination()) 4998 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen, 4999 diag::warn_format_non_standard_conversion_spec); 5000 5001 if (!FS.hasStandardConversionSpecifier(S.getLangOpts())) 5002 HandleNonStandardConversionSpecifier(CS, startSpecifier, specifierLen); 5003 5004 // The remaining checks depend on the data arguments. 5005 if (HasVAListArg) 5006 return true; 5007 5008 if (!CheckNumArgs(FS, CS, startSpecifier, specifierLen, argIndex)) 5009 return false; 5010 5011 const Expr *Arg = getDataArg(argIndex); 5012 if (!Arg) 5013 return true; 5014 5015 return checkFormatExpr(FS, startSpecifier, specifierLen, Arg); 5016 } 5017 5018 static bool requiresParensToAddCast(const Expr *E) { 5019 // FIXME: We should have a general way to reason about operator 5020 // precedence and whether parens are actually needed here. 5021 // Take care of a few common cases where they aren't. 5022 const Expr *Inside = E->IgnoreImpCasts(); 5023 if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(Inside)) 5024 Inside = POE->getSyntacticForm()->IgnoreImpCasts(); 5025 5026 switch (Inside->getStmtClass()) { 5027 case Stmt::ArraySubscriptExprClass: 5028 case Stmt::CallExprClass: 5029 case Stmt::CharacterLiteralClass: 5030 case Stmt::CXXBoolLiteralExprClass: 5031 case Stmt::DeclRefExprClass: 5032 case Stmt::FloatingLiteralClass: 5033 case Stmt::IntegerLiteralClass: 5034 case Stmt::MemberExprClass: 5035 case Stmt::ObjCArrayLiteralClass: 5036 case Stmt::ObjCBoolLiteralExprClass: 5037 case Stmt::ObjCBoxedExprClass: 5038 case Stmt::ObjCDictionaryLiteralClass: 5039 case Stmt::ObjCEncodeExprClass: 5040 case Stmt::ObjCIvarRefExprClass: 5041 case Stmt::ObjCMessageExprClass: 5042 case Stmt::ObjCPropertyRefExprClass: 5043 case Stmt::ObjCStringLiteralClass: 5044 case Stmt::ObjCSubscriptRefExprClass: 5045 case Stmt::ParenExprClass: 5046 case Stmt::StringLiteralClass: 5047 case Stmt::UnaryOperatorClass: 5048 return false; 5049 default: 5050 return true; 5051 } 5052 } 5053 5054 static std::pair<QualType, StringRef> 5055 shouldNotPrintDirectly(const ASTContext &Context, 5056 QualType IntendedTy, 5057 const Expr *E) { 5058 // Use a 'while' to peel off layers of typedefs. 5059 QualType TyTy = IntendedTy; 5060 while (const TypedefType *UserTy = TyTy->getAs<TypedefType>()) { 5061 StringRef Name = UserTy->getDecl()->getName(); 5062 QualType CastTy = llvm::StringSwitch<QualType>(Name) 5063 .Case("NSInteger", Context.LongTy) 5064 .Case("NSUInteger", Context.UnsignedLongTy) 5065 .Case("SInt32", Context.IntTy) 5066 .Case("UInt32", Context.UnsignedIntTy) 5067 .Default(QualType()); 5068 5069 if (!CastTy.isNull()) 5070 return std::make_pair(CastTy, Name); 5071 5072 TyTy = UserTy->desugar(); 5073 } 5074 5075 // Strip parens if necessary. 5076 if (const ParenExpr *PE = dyn_cast<ParenExpr>(E)) 5077 return shouldNotPrintDirectly(Context, 5078 PE->getSubExpr()->getType(), 5079 PE->getSubExpr()); 5080 5081 // If this is a conditional expression, then its result type is constructed 5082 // via usual arithmetic conversions and thus there might be no necessary 5083 // typedef sugar there. Recurse to operands to check for NSInteger & 5084 // Co. usage condition. 5085 if (const ConditionalOperator *CO = dyn_cast<ConditionalOperator>(E)) { 5086 QualType TrueTy, FalseTy; 5087 StringRef TrueName, FalseName; 5088 5089 std::tie(TrueTy, TrueName) = 5090 shouldNotPrintDirectly(Context, 5091 CO->getTrueExpr()->getType(), 5092 CO->getTrueExpr()); 5093 std::tie(FalseTy, FalseName) = 5094 shouldNotPrintDirectly(Context, 5095 CO->getFalseExpr()->getType(), 5096 CO->getFalseExpr()); 5097 5098 if (TrueTy == FalseTy) 5099 return std::make_pair(TrueTy, TrueName); 5100 else if (TrueTy.isNull()) 5101 return std::make_pair(FalseTy, FalseName); 5102 else if (FalseTy.isNull()) 5103 return std::make_pair(TrueTy, TrueName); 5104 } 5105 5106 return std::make_pair(QualType(), StringRef()); 5107 } 5108 5109 bool 5110 CheckPrintfHandler::checkFormatExpr(const analyze_printf::PrintfSpecifier &FS, 5111 const char *StartSpecifier, 5112 unsigned SpecifierLen, 5113 const Expr *E) { 5114 using namespace analyze_format_string; 5115 using namespace analyze_printf; 5116 // Now type check the data expression that matches the 5117 // format specifier. 5118 const analyze_printf::ArgType &AT = FS.getArgType(S.Context, 5119 ObjCContext); 5120 if (!AT.isValid()) 5121 return true; 5122 5123 QualType ExprTy = E->getType(); 5124 while (const TypeOfExprType *TET = dyn_cast<TypeOfExprType>(ExprTy)) { 5125 ExprTy = TET->getUnderlyingExpr()->getType(); 5126 } 5127 5128 analyze_printf::ArgType::MatchKind match = AT.matchesType(S.Context, ExprTy); 5129 5130 if (match == analyze_printf::ArgType::Match) { 5131 return true; 5132 } 5133 5134 // Look through argument promotions for our error message's reported type. 5135 // This includes the integral and floating promotions, but excludes array 5136 // and function pointer decay; seeing that an argument intended to be a 5137 // string has type 'char [6]' is probably more confusing than 'char *'. 5138 if (const ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(E)) { 5139 if (ICE->getCastKind() == CK_IntegralCast || 5140 ICE->getCastKind() == CK_FloatingCast) { 5141 E = ICE->getSubExpr(); 5142 ExprTy = E->getType(); 5143 5144 // Check if we didn't match because of an implicit cast from a 'char' 5145 // or 'short' to an 'int'. This is done because printf is a varargs 5146 // function. 5147 if (ICE->getType() == S.Context.IntTy || 5148 ICE->getType() == S.Context.UnsignedIntTy) { 5149 // All further checking is done on the subexpression. 