1//===- SemaChecking.cpp - Extra Semantic Checking -------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file implements extra semantic analysis beyond what is enforced
10// by the C type system.
11//
12//===----------------------------------------------------------------------===//
13
14#include "CheckExprLifetime.h"
15#include "clang/AST/APValue.h"
16#include "clang/AST/ASTContext.h"
17#include "clang/AST/ASTDiagnostic.h"
18#include "clang/AST/Attr.h"
19#include "clang/AST/AttrIterator.h"
20#include "clang/AST/CharUnits.h"
21#include "clang/AST/Decl.h"
22#include "clang/AST/DeclBase.h"
23#include "clang/AST/DeclCXX.h"
24#include "clang/AST/DeclObjC.h"
25#include "clang/AST/DeclarationName.h"
26#include "clang/AST/EvaluatedExprVisitor.h"
27#include "clang/AST/Expr.h"
28#include "clang/AST/ExprCXX.h"
29#include "clang/AST/ExprObjC.h"
30#include "clang/AST/FormatString.h"
31#include "clang/AST/IgnoreExpr.h"
32#include "clang/AST/NSAPI.h"
33#include "clang/AST/NonTrivialTypeVisitor.h"
34#include "clang/AST/OperationKinds.h"
35#include "clang/AST/RecordLayout.h"
36#include "clang/AST/Stmt.h"
37#include "clang/AST/TemplateBase.h"
38#include "clang/AST/Type.h"
39#include "clang/AST/TypeLoc.h"
40#include "clang/AST/UnresolvedSet.h"
41#include "clang/Basic/AddressSpaces.h"
42#include "clang/Basic/Diagnostic.h"
43#include "clang/Basic/IdentifierTable.h"
44#include "clang/Basic/LLVM.h"
45#include "clang/Basic/LangOptions.h"
46#include "clang/Basic/OpenCLOptions.h"
47#include "clang/Basic/OperatorKinds.h"
48#include "clang/Basic/PartialDiagnostic.h"
49#include "clang/Basic/SourceLocation.h"
50#include "clang/Basic/SourceManager.h"
51#include "clang/Basic/Specifiers.h"
52#include "clang/Basic/SyncScope.h"
53#include "clang/Basic/TargetInfo.h"
54#include "clang/Basic/TypeTraits.h"
55#include "clang/Lex/Lexer.h" // TODO: Extract static functions to fix layering.
56#include "clang/Sema/Initialization.h"
57#include "clang/Sema/Lookup.h"
58#include "clang/Sema/Ownership.h"
59#include "clang/Sema/Scope.h"
60#include "clang/Sema/ScopeInfo.h"
61#include "clang/Sema/Sema.h"
62#include "clang/Sema/SemaAMDGPU.h"
63#include "clang/Sema/SemaARM.h"
64#include "clang/Sema/SemaBPF.h"
65#include "clang/Sema/SemaDirectX.h"
66#include "clang/Sema/SemaHLSL.h"
67#include "clang/Sema/SemaHexagon.h"
68#include "clang/Sema/SemaLoongArch.h"
69#include "clang/Sema/SemaMIPS.h"
70#include "clang/Sema/SemaNVPTX.h"
71#include "clang/Sema/SemaObjC.h"
72#include "clang/Sema/SemaOpenCL.h"
73#include "clang/Sema/SemaPPC.h"
74#include "clang/Sema/SemaRISCV.h"
75#include "clang/Sema/SemaSPIRV.h"
76#include "clang/Sema/SemaSystemZ.h"
77#include "clang/Sema/SemaWasm.h"
78#include "clang/Sema/SemaX86.h"
79#include "llvm/ADT/APFloat.h"
80#include "llvm/ADT/APInt.h"
81#include "llvm/ADT/APSInt.h"
82#include "llvm/ADT/ArrayRef.h"
83#include "llvm/ADT/DenseMap.h"
84#include "llvm/ADT/FoldingSet.h"
85#include "llvm/ADT/STLExtras.h"
86#include "llvm/ADT/STLForwardCompat.h"
87#include "llvm/ADT/SmallBitVector.h"
88#include "llvm/ADT/SmallPtrSet.h"
89#include "llvm/ADT/SmallString.h"
90#include "llvm/ADT/SmallVector.h"
91#include "llvm/ADT/StringExtras.h"
92#include "llvm/ADT/StringRef.h"
93#include "llvm/ADT/StringSet.h"
94#include "llvm/ADT/StringSwitch.h"
95#include "llvm/Support/AtomicOrdering.h"
96#include "llvm/Support/Compiler.h"
97#include "llvm/Support/ConvertUTF.h"
98#include "llvm/Support/ErrorHandling.h"
99#include "llvm/Support/Format.h"
100#include "llvm/Support/Locale.h"
101#include "llvm/Support/MathExtras.h"
102#include "llvm/Support/SaveAndRestore.h"
103#include "llvm/Support/raw_ostream.h"
104#include "llvm/TargetParser/RISCVTargetParser.h"
105#include "llvm/TargetParser/Triple.h"
106#include <algorithm>
107#include <cassert>
108#include <cctype>
109#include <cstddef>
110#include <cstdint>
111#include <functional>
112#include <limits>
113#include <optional>
114#include <string>
115#include <tuple>
116#include <utility>
117
118using namespace clang;
119using namespace sema;
120
121SourceLocation Sema::getLocationOfStringLiteralByte(const StringLiteral *SL,
122 unsigned ByteNo) const {
123 return SL->getLocationOfByte(ByteNo, SM: getSourceManager(), Features: LangOpts,
124 Target: Context.getTargetInfo());
125}
126
127static constexpr unsigned short combineFAPK(Sema::FormatArgumentPassingKind A,
128 Sema::FormatArgumentPassingKind B) {
129 return (A << 8) | B;
130}
131
132bool Sema::checkArgCountAtLeast(CallExpr *Call, unsigned MinArgCount) {
133 unsigned ArgCount = Call->getNumArgs();
134 if (ArgCount >= MinArgCount)
135 return false;
136
137 return Diag(Loc: Call->getEndLoc(), DiagID: diag::err_typecheck_call_too_few_args)
138 << 0 /*function call*/ << MinArgCount << ArgCount
139 << /*is non object*/ 0 << Call->getSourceRange();
140}
141
142bool Sema::checkArgCountAtMost(CallExpr *Call, unsigned MaxArgCount) {
143 unsigned ArgCount = Call->getNumArgs();
144 if (ArgCount <= MaxArgCount)
145 return false;
146 return Diag(Loc: Call->getEndLoc(), DiagID: diag::err_typecheck_call_too_many_args_at_most)
147 << 0 /*function call*/ << MaxArgCount << ArgCount
148 << /*is non object*/ 0 << Call->getSourceRange();
149}
150
151bool Sema::checkArgCountRange(CallExpr *Call, unsigned MinArgCount,
152 unsigned MaxArgCount) {
153 return checkArgCountAtLeast(Call, MinArgCount) ||
154 checkArgCountAtMost(Call, MaxArgCount);
155}
156
157bool Sema::checkArgCount(CallExpr *Call, unsigned DesiredArgCount) {
158 unsigned ArgCount = Call->getNumArgs();
159 if (ArgCount == DesiredArgCount)
160 return false;
161
162 if (checkArgCountAtLeast(Call, MinArgCount: DesiredArgCount))
163 return true;
164 assert(ArgCount > DesiredArgCount && "should have diagnosed this");
165
166 // Highlight all the excess arguments.