5150 if (AT.matchesType(S.Context, ExprTy)) 5151 return true; 5152 } 5153 } 5154 } else if (const CharacterLiteral *CL = dyn_cast<CharacterLiteral>(E)) { 5155 // Special case for 'a', which has type 'int' in C. 5156 // Note, however, that we do /not/ want to treat multibyte constants like 5157 // 'MooV' as characters! This form is deprecated but still exists. 5158 if (ExprTy == S.Context.IntTy) 5159 if (llvm::isUIntN(S.Context.getCharWidth(), CL->getValue())) 5160 ExprTy = S.Context.CharTy; 5161 } 5162 5163 // Look through enums to their underlying type. 5164 bool IsEnum = false; 5165 if (auto EnumTy = ExprTy->getAs<EnumType>()) { 5166 ExprTy = EnumTy->getDecl()->getIntegerType(); 5167 IsEnum = true; 5168 } 5169 5170 // %C in an Objective-C context prints a unichar, not a wchar_t. 5171 // If the argument is an integer of some kind, believe the %C and suggest 5172 // a cast instead of changing the conversion specifier. 5173 QualType IntendedTy = ExprTy; 5174 if (ObjCContext && 5175 FS.getConversionSpecifier().getKind() == ConversionSpecifier::CArg) { 5176 if (ExprTy->isIntegralOrUnscopedEnumerationType() && 5177 !ExprTy->isCharType()) { 5178 // 'unichar' is defined as a typedef of unsigned short, but we should 5179 // prefer using the typedef if it is visible. 5180 IntendedTy = S.Context.UnsignedShortTy; 5181 5182 // While we are here, check if the value is an IntegerLiteral that happens 5183 // to be within the valid range. 5184 if (const IntegerLiteral *IL = dyn_cast<IntegerLiteral>(E)) { 5185 const llvm::APInt &V = IL->getValue(); 5186 if (V.getActiveBits() <= S.Context.getTypeSize(IntendedTy)) 5187 return true; 5188 } 5189 5190 LookupResult Result(S, &S.Context.Idents.get("unichar"), E->getLocStart(), 5191 Sema::LookupOrdinaryName); 5192 if (S.LookupName(Result, S.getCurScope())) { 5193 NamedDecl *ND = Result.getFoundDecl(); 5194 if (TypedefNameDecl *TD = dyn_cast<TypedefNameDecl>(ND)) 5195 if (TD->getUnderlyingType() == IntendedTy) 5196 IntendedTy = S.Context.getTypedefType(TD); 5197 } 5198 } 5199 } 5200 5201 // Special-case some of Darwin's platform-independence types by suggesting 5202 // casts to primitive types that are known to be large enough. 5203 bool ShouldNotPrintDirectly = false; StringRef CastTyName; 5204 if (S.Context.getTargetInfo().getTriple().isOSDarwin()) { 5205 QualType CastTy; 5206 std::tie(CastTy, CastTyName) = shouldNotPrintDirectly(S.Context, IntendedTy, E); 5207 if (!CastTy.isNull()) { 5208 IntendedTy = CastTy; 5209 ShouldNotPrintDirectly = true; 5210 } 5211 } 5212 5213 // We may be able to offer a FixItHint if it is a supported type. 5214 PrintfSpecifier fixedFS = FS; 5215 bool success = fixedFS.fixType(IntendedTy, S.getLangOpts(), 5216 S.Context, ObjCContext); 5217 5218 if (success) { 5219 // Get the fix string from the fixed format specifier 5220 SmallString<16> buf; 5221 llvm::raw_svector_ostream os(buf); 5222 fixedFS.toString(os); 5223 5224 CharSourceRange SpecRange = getSpecifierRange(StartSpecifier, SpecifierLen); 5225 5226 if (IntendedTy == ExprTy && !ShouldNotPrintDirectly) { 5227 unsigned diag = diag::warn_format_conversion_argument_type_mismatch; 5228 if (match == analyze_format_string::ArgType::NoMatchPedantic) { 5229 diag = diag::warn_format_conversion_argument_type_mismatch_pedantic; 5230 } 5231 // In this case, the specifier is wrong and should be changed to match 5232 // the argument. 5233 EmitFormatDiagnostic(S.PDiag(diag) 5234 << AT.getRepresentativeTypeName(S.Context) 5235 << IntendedTy << IsEnum << E->getSourceRange(), 5236 E->getLocStart(), 5237 /*IsStringLocation*/ false, SpecRange, 5238 FixItHint::CreateReplacement(SpecRange, os.str())); 5239 } else { 5240 // The canonical type for formatting this value is different from the 5241 // actual type of the expression. (This occurs, for example, with Darwin's 5242 // NSInteger on 32-bit platforms, where it is typedef'd as 'int', but 5243 // should be printed as 'long' for 64-bit compatibility.) 5244 // Rather than emitting a normal format/argument mismatch, we want to 5245 // add a cast to the recommended type (and correct the format string 5246 // if necessary). 5247 SmallString<16> CastBuf; 5248 llvm::raw_svector_ostream CastFix(CastBuf); 5249 CastFix << "("; 5250 IntendedTy.print(CastFix, S.Context.getPrintingPolicy()); 5251 CastFix << ")"; 5252 5253 SmallVector<FixItHint,4> Hints; 5254 if (!AT.matchesType(S.Context, IntendedTy)) 5255 Hints.push_back(FixItHint::CreateReplacement(SpecRange, os.str())); 5256 5257 if (const CStyleCastExpr *CCast = dyn_cast<CStyleCastExpr>(E)) { 5258 // If there's already a cast present, just replace it. 5259 SourceRange CastRange(CCast->getLParenLoc(), CCast->getRParenLoc()); 5260 Hints.push_back(FixItHint::CreateReplacement(CastRange, CastFix.str())); 5261 5262 } else if (!requiresParensToAddCast(E)) { 5263 // If the expression has high enough precedence, 5264 // just write the C-style cast. 5265 Hints.push_back(FixItHint::CreateInsertion(E->getLocStart(), 5266 CastFix.str())); 5267 } else { 5268 // Otherwise, add parens around the expression as well as the cast. 5269 CastFix << "("; 5270 Hints.push_back(FixItHint::CreateInsertion(E->getLocStart(), 5271 CastFix.str())); 5272 5273 SourceLocation After = S.getLocForEndOfToken(E->getLocEnd()); 5274 Hints.push_back(FixItHint::CreateInsertion(After, ")")); 5275 } 5276 5277 if (ShouldNotPrintDirectly) { 5278 // The expression has a type that should not be printed directly. 5279 // We extract the name from the typedef because we don't want to show 5280 // the underlying type in the diagnostic. 5281 StringRef Name; 5282 if (const TypedefType *TypedefTy = dyn_cast<TypedefType>(ExprTy)) 5283 Name = TypedefTy->getDecl()->getName(); 5284 else 5285 Name = CastTyName; 5286 EmitFormatDiagnostic(S.PDiag(diag::warn_format_argument_needs_cast) 5287 << Name << IntendedTy << IsEnum 5288 << E->getSourceRange(), 5289 E->getLocStart(), /*IsStringLocation=*/false, 5290 SpecRange, Hints); 5291 } else { 5292 // In this case, the expression could be printed using a different 5293 // specifier, but we've decided that the specifier is probably correct 5294 // and we should cast instead. Just use the normal warning message. 5295 EmitFormatDiagnostic( 5296 S.PDiag(diag::warn_format_conversion_argument_type_mismatch) 5297 << AT.getRepresentativeTypeName(S.Context) << ExprTy << IsEnum 5298 << E->getSourceRange(), 5299 E->getLocStart(), /*IsStringLocation*/false, 5300 SpecRange, Hints); 5301 } 5302 } 5303 } else { 5304 const CharSourceRange &CSR = getSpecifierRange(StartSpecifier, 5305 SpecifierLen); 5306 // Since the warning for passing non-POD types to variadic functions 5307 // was deferred until now, we emit a warning for non-POD 5308 // arguments here. 5309 switch (S.isValidVarArgType(ExprTy)) { 5310 case Sema::VAK_Valid: 5311 case Sema::VAK_ValidInCXX11: { 5312 unsigned diag = diag::warn_format_conversion_argument_type_mismatch; 5313 if (match == analyze_printf::ArgType::NoMatchPedantic) { 5314 diag = diag::warn_format_conversion_argument_type_mismatch_pedantic; 5315 } 5316 5317 EmitFormatDiagnostic( 5318 S.PDiag(diag) << AT.getRepresentativeTypeName(S.Context) << ExprTy 5319 << IsEnum << CSR << E->getSourceRange(), 5320 E->getLocStart(), /*IsStringLocation*/ false, CSR); 5321 break; 5322 } 5323 case Sema::VAK_Undefined: 5324 case Sema::VAK_MSVCUndefined: 5325 EmitFormatDiagnostic( 5326 S.PDiag(diag::warn_non_pod_vararg_with_format_string) 5327 << S.getLangOpts().CPlusPlus11 5328 << ExprTy 5329 << CallType 5330 << AT.getRepresentativeTypeName(S.Context) 5331 << CSR 5332 << E->getSourceRange(), 5333 E->getLocStart(), /*IsStringLocation*/false, CSR); 5334 checkForCStrMembers(AT, E); 5335 break; 5336 5337 case Sema::VAK_Invalid: 5338 if (ExprTy->isObjCObjectType()) 5339 EmitFormatDiagnostic( 5340 S.PDiag(diag::err_cannot_pass_objc_interface_to_vararg_format) 5341 << S.getLangOpts().CPlusPlus11 5342 << ExprTy 5343 << CallType 5344 << AT.getRepresentativeTypeName(S.Context) 5345 << CSR 5346 << E->getSourceRange(), 5347 E->getLocStart(), /*IsStringLocation*/false, CSR); 5348 else 5349 // FIXME: If this is an initializer list, suggest removing the braces 5350 // or inserting a cast to the target type. 5351 S.Diag(E->getLocStart(), diag::err_cannot_pass_to_vararg_format) 5352 << isa<InitListExpr>(E) << ExprTy << CallType 5353 << AT.getRepresentativeTypeName(S.Context) 5354 << E->getSourceRange(); 5355 break; 5356 } 5357 5358 assert(FirstDataArg + FS.getArgIndex() < CheckedVarArgs.size() && 5359 "format string specifier index out of range"); 5360 CheckedVarArgs[FirstDataArg + FS.getArgIndex()] = true; 5361 } 5362 5363 return true; 5364 } 5365 5366 //===--- CHECK: Scanf format string checking ------------------------------===// 5367 5368 namespace { 5369 class CheckScanfHandler : public CheckFormatHandler { 5370 public: 5371 CheckScanfHandler(Sema &s, const StringLiteral *fexpr, 5372 const Expr *origFormatExpr, unsigned firstDataArg, 5373 unsigned numDataArgs, const char *beg, bool hasVAListArg, 5374 ArrayRef<const Expr *> Args, 5375 unsigned formatIdx, bool inFunctionCall, 5376 Sema::VariadicCallType CallType, 5377 llvm::SmallBitVector &CheckedVarArgs, 5378 UncoveredArgHandler &UncoveredArg) 5379 : CheckFormatHandler(s, fexpr, origFormatExpr, firstDataArg, 5380 numDataArgs, beg, hasVAListArg, 5381 Args, formatIdx, inFunctionCall, CallType, 5382 CheckedVarArgs, UncoveredArg) 5383 {} 5384 5385 bool HandleScanfSpecifier(const analyze_scanf::ScanfSpecifier &FS, 5386 const char *startSpecifier, 5387 unsigned specifierLen) override; 5388 5389 bool HandleInvalidScanfConversionSpecifier( 5390 const analyze_scanf::ScanfSpecifier &FS, 5391 const char *startSpecifier, 5392 unsigned specifierLen) override; 5393 5394 void HandleIncompleteScanList(const char *start, const char *end) override; 5395 }; 5396 } // end anonymous namespace 5397 5398 void CheckScanfHandler::HandleIncompleteScanList(const char *start, 5399 const char *end) { 5400 EmitFormatDiagnostic(S.PDiag(diag::warn_scanf_scanlist_incomplete), 5401 getLocationOfByte(end), /*IsStringLocation*/true, 5402 getSpecifierRange(start, end - start)); 5403 } 5404 5405 bool CheckScanfHandler::HandleInvalidScanfConversionSpecifier( 5406 const analyze_scanf::ScanfSpecifier &FS, 5407 const char *startSpecifier, 5408 unsigned specifierLen) { 5409 5410 const analyze_scanf::ScanfConversionSpecifier &CS = 5411 FS.getConversionSpecifier(); 5412 5413 return HandleInvalidConversionSpecifier(FS.getArgIndex(), 5414 getLocationOfByte(CS.getStart()), 5415 startSpecifier, specifierLen, 5416 CS.getStart(), CS.getLength()); 5417 } 5418 5419 bool CheckScanfHandler::HandleScanfSpecifier( 5420 const analyze_scanf::ScanfSpecifier &FS, 5421 const char *startSpecifier, 5422 unsigned specifierLen) { 5423 using namespace analyze_scanf; 5424 using namespace analyze_format_string; 5425 5426 const ScanfConversionSpecifier &CS = FS.getConversionSpecifier(); 5427 5428 // Handle case where '%' and '*' don't consume an argument. These shouldn't 5429 // be used to decide if we are using positional arguments consistently. 