167 SourceRange Range(Call->getArg(Arg: DesiredArgCount)->getBeginLoc(),
168 Call->getArg(Arg: ArgCount - 1)->getEndLoc());
169
170 return Diag(Loc: Range.getBegin(), DiagID: diag::err_typecheck_call_too_many_args)
171 << 0 /*function call*/ << DesiredArgCount << ArgCount
172 << /*is non object*/ 0 << Range;
173}
174
175static bool checkBuiltinVerboseTrap(CallExpr *Call, Sema &S) {
176 bool HasError = false;
177
178 for (unsigned I = 0; I < Call->getNumArgs(); ++I) {
179 Expr *Arg = Call->getArg(Arg: I);
180
181 if (Arg->isValueDependent())
182 continue;
183
184 std::optional<std::string> ArgString = Arg->tryEvaluateString(Ctx&: S.Context);
185 int DiagMsgKind = -1;
186 // Arguments must be pointers to constant strings and cannot use '$'.
187 if (!ArgString.has_value())
188 DiagMsgKind = 0;
189 else if (ArgString->find(c: '$') != std::string::npos)
190 DiagMsgKind = 1;
191
192 if (DiagMsgKind >= 0) {
193 S.Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_builtin_verbose_trap_arg)
194 << DiagMsgKind << Arg->getSourceRange();
195 HasError = true;
196 }
197 }
198
199 return !HasError;
200}
201
202static bool convertArgumentToType(Sema &S, Expr *&Value, QualType Ty) {
203 if (Value->isTypeDependent())
204 return false;
205
206 InitializedEntity Entity =
207 InitializedEntity::InitializeParameter(Context&: S.Context, Type: Ty, Consumed: false);
208 ExprResult Result =
209 S.PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: Value);
210 if (Result.isInvalid())
211 return true;
212 Value = Result.get();
213 return false;
214}
215
216/// Check that the first argument to __builtin_annotation is an integer
217/// and the second argument is a non-wide string literal.
218static bool BuiltinAnnotation(Sema &S, CallExpr *TheCall) {
219 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 2))
220 return true;
221
222 // First argument should be an integer.
223 Expr *ValArg = TheCall->getArg(Arg: 0);
224 QualType Ty = ValArg->getType();
225 if (!Ty->isIntegerType()) {
226 S.Diag(Loc: ValArg->getBeginLoc(), DiagID: diag::err_builtin_annotation_first_arg)
227 << ValArg->getSourceRange();
228 return true;
229 }
230
231 // Second argument should be a constant string.
232 Expr *StrArg = TheCall->getArg(Arg: 1)->IgnoreParenCasts();
233 StringLiteral *Literal = dyn_cast<StringLiteral>(Val: StrArg);
234 if (!Literal || !Literal->isOrdinary()) {
235 S.Diag(Loc: StrArg->getBeginLoc(), DiagID: diag::err_builtin_annotation_second_arg)
236 << StrArg->getSourceRange();
237 return true;
238 }
239
240 TheCall->setType(Ty);
241 return false;
242}
243
244static bool BuiltinMSVCAnnotation(Sema &S, CallExpr *TheCall) {
245 // We need at least one argument.
246 if (TheCall->getNumArgs() < 1) {
247 S.Diag(Loc: TheCall->getEndLoc(), DiagID: diag::err_typecheck_call_too_few_args_at_least)
248 << 0 << 1 << TheCall->getNumArgs() << /*is non object*/ 0
249 << TheCall->getCallee()->getSourceRange();
250 return true;
251 }
252
253 // All arguments should be wide string literals.
254 for (Expr *Arg : TheCall->arguments()) {
255 auto *Literal = dyn_cast<StringLiteral>(Val: Arg->IgnoreParenCasts());
256 if (!Literal || !Literal->isWide()) {
257 S.Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_msvc_annotation_wide_str)
258 << Arg->getSourceRange();
259 return true;
260 }
261 }
262
263 return false;
264}
265
266/// Check that the argument to __builtin_addressof is a glvalue, and set the
267/// result type to the corresponding pointer type.
268static bool BuiltinAddressof(Sema &S, CallExpr *TheCall) {
269 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 1))
270 return true;
271
272 ExprResult Arg(TheCall->getArg(Arg: 0));
273 QualType ResultType = S.CheckAddressOfOperand(Operand&: Arg, OpLoc: TheCall->getBeginLoc());
274 if (ResultType.isNull())
275 return true;
276
277 TheCall->setArg(Arg: 0, ArgExpr: Arg.get());
278 TheCall->setType(ResultType);
279 return false;
280}
281
282/// Check that the argument to __builtin_function_start is a function.
283static bool BuiltinFunctionStart(Sema &S, CallExpr *TheCall) {
284 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 1))
285 return true;
286
287 ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(E: TheCall->getArg(Arg: 0));
288 if (Arg.isInvalid())
289 return true;
290
291 TheCall->setArg(Arg: 0, ArgExpr: Arg.get());
292 const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(
293 Val: Arg.get()->getAsBuiltinConstantDeclRef(Context: S.getASTContext()));
294
295 if (!FD) {
296 S.Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_function_start_invalid_type)
297 << TheCall->getSourceRange();
298 return true;
299 }
300
301 return !S.checkAddressOfFunctionIsAvailable(Function: FD, /*Complain=*/true,
302 Loc: TheCall->getBeginLoc());
303}
304
305/// Check the number of arguments and set the result type to
306/// the argument type.