5430 if (FS.consumesDataArgument()) { 5431 if (atFirstArg) { 5432 atFirstArg = false; 5433 usesPositionalArgs = FS.usesPositionalArg(); 5434 } 5435 else if (usesPositionalArgs != FS.usesPositionalArg()) { 5436 HandlePositionalNonpositionalArgs(getLocationOfByte(CS.getStart()), 5437 startSpecifier, specifierLen); 5438 return false; 5439 } 5440 } 5441 5442 // Check if the field with is non-zero. 5443 const OptionalAmount &Amt = FS.getFieldWidth(); 5444 if (Amt.getHowSpecified() == OptionalAmount::Constant) { 5445 if (Amt.getConstantAmount() == 0) { 5446 const CharSourceRange &R = getSpecifierRange(Amt.getStart(), 5447 Amt.getConstantLength()); 5448 EmitFormatDiagnostic(S.PDiag(diag::warn_scanf_nonzero_width), 5449 getLocationOfByte(Amt.getStart()), 5450 /*IsStringLocation*/true, R, 5451 FixItHint::CreateRemoval(R)); 5452 } 5453 } 5454 5455 if (!FS.consumesDataArgument()) { 5456 // FIXME: Technically specifying a precision or field width here 5457 // makes no sense. Worth issuing a warning at some point. 5458 return true; 5459 } 5460 5461 // Consume the argument. 5462 unsigned argIndex = FS.getArgIndex(); 5463 if (argIndex < NumDataArgs) { 5464 // The check to see if the argIndex is valid will come later. 5465 // We set the bit here because we may exit early from this 5466 // function if we encounter some other error. 5467 CoveredArgs.set(argIndex); 5468 } 5469 5470 // Check the length modifier is valid with the given conversion specifier. 5471 if (!FS.hasValidLengthModifier(S.getASTContext().getTargetInfo())) 5472 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen, 5473 diag::warn_format_nonsensical_length); 5474 else if (!FS.hasStandardLengthModifier()) 5475 HandleNonStandardLengthModifier(FS, startSpecifier, specifierLen); 5476 else if (!FS.hasStandardLengthConversionCombination()) 5477 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen, 5478 diag::warn_format_non_standard_conversion_spec); 5479 5480 if (!FS.hasStandardConversionSpecifier(S.getLangOpts())) 5481 HandleNonStandardConversionSpecifier(CS, startSpecifier, specifierLen); 5482 5483 // The remaining checks depend on the data arguments. 5484 if (HasVAListArg) 5485 return true; 5486 5487 if (!CheckNumArgs(FS, CS, startSpecifier, specifierLen, argIndex)) 5488 return false; 5489 5490 // Check that the argument type matches the format specifier. 5491 const Expr *Ex = getDataArg(argIndex); 5492 if (!Ex) 5493 return true; 5494 5495 const analyze_format_string::ArgType &AT = FS.getArgType(S.Context); 5496 5497 if (!AT.isValid()) { 5498 return true; 5499 } 5500 5501 analyze_format_string::ArgType::MatchKind match = 5502 AT.matchesType(S.Context, Ex->getType()); 5503 if (match == analyze_format_string::ArgType::Match) { 5504 return true; 5505 } 5506 5507 ScanfSpecifier fixedFS = FS; 5508 bool success = fixedFS.fixType(Ex->getType(), Ex->IgnoreImpCasts()->getType(), 5509 S.getLangOpts(), S.Context); 5510 5511 unsigned diag = diag::warn_format_conversion_argument_type_mismatch; 5512 if (match == analyze_format_string::ArgType::NoMatchPedantic) { 5513 diag = diag::warn_format_conversion_argument_type_mismatch_pedantic; 5514 } 5515 5516 if (success) { 5517 // Get the fix string from the fixed format specifier. 5518 SmallString<128> buf; 5519 llvm::raw_svector_ostream os(buf); 5520 fixedFS.toString(os); 5521 5522 EmitFormatDiagnostic( 5523 S.PDiag(diag) << AT.getRepresentativeTypeName(S.Context) 5524 << Ex->getType() << false << Ex->getSourceRange(), 5525 Ex->getLocStart(), 5526 /*IsStringLocation*/ false, 5527 getSpecifierRange(startSpecifier, specifierLen), 5528 FixItHint::CreateReplacement( 5529 getSpecifierRange(startSpecifier, specifierLen), os.str())); 5530 } else { 5531 EmitFormatDiagnostic(S.PDiag(diag) 5532 << AT.getRepresentativeTypeName(S.Context) 5533 << Ex->getType() << false << Ex->getSourceRange(), 5534 Ex->getLocStart(), 5535 /*IsStringLocation*/ false, 5536 getSpecifierRange(startSpecifier, specifierLen)); 5537 } 5538 5539 return true; 5540 } 5541 5542 static void CheckFormatString(Sema &S, const StringLiteral *FExpr, 5543 const Expr *OrigFormatExpr, 5544 ArrayRef<const Expr *> Args, 5545 bool HasVAListArg, unsigned format_idx, 5546 unsigned firstDataArg, 5547 Sema::FormatStringType Type, 5548 bool inFunctionCall, 5549 Sema::VariadicCallType CallType, 5550 llvm::SmallBitVector &CheckedVarArgs, 5551 UncoveredArgHandler &UncoveredArg) { 5552 // CHECK: is the format string a wide literal? 5553 if (!FExpr->isAscii() && !FExpr->isUTF8()) { 5554 CheckFormatHandler::EmitFormatDiagnostic( 5555 S, inFunctionCall, Args[format_idx], 5556 S.PDiag(diag::warn_format_string_is_wide_literal), FExpr->getLocStart(), 5557 /*IsStringLocation*/true, OrigFormatExpr->getSourceRange()); 5558 return; 5559 } 5560 5561 // Str - The format string. NOTE: this is NOT null-terminated! 5562 StringRef StrRef = FExpr->getString(); 5563 const char *Str = StrRef.data(); 5564 // Account for cases where the string literal is truncated in a declaration. 5565 const ConstantArrayType *T = 5566 S.Context.getAsConstantArrayType(FExpr->getType()); 5567 assert(T && "String literal not of constant array type!"); 5568 size_t TypeSize = T->getSize().getZExtValue(); 5569 size_t StrLen = std::min(std::max(TypeSize, size_t(1)) - 1, StrRef.size()); 5570 const unsigned numDataArgs = Args.size() - firstDataArg; 5571 5572 // Emit a warning if the string literal is truncated and does not contain an 5573 // embedded null character. 5574 if (TypeSize <= StrRef.size() && 5575 StrRef.substr(0, TypeSize).find('\0') == StringRef::npos) { 5576 CheckFormatHandler::EmitFormatDiagnostic( 5577 S, inFunctionCall, Args[format_idx], 5578 S.PDiag(diag::warn_printf_format_string_not_null_terminated), 5579 FExpr->getLocStart(), 5580 /*IsStringLocation=*/true, OrigFormatExpr->getSourceRange()); 5581 return; 5582 } 5583 5584 // CHECK: empty format string? 5585 if (StrLen == 0 && numDataArgs > 0) { 5586 CheckFormatHandler::EmitFormatDiagnostic( 5587 S, inFunctionCall, Args[format_idx], 5588 S.PDiag(diag::warn_empty_format_string), FExpr->getLocStart(), 5589 /*IsStringLocation*/true, OrigFormatExpr->getSourceRange()); 5590 return; 5591 } 5592 5593 if (Type == Sema::FST_Printf || Type == Sema::FST_NSString || 5594 Type == Sema::FST_FreeBSDKPrintf || Type == Sema::FST_OSTrace) { 5595 CheckPrintfHandler H(S, FExpr, OrigFormatExpr, firstDataArg, 5596 numDataArgs, (Type == Sema::FST_NSString || 5597 Type == Sema::FST_OSTrace), 5598 Str, HasVAListArg, Args, format_idx, 5599 inFunctionCall, CallType, CheckedVarArgs, 5600 UncoveredArg); 5601 5602 if (!analyze_format_string::ParsePrintfString(H, Str, Str + StrLen, 5603 S.getLangOpts(), 5604 S.Context.getTargetInfo(), 5605 Type == Sema::FST_FreeBSDKPrintf)) 5606 H.DoneProcessing(); 5607 } else if (Type == Sema::FST_Scanf) { 5608 CheckScanfHandler H(S, FExpr, OrigFormatExpr, firstDataArg, numDataArgs, 5609 Str, HasVAListArg, Args, format_idx, 5610 inFunctionCall, CallType, CheckedVarArgs, 5611 UncoveredArg); 5612 5613 if (!analyze_format_string::ParseScanfString(H, Str, Str + StrLen, 5614 S.getLangOpts(), 5615 S.Context.getTargetInfo())) 5616 H.DoneProcessing(); 5617 } // TODO: handle other formats 5618 } 5619 5620 bool Sema::FormatStringHasSArg(const StringLiteral *FExpr) { 5621 // Str - The format string. NOTE: this is NOT null-terminated! 5622 StringRef StrRef = FExpr->getString(); 5623 const char *Str = StrRef.data(); 5624 // Account for cases where the string literal is truncated in a declaration. 5625 const ConstantArrayType *T = Context.getAsConstantArrayType(FExpr->getType()); 5626 assert(T && "String literal not of constant array type!"); 5627 size_t TypeSize = T->getSize().getZExtValue(); 5628 size_t StrLen = std::min(std::max(TypeSize, size_t(1)) - 1, StrRef.size()); 5629 return analyze_format_string::ParseFormatStringHasSArg(Str, Str + StrLen, 5630 getLangOpts(), 5631 Context.getTargetInfo()); 5632 } 5633 5634 //===--- CHECK: Warn on use of wrong absolute value function. -------------===// 5635 5636 // Returns the related absolute value function that is larger, of 0 if one 5637 // does not exist. 5638 static unsigned getLargerAbsoluteValueFunction(unsigned AbsFunction) { 5639 switch (AbsFunction) { 5640 default: 5641 return 0; 5642 5643 case Builtin::BI__builtin_abs: 5644 return Builtin::BI__builtin_labs; 5645 case Builtin::BI__builtin_labs: 5646 return Builtin::BI__builtin_llabs; 5647 case Builtin::BI__builtin_llabs: 5648 return 0; 5649 5650 case Builtin::BI__builtin_fabsf: 5651 return Builtin::BI__builtin_fabs; 5652 case Builtin::BI__builtin_fabs: 5653 return Builtin::BI__builtin_fabsl; 5654 case Builtin::BI__builtin_fabsl: 5655 return 0; 5656 5657 case Builtin::BI__builtin_cabsf: 5658 return Builtin::BI__builtin_cabs; 5659 case Builtin::BI__builtin_cabs: 5660 return Builtin::BI__builtin_cabsl; 5661 case Builtin::BI__builtin_cabsl: 5662 return 0; 5663 5664 case Builtin::BIabs: 5665 return Builtin::BIlabs; 5666 case Builtin::BIlabs: 5667 return Builtin::BIllabs; 5668 case Builtin::BIllabs: 5669 return 0; 5670 5671 case Builtin::BIfabsf: 5672 return Builtin::BIfabs; 5673 case Builtin::BIfabs: 5674 return Builtin::BIfabsl; 5675 case Builtin::BIfabsl: 5676 return 0; 5677 5678 case Builtin::BIcabsf: 5679 return Builtin::BIcabs; 5680 case Builtin::BIcabs: 5681 return Builtin::BIcabsl; 5682 case Builtin::BIcabsl: 5683 return 0; 5684 } 5685 } 5686 5687 // Returns the argument type of the absolute value function. 5688 static QualType getAbsoluteValueArgumentType(ASTContext &Context, 5689 unsigned AbsType) { 5690 if (AbsType == 0) 5691 return QualType(); 5692 5693 ASTContext::GetBuiltinTypeError Error = ASTContext::GE_None; 5694 QualType BuiltinType = Context.GetBuiltinType(AbsType, Error); 5695 if (Error != ASTContext::GE_None) 5696 return QualType(); 5697 5698 const FunctionProtoType *FT = BuiltinType->getAs<FunctionProtoType>(); 5699 if (!FT) 5700 return QualType(); 5701 5702 if (FT->getNumParams() != 1) 5703 return QualType(); 5704 5705 return FT->getParamType(0); 5706 } 5707 5708 // Returns the best absolute value function, or zero, based on type and 5709 // current absolute value function. 5710 static unsigned getBestAbsFunction(ASTContext &Context, QualType ArgType, 5711 unsigned AbsFunctionKind) { 5712 unsigned BestKind = 0; 5713 uint64_t ArgSize = Context.getTypeSize(ArgType); 5714 for (unsigned Kind = AbsFunctionKind; Kind != 0; 5715 Kind = getLargerAbsoluteValueFunction(Kind)) { 5716 QualType ParamType = getAbsoluteValueArgumentType(Context, Kind); 5717 if (Context.getTypeSize(ParamType) >= ArgSize) { 5718 if (BestKind == 0) 5719 BestKind = Kind; 5720 else if (Context.hasSameType(ParamType, ArgType)) { 5721 BestKind = Kind; 5722 break; 5723 } 5724 } 5725 } 5726 return BestKind; 5727 } 5728 5729 enum AbsoluteValueKind { 5730 AVK_Integer, 5731 AVK_Floating, 5732 AVK_Complex 5733 }; 5734 5735 static AbsoluteValueKind getAbsoluteValueKind(QualType T) { 5736 if (T->isIntegralOrEnumerationType()) 5737 return AVK_Integer; 5738 if (T->isRealFloatingType()) 5739 return AVK_Floating; 5740 if (T->isAnyComplexType()) 5741 return AVK_Complex; 5742 5743 llvm_unreachable("Type not integer, floating, or complex"); 5744 } 5745 5746 // Changes the absolute value function to a different type. Preserves whether 5747 // the function is a builtin. 