307static bool BuiltinPreserveAI(Sema &S, CallExpr *TheCall) {
308 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 1))
309 return true;
310
311 TheCall->setType(TheCall->getArg(Arg: 0)->getType());
312 return false;
313}
314
315/// Check that the value argument for __builtin_is_aligned(value, alignment) and
316/// __builtin_aligned_{up,down}(value, alignment) is an integer or a pointer
317/// type (but not a function pointer) and that the alignment is a power-of-two.
318static bool BuiltinAlignment(Sema &S, CallExpr *TheCall, unsigned ID) {
319 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 2))
320 return true;
321
322 clang::Expr *Source = TheCall->getArg(Arg: 0);
323 bool IsBooleanAlignBuiltin = ID == Builtin::BI__builtin_is_aligned;
324
325 auto IsValidIntegerType = [](QualType Ty) {
326 return Ty->isIntegerType() && !Ty->isEnumeralType() && !Ty->isBooleanType();
327 };
328 QualType SrcTy = Source->getType();
329 // We should also be able to use it with arrays (but not functions!).
330 if (SrcTy->canDecayToPointerType() && SrcTy->isArrayType()) {
331 SrcTy = S.Context.getDecayedType(T: SrcTy);
332 }
333 if ((!SrcTy->isPointerType() && !IsValidIntegerType(SrcTy)) ||
334 SrcTy->isFunctionPointerType()) {
335 // FIXME: this is not quite the right error message since we don't allow
336 // floating point types, or member pointers.
337 S.Diag(Loc: Source->getExprLoc(), DiagID: diag::err_typecheck_expect_scalar_operand)
338 << SrcTy;
339 return true;
340 }
341
342 clang::Expr *AlignOp = TheCall->getArg(Arg: 1);
343 if (!IsValidIntegerType(AlignOp->getType())) {
344 S.Diag(Loc: AlignOp->getExprLoc(), DiagID: diag::err_typecheck_expect_int)
345 << AlignOp->getType();
346 return true;
347 }
348 Expr::EvalResult AlignResult;
349 unsigned MaxAlignmentBits = S.Context.getIntWidth(T: SrcTy) - 1;
350 // We can't check validity of alignment if it is value dependent.
351 if (!AlignOp->isValueDependent() &&
352 AlignOp->EvaluateAsInt(Result&: AlignResult, Ctx: S.Context,
353 AllowSideEffects: Expr::SE_AllowSideEffects)) {
354 llvm::APSInt AlignValue = AlignResult.Val.getInt();
355 llvm::APSInt MaxValue(
356 llvm::APInt::getOneBitSet(numBits: MaxAlignmentBits + 1, BitNo: MaxAlignmentBits));
357 if (AlignValue < 1) {
358 S.Diag(Loc: AlignOp->getExprLoc(), DiagID: diag::err_alignment_too_small) << 1;
359 return true;
360 }
361 if (llvm::APSInt::compareValues(I1: AlignValue, I2: MaxValue) > 0) {
362 S.Diag(Loc: AlignOp->getExprLoc(), DiagID: diag::err_alignment_too_big)
363 << toString(I: MaxValue, Radix: 10);
364 return true;
365 }
366 if (!AlignValue.isPowerOf2()) {
367 S.Diag(Loc: AlignOp->getExprLoc(), DiagID: diag::err_alignment_not_power_of_two);
368 return true;
369 }
370 if (AlignValue == 1) {
371 S.Diag(Loc: AlignOp->getExprLoc(), DiagID: diag::warn_alignment_builtin_useless)
372 << IsBooleanAlignBuiltin;
373 }
374 }
375
376 ExprResult SrcArg = S.PerformCopyInitialization(
377 Entity: InitializedEntity::InitializeParameter(Context&: S.Context, Type: SrcTy, Consumed: false),
378 EqualLoc: SourceLocation(), Init: Source);
379 if (SrcArg.isInvalid())
380 return true;
381 TheCall->setArg(Arg: 0, ArgExpr: SrcArg.get());
382 ExprResult AlignArg =
383 S.PerformCopyInitialization(Entity: InitializedEntity::InitializeParameter(
384 Context&: S.Context, Type: AlignOp->getType(), Consumed: false),
385 EqualLoc: SourceLocation(), Init: AlignOp);
386 if (AlignArg.isInvalid())
387 return true;
388 TheCall->setArg(Arg: 1, ArgExpr: AlignArg.get());
389 // For align_up/align_down, the return type is the same as the (potentially
390 // decayed) argument type including qualifiers. For is_aligned(), the result
391 // is always bool.
392 TheCall->setType(IsBooleanAlignBuiltin ? S.Context.BoolTy : SrcTy);
393 return false;
394}
395
396static bool BuiltinOverflow(Sema &S, CallExpr *TheCall, unsigned BuiltinID) {
397 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 3))
398 return true;
399
400 std::pair<unsigned, const char *> Builtins[] = {
401 { Builtin::BI__builtin_add_overflow, "ckd_add" },
402 { Builtin::BI__builtin_sub_overflow, "ckd_sub" },
403 { Builtin::BI__builtin_mul_overflow, "ckd_mul" },
404 };
405
406 bool CkdOperation = llvm::any_of(Range&: Builtins, P: [&](const std::pair<unsigned,
407 const char *> &P) {
408 return BuiltinID == P.first && TheCall->getExprLoc().isMacroID() &&
409 Lexer::getImmediateMacroName(Loc: TheCall->getExprLoc(),
410 SM: S.getSourceManager(), LangOpts: S.getLangOpts()) == P.second;
411 });
412
413 auto ValidCkdIntType = [](QualType QT) {
414 // A valid checked integer type is an integer type other than a plain char,
415 // bool, a bit-precise type, or an enumeration type.
416 if (const auto *BT = QT.getCanonicalType()->getAs<BuiltinType>())
417 return (BT->getKind() >= BuiltinType::Short &&
418 BT->getKind() <= BuiltinType::Int128) || (
419 BT->getKind() >= BuiltinType::UShort &&
420 BT->getKind() <= BuiltinType::UInt128) ||
421 BT->getKind() == BuiltinType::UChar ||
422 BT->getKind() == BuiltinType::SChar;
423 return false;
424 };
425
426 // First two arguments should be integers.