5748 static unsigned changeAbsFunction(unsigned AbsKind, 5749 AbsoluteValueKind ValueKind) { 5750 switch (ValueKind) { 5751 case AVK_Integer: 5752 switch (AbsKind) { 5753 default: 5754 return 0; 5755 case Builtin::BI__builtin_fabsf: 5756 case Builtin::BI__builtin_fabs: 5757 case Builtin::BI__builtin_fabsl: 5758 case Builtin::BI__builtin_cabsf: 5759 case Builtin::BI__builtin_cabs: 5760 case Builtin::BI__builtin_cabsl: 5761 return Builtin::BI__builtin_abs; 5762 case Builtin::BIfabsf: 5763 case Builtin::BIfabs: 5764 case Builtin::BIfabsl: 5765 case Builtin::BIcabsf: 5766 case Builtin::BIcabs: 5767 case Builtin::BIcabsl: 5768 return Builtin::BIabs; 5769 } 5770 case AVK_Floating: 5771 switch (AbsKind) { 5772 default: 5773 return 0; 5774 case Builtin::BI__builtin_abs: 5775 case Builtin::BI__builtin_labs: 5776 case Builtin::BI__builtin_llabs: 5777 case Builtin::BI__builtin_cabsf: 5778 case Builtin::BI__builtin_cabs: 5779 case Builtin::BI__builtin_cabsl: 5780 return Builtin::BI__builtin_fabsf; 5781 case Builtin::BIabs: 5782 case Builtin::BIlabs: 5783 case Builtin::BIllabs: 5784 case Builtin::BIcabsf: 5785 case Builtin::BIcabs: 5786 case Builtin::BIcabsl: 5787 return Builtin::BIfabsf; 5788 } 5789 case AVK_Complex: 5790 switch (AbsKind) { 5791 default: 5792 return 0; 5793 case Builtin::BI__builtin_abs: 5794 case Builtin::BI__builtin_labs: 5795 case Builtin::BI__builtin_llabs: 5796 case Builtin::BI__builtin_fabsf: 5797 case Builtin::BI__builtin_fabs: 5798 case Builtin::BI__builtin_fabsl: 5799 return Builtin::BI__builtin_cabsf; 5800 case Builtin::BIabs: 5801 case Builtin::BIlabs: 5802 case Builtin::BIllabs: 5803 case Builtin::BIfabsf: 5804 case Builtin::BIfabs: 5805 case Builtin::BIfabsl: 5806 return Builtin::BIcabsf; 5807 } 5808 } 5809 llvm_unreachable("Unable to convert function"); 5810 } 5811 5812 static unsigned getAbsoluteValueFunctionKind(const FunctionDecl *FDecl) { 5813 const IdentifierInfo *FnInfo = FDecl->getIdentifier(); 5814 if (!FnInfo) 5815 return 0; 5816 5817 switch (FDecl->getBuiltinID()) { 5818 default: 5819 return 0; 5820 case Builtin::BI__builtin_abs: 5821 case Builtin::BI__builtin_fabs: 5822 case Builtin::BI__builtin_fabsf: 5823 case Builtin::BI__builtin_fabsl: 5824 case Builtin::BI__builtin_labs: 5825 case Builtin::BI__builtin_llabs: 5826 case Builtin::BI__builtin_cabs: 5827 case Builtin::BI__builtin_cabsf: 5828 case Builtin::BI__builtin_cabsl: 5829 case Builtin::BIabs: 5830 case Builtin::BIlabs: 5831 case Builtin::BIllabs: 5832 case Builtin::BIfabs: 5833 case Builtin::BIfabsf: 5834 case Builtin::BIfabsl: 5835 case Builtin::BIcabs: 5836 case Builtin::BIcabsf: 5837 case Builtin::BIcabsl: 5838 return FDecl->getBuiltinID(); 5839 } 5840 llvm_unreachable("Unknown Builtin type"); 5841 } 5842 5843 // If the replacement is valid, emit a note with replacement function. 5844 // Additionally, suggest including the proper header if not already included. 5845 static void emitReplacement(Sema &S, SourceLocation Loc, SourceRange Range, 5846 unsigned AbsKind, QualType ArgType) { 5847 bool EmitHeaderHint = true; 5848 const char *HeaderName = nullptr; 5849 const char *FunctionName = nullptr; 5850 if (S.getLangOpts().CPlusPlus && !ArgType->isAnyComplexType()) { 5851 FunctionName = "std::abs"; 5852 if (ArgType->isIntegralOrEnumerationType()) { 5853 HeaderName = "cstdlib"; 5854 } else if (ArgType->isRealFloatingType()) { 5855 HeaderName = "cmath"; 5856 } else { 5857 llvm_unreachable("Invalid Type"); 5858 } 5859 5860 // Lookup all std::abs 5861 if (NamespaceDecl *Std = S.getStdNamespace()) { 5862 LookupResult R(S, &S.Context.Idents.get("abs"), Loc, Sema::LookupAnyName); 5863 R.suppressDiagnostics(); 5864 S.LookupQualifiedName(R, Std); 5865 5866 for (const auto *I : R) { 5867 const FunctionDecl *FDecl = nullptr; 5868 if (const UsingShadowDecl *UsingD = dyn_cast<UsingShadowDecl>(I)) { 5869 FDecl = dyn_cast<FunctionDecl>(UsingD->getTargetDecl()); 5870 } else { 5871 FDecl = dyn_cast<FunctionDecl>(I); 5872 } 5873 if (!FDecl) 5874 continue; 5875 5876 // Found std::abs(), check that they are the right ones. 5877 if (FDecl->getNumParams() != 1) 5878 continue; 5879 5880 // Check that the parameter type can handle the argument. 5881 QualType ParamType = FDecl->getParamDecl(0)->getType(); 5882 if (getAbsoluteValueKind(ArgType) == getAbsoluteValueKind(ParamType) && 5883 S.Context.getTypeSize(ArgType) <= 5884 S.Context.getTypeSize(ParamType)) { 5885 // Found a function, don't need the header hint. 5886 EmitHeaderHint = false; 5887 break; 5888 } 5889 } 5890 } 5891 } else { 5892 FunctionName = S.Context.BuiltinInfo.getName(AbsKind); 5893 HeaderName = S.Context.BuiltinInfo.getHeaderName(AbsKind); 5894 5895 if (HeaderName) { 5896 DeclarationName DN(&S.Context.Idents.get(FunctionName)); 5897 LookupResult R(S, DN, Loc, Sema::LookupAnyName); 5898 R.suppressDiagnostics(); 5899 S.LookupName(R, S.getCurScope()); 5900 5901 if (R.isSingleResult()) { 5902 FunctionDecl *FD = dyn_cast<FunctionDecl>(R.getFoundDecl()); 5903 if (FD && FD->getBuiltinID() == AbsKind) { 5904 EmitHeaderHint = false; 5905 } else { 5906 return; 5907 } 5908 } else if (!R.empty()) { 5909 return; 5910 } 5911 } 5912 } 5913 5914 S.Diag(Loc, diag::note_replace_abs_function) 5915 << FunctionName << FixItHint::CreateReplacement(Range, FunctionName); 5916 5917 if (!HeaderName) 5918 return; 5919 5920 if (!EmitHeaderHint) 5921 return; 5922 5923 S.Diag(Loc, diag::note_include_header_or_declare) << HeaderName 5924 << FunctionName; 5925 } 5926 5927 static bool IsFunctionStdAbs(const FunctionDecl *FDecl) { 5928 if (!FDecl) 5929 return false; 5930 5931 if (!FDecl->getIdentifier() || !FDecl->getIdentifier()->isStr("abs")) 5932 return false; 5933 5934 const NamespaceDecl *ND = dyn_cast<NamespaceDecl>(FDecl->getDeclContext()); 5935 5936 while (ND && ND->isInlineNamespace()) { 5937 ND = dyn_cast<NamespaceDecl>(ND->getDeclContext()); 5938 } 5939 5940 if (!ND || !ND->getIdentifier() || !ND->getIdentifier()->isStr("std")) 5941 return false; 5942 5943 if (!isa<TranslationUnitDecl>(ND->getDeclContext())) 5944 return false; 5945 5946 return true; 5947 } 5948 5949 // Warn when using the wrong abs() function. 5950 void Sema::CheckAbsoluteValueFunction(const CallExpr *Call, 5951 const FunctionDecl *FDecl, 5952 IdentifierInfo *FnInfo) { 5953 if (Call->getNumArgs() != 1) 5954 return; 5955 5956 unsigned AbsKind = getAbsoluteValueFunctionKind(FDecl); 5957 bool IsStdAbs = IsFunctionStdAbs(FDecl); 5958 if (AbsKind == 0 && !IsStdAbs) 5959 return; 5960 5961 QualType ArgType = Call->getArg(0)->IgnoreParenImpCasts()->getType(); 5962 QualType ParamType = Call->getArg(0)->getType(); 5963 5964 // Unsigned types cannot be negative. Suggest removing the absolute value 5965 // function call. 5966 if (ArgType->isUnsignedIntegerType()) { 5967 const char *FunctionName = 5968 IsStdAbs ? "std::abs" : Context.BuiltinInfo.getName(AbsKind); 5969 Diag(Call->getExprLoc(), diag::warn_unsigned_abs) << ArgType << ParamType; 5970 Diag(Call->getExprLoc(), diag::note_remove_abs) 5971 << FunctionName 5972 << FixItHint::CreateRemoval(Call->getCallee()->getSourceRange()); 5973 return; 5974 } 5975 5976 // Taking the absolute value of a pointer is very suspicious, they probably 5977 // wanted to index into an array, dereference a pointer, call a function, etc. 5978 if (ArgType->isPointerType() || ArgType->canDecayToPointerType()) { 5979 unsigned DiagType = 0; 5980 if (ArgType->isFunctionType()) 5981 DiagType = 1; 5982 else if (ArgType->isArrayType()) 5983 DiagType = 2; 5984 5985 Diag(Call->getExprLoc(), diag::warn_pointer_abs) << DiagType << ArgType; 5986 return; 5987 } 5988 5989 // std::abs has overloads which prevent most of the absolute value problems 5990 // from occurring. 5991 if (IsStdAbs) 5992 return; 5993 5994 AbsoluteValueKind ArgValueKind = getAbsoluteValueKind(ArgType); 5995 AbsoluteValueKind ParamValueKind = getAbsoluteValueKind(ParamType); 5996 5997 // The argument and parameter are the same kind. Check if they are the right 5998 // size. 5999 if (ArgValueKind == ParamValueKind) { 6000 if (Context.getTypeSize(ArgType) <= Context.getTypeSize(ParamType)) 6001 return; 6002 6003 unsigned NewAbsKind = getBestAbsFunction(Context, ArgType, AbsKind); 6004 Diag(Call->getExprLoc(), diag::warn_abs_too_small) 6005 << FDecl << ArgType << ParamType; 6006 6007 if (NewAbsKind == 0) 6008 return; 6009 6010 emitReplacement(*this, Call->getExprLoc(), 6011 Call->getCallee()->getSourceRange(), NewAbsKind, ArgType); 6012 return; 6013 } 6014 6015 // ArgValueKind != ParamValueKind 6016 // The wrong type of absolute value function was used. Attempt to find the 6017 // proper one. 6018 unsigned NewAbsKind = changeAbsFunction(AbsKind, ArgValueKind); 6019 NewAbsKind = getBestAbsFunction(Context, ArgType, NewAbsKind); 6020 if (NewAbsKind == 0) 6021 return; 6022 6023 Diag(Call->getExprLoc(), diag::warn_wrong_absolute_value_type) 6024 << FDecl << ParamValueKind << ArgValueKind; 6025 6026 emitReplacement(*this, Call->getExprLoc(), 6027 Call->getCallee()->getSourceRange(), NewAbsKind, ArgType); 6028 } 6029 6030 //===--- CHECK: Standard memory functions ---------------------------------===// 6031 6032 /// \brief Takes the expression passed to the size_t parameter of functions 6033 /// such as memcmp, strncat, etc and warns if it's a comparison. 6034 /// 6035 /// This is to catch typos like `if (memcmp(&a, &b, sizeof(a) > 0))`. 6036 static bool CheckMemorySizeofForComparison(Sema &S, const Expr *E, 6037 IdentifierInfo *FnName, 6038 SourceLocation FnLoc, 6039 SourceLocation RParenLoc) { 6040 const BinaryOperator *Size = dyn_cast<BinaryOperator>(E); 6041 if (!Size) 6042 return false; 6043 6044 // if E is binop and op is >, <, >=, <=, ==, &&, ||: 6045 if (!Size->isComparisonOp() && !Size->isEqualityOp() && !Size->isLogicalOp()) 6046 return false; 6047 6048 SourceRange SizeRange = Size->getSourceRange(); 6049 S.Diag(Size->getOperatorLoc(), diag::warn_memsize_comparison) 6050 << SizeRange << FnName; 6051 S.Diag(FnLoc, diag::note_memsize_comparison_paren) 6052 << FnName << FixItHint::CreateInsertion( 6053 S.getLocForEndOfToken(Size->getLHS()->getLocEnd()), ")") 6054 << FixItHint::CreateRemoval(RParenLoc); 6055 S.Diag(SizeRange.getBegin(), diag::note_memsize_comparison_cast_silence) 6056 << FixItHint::CreateInsertion(SizeRange.getBegin(), "(size_t)(") 6057 << FixItHint::CreateInsertion(S.getLocForEndOfToken(SizeRange.getEnd()), 6058 ")"); 6059 6060 return true; 6061 } 6062 6063 /// \brief Determine whether the given type is or contains a dynamic class type 6064 /// (e.g., whether it has a vtable). 6065 static const CXXRecordDecl *getContainedDynamicClass(QualType T, 6066 bool &IsContained) { 6067 // Look through array types while ignoring qualifiers. 