427 for (unsigned I = 0; I < 2; ++I) {
428 ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(E: TheCall->getArg(Arg: I));
429 if (Arg.isInvalid()) return true;
430 TheCall->setArg(Arg: I, ArgExpr: Arg.get());
431
432 QualType Ty = Arg.get()->getType();
433 bool IsValid = CkdOperation ? ValidCkdIntType(Ty) : Ty->isIntegerType();
434 if (!IsValid) {
435 S.Diag(Loc: Arg.get()->getBeginLoc(), DiagID: diag::err_overflow_builtin_must_be_int)
436 << CkdOperation << Ty << Arg.get()->getSourceRange();
437 return true;
438 }
439 }
440
441 // Third argument should be a pointer to a non-const integer.
442 // IRGen correctly handles volatile, restrict, and address spaces, and
443 // the other qualifiers aren't possible.
444 {
445 ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(E: TheCall->getArg(Arg: 2));
446 if (Arg.isInvalid()) return true;
447 TheCall->setArg(Arg: 2, ArgExpr: Arg.get());
448
449 QualType Ty = Arg.get()->getType();
450 const auto *PtrTy = Ty->getAs<PointerType>();
451 if (!PtrTy ||
452 !PtrTy->getPointeeType()->isIntegerType() ||
453 (!ValidCkdIntType(PtrTy->getPointeeType()) && CkdOperation) ||
454 PtrTy->getPointeeType().isConstQualified()) {
455 S.Diag(Loc: Arg.get()->getBeginLoc(),
456 DiagID: diag::err_overflow_builtin_must_be_ptr_int)
457 << CkdOperation << Ty << Arg.get()->getSourceRange();
458 return true;
459 }
460 }
461
462 // Disallow signed bit-precise integer args larger than 128 bits to mul
463 // function until we improve backend support.
464 if (BuiltinID == Builtin::BI__builtin_mul_overflow) {
465 for (unsigned I = 0; I < 3; ++I) {
466 const auto Arg = TheCall->getArg(Arg: I);
467 // Third argument will be a pointer.
468 auto Ty = I < 2 ? Arg->getType() : Arg->getType()->getPointeeType();
469 if (Ty->isBitIntType() && Ty->isSignedIntegerType() &&
470 S.getASTContext().getIntWidth(T: Ty) > 128)
471 return S.Diag(Loc: Arg->getBeginLoc(),
472 DiagID: diag::err_overflow_builtin_bit_int_max_size)
473 << 128;
474 }
475 }
476
477 return false;
478}
479
480namespace {
481struct BuiltinDumpStructGenerator {
482 Sema &S;
483 CallExpr *TheCall;
484 SourceLocation Loc = TheCall->getBeginLoc();
485 SmallVector<Expr *, 32> Actions;
486 DiagnosticErrorTrap ErrorTracker;
487 PrintingPolicy Policy;
488
489 BuiltinDumpStructGenerator(Sema &S, CallExpr *TheCall)
490 : S(S), TheCall(TheCall), ErrorTracker(S.getDiagnostics()),
491 Policy(S.Context.getPrintingPolicy()) {
492 Policy.AnonymousTagLocations = false;
493 }
494
495 Expr *makeOpaqueValueExpr(Expr *Inner) {
496 auto *OVE = new (S.Context)
497 OpaqueValueExpr(Loc, Inner->getType(), Inner->getValueKind(),
498 Inner->getObjectKind(), Inner);
499 Actions.push_back(Elt: OVE);
500 return OVE;
501 }
502
503 Expr *getStringLiteral(llvm::StringRef Str) {
504 Expr *Lit = S.Context.getPredefinedStringLiteralFromCache(Key: Str);
505 // Wrap the literal in parentheses to attach a source location.
506 return new (S.Context) ParenExpr(Loc, Loc, Lit);
507 }
508
509 bool callPrintFunction(llvm::StringRef Format,
510 llvm::ArrayRef<Expr *> Exprs = {}) {
511 SmallVector<Expr *, 8> Args;
512 assert(TheCall->getNumArgs() >= 2);
513 Args.reserve(N: (TheCall->getNumArgs() - 2) + /*Format*/ 1 + Exprs.size());
514 Args.assign(in_start: TheCall->arg_begin() + 2, in_end: TheCall->arg_end());
515 Args.push_back(Elt: getStringLiteral(Str: Format));
516 llvm::append_range(C&: Args, R&: Exprs);
517
518 // Register a note to explain why we're performing the call.
519 Sema::CodeSynthesisContext Ctx;
520 Ctx.Kind = Sema::CodeSynthesisContext::BuildingBuiltinDumpStructCall;
521 Ctx.PointOfInstantiation = Loc;
522 Ctx.CallArgs = Args.data();
523 Ctx.NumCallArgs = Args.size();
524 S.pushCodeSynthesisContext(Ctx);
525
526 ExprResult RealCall =
527 S.BuildCallExpr(/*Scope=*/S: nullptr, Fn: TheCall->getArg(Arg: 1),
528 LParenLoc: TheCall->getBeginLoc(), ArgExprs: Args, RParenLoc: TheCall->getRParenLoc());
529
530 S.popCodeSynthesisContext();
531 if (!RealCall.isInvalid())
532 Actions.push_back(Elt: RealCall.get());
533 // Bail out if we've hit any errors, even if we managed to build the
534 // call. We don't want to produce more than one error.
535 return RealCall.isInvalid() || ErrorTracker.hasErrorOccurred();
536 }
537
538 Expr *getIndentString(unsigned Depth) {
539 if (!Depth)
540 return nullptr;
541
542 llvm::SmallString<32> Indent;
543 Indent.resize(N: Depth * Policy.Indentation, NV: ' ');
544 return getStringLiteral(Str: Indent);
545 }
546
547 Expr *getTypeString(QualType T) {
548 return getStringLiteral(Str: T.getAsString(Policy));
549 }
550
551 bool appendFormatSpecifier(QualType T, llvm::SmallVectorImpl<char> &Str) {
552 llvm::raw_svector_ostream OS(Str);
553
554 // Format 'bool', 'char', 'signed char', 'unsigned char' as numbers, rather
555 // than trying to print a single character.
556 if (auto *BT = T->getAs<BuiltinType>()) {
557 switch (BT->getKind()) {
558 case BuiltinType::Bool:
559 OS << "%d";
560 return true;
561 case BuiltinType::Char_U:
562 case BuiltinType::UChar:
563 OS << "%hhu";
564 return true;
565 case BuiltinType::Char_S:
566 case BuiltinType::SChar:
567 OS << "%hhd";
568 return true;
569 default:
570 break;
571 }
572 }
573
574 analyze_printf::PrintfSpecifier Specifier;
575 if (Specifier.fixType(QT: T, LangOpt: S.getLangOpts(), Ctx&: S.Context, /*IsObjCLiteral=*/false)) {
576 // We were able to guess how to format this.
577 if (Specifier.getConversionSpecifier().getKind() ==
578 analyze_printf::PrintfConversionSpecifier::sArg) {
579 // Wrap double-quotes around a '%s' specifier and limit its maximum
580 // length. Ideally we'd also somehow escape special characters in the
581 // contents but printf doesn't support that.
582 // FIXME: '%s' formatting is not safe in general.
583 OS << '"';
584 Specifier.setPrecision(analyze_printf::OptionalAmount(32u));
585 Specifier.toString(os&: OS);
586 OS << '"';
587 // FIXME: It would be nice to include a '...' if the string doesn't fit
588 // in the length limit.
589 } else {
590 Specifier.toString(os&: OS);
591 }
592 return true;
593 }
594
595 if (T->isPointerType()) {
596 // Format all pointers with '%p'.
597 OS << "%p";
598 return true;
599 }
600
601 return false;
602 }
603
604 bool dumpUnnamedRecord(const RecordDecl *RD, Expr *E, unsigned Depth) {
605 Expr *IndentLit = getIndentString(Depth);
606 Expr *TypeLit = getTypeString(T: S.Context.getRecordType(Decl: RD));
607 if (IndentLit ? callPrintFunction(Format: "%s%s", Exprs: {IndentLit, TypeLit})
608 : callPrintFunction(Format: "%s", Exprs: {TypeLit}))
609 return true;
610
611 return dumpRecordValue(RD, E, RecordIndent: IndentLit, Depth);
612 }
613
614 // Dump a record value. E should be a pointer or lvalue referring to an RD.
615 bool dumpRecordValue(const RecordDecl *RD, Expr *E, Expr *RecordIndent,
616 unsigned Depth) {
617 // FIXME: Decide what to do if RD is a union. At least we should probably
618 // turn off printing `const char*` members with `%s`, because that is very
619 // likely to crash if that's not the active member. Whatever we decide, we
620 // should document it.
621
622 // Build an OpaqueValueExpr so we can refer to E more than once without
623 // triggering re-evaluation.
624 Expr *RecordArg = makeOpaqueValueExpr(Inner: E);
625 bool RecordArgIsPtr = RecordArg->getType()->isPointerType();
626
627 if (callPrintFunction(Format: " {\n"))
628 return true;
629
630 // Dump each base class, regardless of whether they're aggregates.
631 if (const auto *CXXRD = dyn_cast<CXXRecordDecl>(Val: RD)) {
632 for (const auto &Base : CXXRD->bases()) {
633 QualType BaseType =
634 RecordArgIsPtr ? S.Context.getPointerType(T: Base.getType())
635 : S.Context.getLValueReferenceType(T: Base.getType());
636 ExprResult BasePtr = S.BuildCStyleCastExpr(
637 LParenLoc: Loc, Ty: S.Context.getTrivialTypeSourceInfo(T: BaseType, Loc), RParenLoc: Loc,
638 Op: RecordArg);
639 if (BasePtr.isInvalid() ||
640 dumpUnnamedRecord(RD: Base.getType()->getAsRecordDecl(), E: BasePtr.get(),
641 Depth: Depth + 1))
642 return true;
643 }
644 }
645
646 Expr *FieldIndentArg = getIndentString(Depth: Depth + 1);
647
648 // Dump each field.
649 for (auto *D : RD->decls()) {
650 auto *IFD = dyn_cast<IndirectFieldDecl>(Val: D);
651 auto *FD = IFD ? IFD->getAnonField() : dyn_cast<FieldDecl>(Val: D);
652 if (!FD || FD->isUnnamedBitField() || FD->isAnonymousStructOrUnion())
653 continue;
654
655 llvm::SmallString<20> Format = llvm::StringRef("%s%s %s ");
656 llvm::SmallVector<Expr *, 5> Args = {FieldIndentArg,
657 getTypeString(T: FD->getType()),
658 getStringLiteral(Str: FD->getName())};
659
660 if (FD->isBitField()) {
661 Format += ": %zu ";
662 QualType SizeT = S.Context.getSizeType();
663 llvm::APInt BitWidth(S.Context.getIntWidth(T: SizeT),
664 FD->getBitWidthValue());
665 Args.push_back(Elt: IntegerLiteral::Create(C: S.Context, V: BitWidth, type: SizeT, l: Loc));
666 }
667
668 Format += "=";
669
670 ExprResult Field =
671 IFD ? S.BuildAnonymousStructUnionMemberReference(
672 SS: CXXScopeSpec(), nameLoc: Loc, indirectField: IFD,
673 FoundDecl: DeclAccessPair::make(D: IFD, AS: AS_public), baseObjectExpr: RecordArg, opLoc: Loc)
674 : S.BuildFieldReferenceExpr(
675 BaseExpr: RecordArg, IsArrow: RecordArgIsPtr, OpLoc: Loc, SS: CXXScopeSpec(), Field: FD,
676 FoundDecl: DeclAccessPair::make(D: FD, AS: AS_public),
677 MemberNameInfo: DeclarationNameInfo(FD->getDeclName(), Loc));
678 if (Field.isInvalid())
679 return true;
680
681 auto *InnerRD = FD->getType()->getAsRecordDecl();
682 auto *InnerCXXRD = dyn_cast_or_null<CXXRecordDecl>(Val: InnerRD);
683 if (InnerRD && (!InnerCXXRD || InnerCXXRD->isAggregate())) {
684 // Recursively print the values of members of aggregate record type.
685 if (callPrintFunction(Format, Exprs: Args) ||
686 dumpRecordValue(RD: InnerRD, E: Field.get(), RecordIndent: FieldIndentArg, Depth: Depth + 1))
687 return true;
688 } else {
689 Format += " ";
690 if (appendFormatSpecifier(T: FD->getType(), Str&: Format)) {
691 // We know how to print this field.