6068 const Type *Ty = T->getBaseElementTypeUnsafe(); 6069 IsContained = false; 6070 6071 const CXXRecordDecl *RD = Ty->getAsCXXRecordDecl(); 6072 RD = RD ? RD->getDefinition() : nullptr; 6073 if (!RD || RD->isInvalidDecl()) 6074 return nullptr; 6075 6076 if (RD->isDynamicClass()) 6077 return RD; 6078 6079 // Check all the fields. If any bases were dynamic, the class is dynamic. 6080 // It's impossible for a class to transitively contain itself by value, so 6081 // infinite recursion is impossible. 6082 for (auto *FD : RD->fields()) { 6083 bool SubContained; 6084 if (const CXXRecordDecl *ContainedRD = 6085 getContainedDynamicClass(FD->getType(), SubContained)) { 6086 IsContained = true; 6087 return ContainedRD; 6088 } 6089 } 6090 6091 return nullptr; 6092 } 6093 6094 /// \brief If E is a sizeof expression, returns its argument expression, 6095 /// otherwise returns NULL. 6096 static const Expr *getSizeOfExprArg(const Expr *E) { 6097 if (const UnaryExprOrTypeTraitExpr *SizeOf = 6098 dyn_cast<UnaryExprOrTypeTraitExpr>(E)) 6099 if (SizeOf->getKind() == clang::UETT_SizeOf && !SizeOf->isArgumentType()) 6100 return SizeOf->getArgumentExpr()->IgnoreParenImpCasts(); 6101 6102 return nullptr; 6103 } 6104 6105 /// \brief If E is a sizeof expression, returns its argument type. 6106 static QualType getSizeOfArgType(const Expr *E) { 6107 if (const UnaryExprOrTypeTraitExpr *SizeOf = 6108 dyn_cast<UnaryExprOrTypeTraitExpr>(E)) 6109 if (SizeOf->getKind() == clang::UETT_SizeOf) 6110 return SizeOf->getTypeOfArgument(); 6111 6112 return QualType(); 6113 } 6114 6115 /// \brief Check for dangerous or invalid arguments to memset(). 6116 /// 6117 /// This issues warnings on known problematic, dangerous or unspecified 6118 /// arguments to the standard 'memset', 'memcpy', 'memmove', and 'memcmp' 6119 /// function calls. 6120 /// 6121 /// \param Call The call expression to diagnose. 6122 void Sema::CheckMemaccessArguments(const CallExpr *Call, 6123 unsigned BId, 6124 IdentifierInfo *FnName) { 6125 assert(BId != 0); 6126 6127 // It is possible to have a non-standard definition of memset. Validate 6128 // we have enough arguments, and if not, abort further checking. 6129 unsigned ExpectedNumArgs = (BId == Builtin::BIstrndup ? 2 : 3); 6130 if (Call->getNumArgs() < ExpectedNumArgs) 6131 return; 6132 6133 unsigned LastArg = (BId == Builtin::BImemset || 6134 BId == Builtin::BIstrndup ? 1 : 2); 6135 unsigned LenArg = (BId == Builtin::BIstrndup ? 1 : 2); 6136 const Expr *LenExpr = Call->getArg(LenArg)->IgnoreParenImpCasts(); 6137 6138 if (CheckMemorySizeofForComparison(*this, LenExpr, FnName, 6139 Call->getLocStart(), Call->getRParenLoc())) 6140 return; 6141 6142 // We have special checking when the length is a sizeof expression. 6143 QualType SizeOfArgTy = getSizeOfArgType(LenExpr); 6144 const Expr *SizeOfArg = getSizeOfExprArg(LenExpr); 6145 llvm::FoldingSetNodeID SizeOfArgID; 6146 6147 for (unsigned ArgIdx = 0; ArgIdx != LastArg; ++ArgIdx) { 6148 const Expr *Dest = Call->getArg(ArgIdx)->IgnoreParenImpCasts(); 6149 SourceRange ArgRange = Call->getArg(ArgIdx)->getSourceRange(); 6150 6151 QualType DestTy = Dest->getType(); 6152 QualType PointeeTy; 6153 if (const PointerType *DestPtrTy = DestTy->getAs<PointerType>()) { 6154 PointeeTy = DestPtrTy->getPointeeType(); 6155 6156 // Never warn about void type pointers. This can be used to suppress 6157 // false positives. 6158 if (PointeeTy->isVoidType()) 6159 continue; 6160 6161 // Catch "memset(p, 0, sizeof(p))" -- needs to be sizeof(*p). Do this by 6162 // actually comparing the expressions for equality. Because computing the 6163 // expression IDs can be expensive, we only do this if the diagnostic is 6164 // enabled. 6165 if (SizeOfArg && 6166 !Diags.isIgnored(diag::warn_sizeof_pointer_expr_memaccess, 6167 SizeOfArg->getExprLoc())) { 6168 // We only compute IDs for expressions if the warning is enabled, and 6169 // cache the sizeof arg's ID. 6170 if (SizeOfArgID == llvm::FoldingSetNodeID()) 6171 SizeOfArg->Profile(SizeOfArgID, Context, true); 6172 llvm::FoldingSetNodeID DestID; 6173 Dest->Profile(DestID, Context, true); 6174 if (DestID == SizeOfArgID) { 6175 // TODO: For strncpy() and friends, this could suggest sizeof(dst) 6176 // over sizeof(src) as well. 6177 unsigned ActionIdx = 0; // Default is to suggest dereferencing. 6178 StringRef ReadableName = FnName->getName(); 6179 6180 if (const UnaryOperator *UnaryOp = dyn_cast<UnaryOperator>(Dest)) 6181 if (UnaryOp->getOpcode() == UO_AddrOf) 6182 ActionIdx = 1; // If its an address-of operator, just remove it. 6183 if (!PointeeTy->isIncompleteType() && 6184 (Context.getTypeSize(PointeeTy) == Context.getCharWidth())) 6185 ActionIdx = 2; // If the pointee's size is sizeof(char), 6186 // suggest an explicit length. 6187 6188 // If the function is defined as a builtin macro, do not show macro 6189 // expansion. 6190 SourceLocation SL = SizeOfArg->getExprLoc(); 6191 SourceRange DSR = Dest->getSourceRange(); 6192 SourceRange SSR = SizeOfArg->getSourceRange(); 6193 SourceManager &SM = getSourceManager(); 6194 6195 if (SM.isMacroArgExpansion(SL)) { 6196 ReadableName = Lexer::getImmediateMacroName(SL, SM, LangOpts); 6197 SL = SM.getSpellingLoc(SL); 6198 DSR = SourceRange(SM.getSpellingLoc(DSR.getBegin()), 6199 SM.getSpellingLoc(DSR.getEnd())); 6200 SSR = SourceRange(SM.getSpellingLoc(SSR.getBegin()), 6201 SM.getSpellingLoc(SSR.getEnd())); 6202 } 6203 6204 DiagRuntimeBehavior(SL, SizeOfArg, 6205 PDiag(diag::warn_sizeof_pointer_expr_memaccess) 6206 << ReadableName 6207 << PointeeTy 6208 << DestTy 6209 << DSR 6210 << SSR); 6211 DiagRuntimeBehavior(SL, SizeOfArg, 6212 PDiag(diag::warn_sizeof_pointer_expr_memaccess_note) 6213 << ActionIdx 6214 << SSR); 6215 6216 break; 6217 }