692 Args.push_back(Elt: Field.get());
693 } else {
694 // We don't know how to print this field. Print out its address
695 // with a format specifier that a smart tool will be able to
696 // recognize and treat specially.
697 Format += "*%p";
698 ExprResult FieldAddr =
699 S.BuildUnaryOp(S: nullptr, OpLoc: Loc, Opc: UO_AddrOf, Input: Field.get());
700 if (FieldAddr.isInvalid())
701 return true;
702 Args.push_back(Elt: FieldAddr.get());
703 }
704 Format += "\n";
705 if (callPrintFunction(Format, Exprs: Args))
706 return true;
707 }
708 }
709
710 return RecordIndent ? callPrintFunction(Format: "%s}\n", Exprs: RecordIndent)
711 : callPrintFunction(Format: "}\n");
712 }
713
714 Expr *buildWrapper() {
715 auto *Wrapper = PseudoObjectExpr::Create(Context: S.Context, syntactic: TheCall, semantic: Actions,
716 resultIndex: PseudoObjectExpr::NoResult);
717 TheCall->setType(Wrapper->getType());
718 TheCall->setValueKind(Wrapper->getValueKind());
719 return Wrapper;
720 }
721};
722} // namespace
723
724static ExprResult BuiltinDumpStruct(Sema &S, CallExpr *TheCall) {
725 if (S.checkArgCountAtLeast(Call: TheCall, MinArgCount: 2))
726 return ExprError();
727
728 ExprResult PtrArgResult = S.DefaultLvalueConversion(E: TheCall->getArg(Arg: 0));
729 if (PtrArgResult.isInvalid())
730 return ExprError();
731 TheCall->setArg(Arg: 0, ArgExpr: PtrArgResult.get());
732
733 // First argument should be a pointer to a struct.
734 QualType PtrArgType = PtrArgResult.get()->getType();
735 if (!PtrArgType->isPointerType() ||
736 !PtrArgType->getPointeeType()->isRecordType()) {
737 S.Diag(Loc: PtrArgResult.get()->getBeginLoc(),
738 DiagID: diag::err_expected_struct_pointer_argument)
739 << 1 << TheCall->getDirectCallee() << PtrArgType;
740 return ExprError();
741 }
742 QualType Pointee = PtrArgType->getPointeeType();
743 const RecordDecl *RD = Pointee->getAsRecordDecl();
744 // Try to instantiate the class template as appropriate; otherwise, access to
745 // its data() may lead to a crash.
746 if (S.RequireCompleteType(Loc: PtrArgResult.get()->getBeginLoc(), T: Pointee,
747 DiagID: diag::err_incomplete_type))
748 return ExprError();
749 // Second argument is a callable, but we can't fully validate it until we try
750 // calling it.
751 QualType FnArgType = TheCall->getArg(Arg: 1)->getType();
752 if (!FnArgType->isFunctionType() && !FnArgType->isFunctionPointerType() &&
753 !FnArgType->isBlockPointerType() &&
754 !(S.getLangOpts().CPlusPlus && FnArgType->isRecordType())) {
755 auto *BT = FnArgType->getAs<BuiltinType>();
756 switch (BT ? BT->getKind() : BuiltinType::Void) {
757 case BuiltinType::Dependent:
758 case BuiltinType::Overload:
759 case BuiltinType::BoundMember:
760 case BuiltinType::PseudoObject:
761 case BuiltinType::UnknownAny:
762 case BuiltinType::BuiltinFn:
763 // This might be a callable.
764 break;
765
766 default:
767 S.Diag(Loc: TheCall->getArg(Arg: 1)->getBeginLoc(),
768 DiagID: diag::err_expected_callable_argument)
769 << 2 << TheCall->getDirectCallee() << FnArgType;
770 return ExprError();
771 }
772 }
773
774 BuiltinDumpStructGenerator Generator(S, TheCall);
775
776 // Wrap parentheses around the given pointer. This is not necessary for
777 // correct code generation, but it means that when we pretty-print the call
778 // arguments in our diagnostics we will produce '(&s)->n' instead of the
779 // incorrect '&s->n'.
780 Expr *PtrArg = PtrArgResult.get();
781 PtrArg = new (S.Context)
782 ParenExpr(PtrArg->getBeginLoc(),
783 S.getLocForEndOfToken(Loc: PtrArg->getEndLoc()), PtrArg);
784 if (Generator.dumpUnnamedRecord(RD, E: PtrArg, Depth: 0))
785 return ExprError();
786
787 return Generator.buildWrapper();
788}
789
790static bool BuiltinCallWithStaticChain(Sema &S, CallExpr *BuiltinCall) {
791 if (S.checkArgCount(Call: BuiltinCall, DesiredArgCount: 2))
792 return true;
793
794 SourceLocation BuiltinLoc = BuiltinCall->getBeginLoc();
795 Expr *Builtin = BuiltinCall->getCallee()->IgnoreImpCasts();
796 Expr *Call = BuiltinCall->getArg(Arg: 0);
797 Expr *Chain = BuiltinCall->getArg(Arg: 1);
798
799 if (Call->getStmtClass() != Stmt::CallExprClass) {
800 S.Diag(Loc: BuiltinLoc, DiagID: diag::err_first_argument_to_cwsc_not_call)
801 << Call->getSourceRange();
802 return true;
803 }
804
805 auto CE = cast<CallExpr>(Val: Call);
806 if (CE->getCallee()->getType()->isBlockPointerType()) {
807 S.Diag(Loc: BuiltinLoc, DiagID: diag::err_first_argument_to_cwsc_block_call)
808 << Call->getSourceRange();
809 return true;
810 }
811
812 const Decl *TargetDecl = CE->getCalleeDecl();
813 if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(Val: TargetDecl))
814 if (FD->getBuiltinID()) {
815 S.Diag(Loc: BuiltinLoc, DiagID: diag::err_first_argument_to_cwsc_builtin_call)
816 << Call->getSourceRange();
817 return true;
818 }
819
820 if (isa<CXXPseudoDestructorExpr>(Val: CE->getCallee()->IgnoreParens())) {
821 S.Diag(Loc: BuiltinLoc, DiagID: diag::err_first_argument_to_cwsc_pdtor_call)
822 << Call->getSourceRange();
823 return true;
824 }
825
826 ExprResult ChainResult = S.UsualUnaryConversions(E: Chain);
827 if (ChainResult.isInvalid())
828 return true;
829 if (!ChainResult.get()->getType()->isPointerType()) {
830 S.Diag(Loc: BuiltinLoc, DiagID: diag::err_second_argument_to_cwsc_not_pointer)
831 << Chain->getSourceRange();
832 return true;
833 }
834
835 QualType ReturnTy = CE->getCallReturnType(Ctx: S.Context);
836 QualType ArgTys[2] = { ReturnTy, ChainResult.get()->getType() };
837 QualType BuiltinTy = S.Context.getFunctionType(
838 ResultTy: ReturnTy, Args: ArgTys, EPI: FunctionProtoType::ExtProtoInfo());
839 QualType BuiltinPtrTy = S.Context.getPointerType(T: BuiltinTy);
840
841 Builtin =
842 S.ImpCastExprToType(E: Builtin, Type: BuiltinPtrTy, CK: CK_BuiltinFnToFnPtr).get();
843
844 BuiltinCall->setType(CE->getType());
845 BuiltinCall->setValueKind(CE->getValueKind());
846 BuiltinCall->setObjectKind(CE->getObjectKind());
847 BuiltinCall->setCallee(Builtin);
848 BuiltinCall->setArg(Arg: 1, ArgExpr: ChainResult.get());
849
850 return false;
851}
852
853namespace {
854
855class ScanfDiagnosticFormatHandler
856 : public analyze_format_string::FormatStringHandler {
857 // Accepts the argument index (relative to the first destination index) of the
858 // argument whose size we want.
859 using ComputeSizeFunction =
860 llvm::function_ref<std::optional<llvm::APSInt>(unsigned)>;
861
862 // Accepts the argument index (relative to the first destination index), the
863 // destination size, and the source size).
864 using DiagnoseFunction =
865 llvm::function_ref<void(unsigned, unsigned, unsigned)>;
866
867 ComputeSizeFunction ComputeSizeArgument;
868 DiagnoseFunction Diagnose;
869
870public:
871 ScanfDiagnosticFormatHandler(ComputeSizeFunction ComputeSizeArgument,
872 DiagnoseFunction Diagnose)
873 : ComputeSizeArgument(ComputeSizeArgument), Diagnose(Diagnose) {}
874
875 bool HandleScanfSpecifier(const analyze_scanf::ScanfSpecifier &FS,
876 const char *StartSpecifier,
877 unsigned specifierLen) override {
878 if (!FS.consumesDataArgument())
879 return true;
880
881 unsigned NulByte = 0;
882 switch ((FS.getConversionSpecifier().getKind())) {
883 default:
884 return true;
885 case analyze_format_string::ConversionSpecifier::sArg:
886 case analyze_format_string::ConversionSpecifier::ScanListArg:
887 NulByte = 1;
888 break;
889 case analyze_format_string::ConversionSpecifier::cArg:
890 break;
891 }
892
893 analyze_format_string::OptionalAmount FW = FS.getFieldWidth();
894 if (FW.getHowSpecified() !=
895 analyze_format_string::OptionalAmount::HowSpecified::Constant)
896 return true;
897
898 unsigned SourceSize = FW.getConstantAmount() + NulByte;
899
900 std::optional<llvm::APSInt> DestSizeAPS =
901 ComputeSizeArgument(FS.getArgIndex());
902 if (!DestSizeAPS)
903 return true;
904
905 unsigned DestSize = DestSizeAPS->getZExtValue();
906
907 if (DestSize < SourceSize)
908 Diagnose(FS.getArgIndex(), DestSize, SourceSize);
909
910 return true;
911 }
912};
913
914class EstimateSizeFormatHandler
915 : public analyze_format_string::FormatStringHandler {
916 size_t Size;
917 /// Whether the format string contains Linux kernel's format specifier
918 /// extension.
919 bool IsKernelCompatible = true;
920
921public:
922 EstimateSizeFormatHandler(StringRef Format)
923 : Size(std::min(a: Format.find(C: 0), b: Format.size()) +
924 1 /* null byte always written by sprintf */) {}
925
926 bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,
927 const char *, unsigned SpecifierLen,
928 const TargetInfo &) override {
929
930 const size_t FieldWidth = computeFieldWidth(FS);
931 const size_t Precision = computePrecision(FS);
932
933 // The actual format.
934 switch (FS.getConversionSpecifier().getKind()) {
935 // Just a char.
936 case analyze_format_string::ConversionSpecifier::cArg:
937 case analyze_format_string::ConversionSpecifier::CArg:
938 Size += std::max(a: FieldWidth, b: (size_t)1);
939 break;
940 // Just an integer.
941 case analyze_format_string::ConversionSpecifier::dArg:
942 case analyze_format_string::ConversionSpecifier::DArg:
943 case analyze_format_string::ConversionSpecifier::iArg:
944 case analyze_format_string::ConversionSpecifier::oArg:
945 case analyze_format_string::ConversionSpecifier::OArg:
946 case analyze_format_string::ConversionSpecifier::uArg:
947 case analyze_format_string::ConversionSpecifier::UArg:
948 case analyze_format_string::ConversionSpecifier::xArg:
949 case analyze_format_string::ConversionSpecifier::XArg:
950 Size += std::max(a: FieldWidth, b: Precision);
951 break;
952
953 // %g style conversion switches between %f or %e style dynamically.
954 // %g removes trailing zeros, and does not print decimal point if there are
955 // no digits that follow it. Thus %g can print a single digit.
956 // FIXME: If it is alternative form:
957 // For g and G conversions, trailing zeros are not removed from the result.
958 case analyze_format_string::ConversionSpecifier::gArg:
959 case analyze_format_string::ConversionSpecifier::GArg:
960 Size += 1;
961 break;
962
963 // Floating point number in the form '[+]ddd.ddd'.
964 case analyze_format_string::ConversionSpecifier::fArg:
965 case analyze_format_string::ConversionSpecifier::FArg:
966 Size += std::max(a: FieldWidth, b: 1 /* integer part */ +
967 (Precision ? 1 + Precision
968 : 0) /* period + decimal */);
969 break;
970
971 // Floating point number in the form '[-]d.ddde[+-]dd'.
972 case analyze_format_string::ConversionSpecifier::eArg:
973 case analyze_format_string::ConversionSpecifier::EArg:
974 Size +=
975 std::max(a: FieldWidth,
976 b: 1 /* integer part */ +
977 (Precision ? 1 + Precision : 0) /* period + decimal */ +
978 1 /* e or E letter */ + 2 /* exponent */);
979 break;
980
981 // Floating point number in the form '[-]0xh.hhhhp±dd'.
982 case analyze_format_string::ConversionSpecifier::aArg:
983 case analyze_format_string::ConversionSpecifier::AArg:
984 Size +=
985 std::max(a: FieldWidth,
986 b: 2 /* 0x */ + 1 /* integer part */ +
987 (Precision ? 1 + Precision : 0) /* period + decimal */ +
988 1 /* p or P letter */ + 1 /* + or - */ + 1 /* value */);
989 break;
990
991 // Just a string.
992 case analyze_format_string::ConversionSpecifier::sArg:
993 case analyze_format_string::ConversionSpecifier::SArg:
994 Size += FieldWidth;
995 break;
996
997 // Just a pointer in the form '0xddd'.
998 case analyze_format_string::ConversionSpecifier::pArg:
999 // Linux kernel has its own extesion for `%p` specifier.
1000 // Kernel Document:
1001 // https://docs.kernel.org/core-api/printk-formats.html#pointer-types
1002 IsKernelCompatible = false;
1003 Size += std::max(a: FieldWidth, b: 2 /* leading 0x */ + Precision);
1004 break;
1005
1006 // A plain percent.
1007 case analyze_format_string::ConversionSpecifier::PercentArg:
1008 Size += 1;
1009 break;
1010
1011 default:
1012 break;
1013 }
1014
1015 // If field width is specified, the sign/space is already accounted for
1016 // within the field width, so no additional size is needed.
1017 if ((FS.hasPlusPrefix() || FS.hasSpacePrefix()) && FieldWidth == 0)
1018 Size += 1;
1019
1020 if (FS.hasAlternativeForm()) {
1021 switch (FS.getConversionSpecifier().getKind()) {
1022 // For o conversion, it increases the precision, if and only if necessary,
1023 // to force the first digit of the result to be a zero
1024 // (if the value and precision are both 0, a single 0 is printed)
1025 case analyze_format_string::ConversionSpecifier::oArg:
1026 // For b conversion, a nonzero result has 0b prefixed to it.
1027 case analyze_format_string::ConversionSpecifier::bArg:
1028 // For x (or X) conversion, a nonzero result has 0x (or 0X) prefixed to
1029 // it.
1030 case analyze_format_string::ConversionSpecifier::xArg:
1031 case analyze_format_string::ConversionSpecifier::XArg:
1032 // Note: even when the prefix is added, if
1033 // (prefix_width <= FieldWidth - formatted_length) holds,
1034 // the prefix does not increase the format
1035 // size. e.g.(("%#3x", 0xf) is "0xf")
1036
1037 // If the result is zero, o, b, x, X adds nothing.
1038 break;
1039 // For a, A, e, E, f, F, g, and G conversions,
1040 // the result of converting a floating-point number always contains a
1041 // decimal-point
1042 case analyze_format_string::ConversionSpecifier::aArg:
1043 case analyze_format_string::ConversionSpecifier::AArg:
1044 case analyze_format_string::ConversionSpecifier::eArg:
1045 case analyze_format_string::ConversionSpecifier::EArg:
1046 case analyze_format_string::ConversionSpecifier::fArg:
1047 case analyze_format_string::ConversionSpecifier::FArg:
1048 case analyze_format_string::ConversionSpecifier::gArg:
1049 case analyze_format_string::ConversionSpecifier::GArg:
1050 Size += (Precision ? 0 : 1);
1051 break;
1052 // For other conversions, the behavior is undefined.
1053 default:
1054 break;
1055 }
1056 }
1057 assert(SpecifierLen <= Size && "no underflow");
1058 Size -= SpecifierLen;
1059 return true;
1060 }
1061
1062 size_t getSizeLowerBound() const { return Size; }
1063 bool isKernelCompatible() const { return IsKernelCompatible; }
1064
1065private:
1066 static size_t computeFieldWidth(const analyze_printf::PrintfSpecifier &FS) {
1067 const analyze_format_string::OptionalAmount &FW = FS.getFieldWidth();
1068 size_t FieldWidth = 0;
1069 if (FW.getHowSpecified() == analyze_format_string::OptionalAmount::Constant)
1070 FieldWidth = FW.getConstantAmount();
1071 return FieldWidth;
1072 }
1073
1074 static size_t computePrecision(const analyze_printf::PrintfSpecifier &FS) {
1075 const analyze_format_string::OptionalAmount &FW = FS.getPrecision();
1076 size_t Precision = 0;
1077
1078 // See man 3 printf for default precision value based on the specifier.
1079 switch (FW.getHowSpecified()) {
1080 case analyze_format_string::OptionalAmount::NotSpecified:
1081 switch (FS.getConversionSpecifier().getKind()) {
1082 default:
1083 break;
1084 case analyze_format_string::ConversionSpecifier::dArg: // %d
1085 case analyze_format_string::ConversionSpecifier::DArg: // %D
1086 case analyze_format_string::ConversionSpecifier::iArg: // %i
1087 Precision = 1;
1088 break;
1089 case analyze_format_string::ConversionSpecifier::oArg: // %d
1090 case analyze_format_string::ConversionSpecifier::OArg: // %D
1091 case analyze_format_string::ConversionSpecifier::uArg: // %d
1092 case analyze_format_string::ConversionSpecifier::UArg: // %D
1093 case analyze_format_string::ConversionSpecifier::xArg: // %d
1094 case analyze_format_string::ConversionSpecifier::XArg: // %D
1095 Precision = 1;
1096 break;
1097 case analyze_format_string::ConversionSpecifier::fArg: // %f
1098 case analyze_format_string::ConversionSpecifier::FArg: // %F
1099 case analyze_format_string::ConversionSpecifier::eArg: // %e
1100 case analyze_format_string::ConversionSpecifier::EArg: // %E
1101 case analyze_format_string::ConversionSpecifier::gArg: // %g
1102 case analyze_format_string::ConversionSpecifier::GArg: // %G
1103 Precision = 6;
1104 break;
1105 case analyze_format_string::ConversionSpecifier::pArg: // %d
1106 Precision = 1;
1107 break;
1108 }
1109 break;
1110 case analyze_format_string::OptionalAmount::Constant:
1111 Precision = FW.getConstantAmount();
1112 break;
1113 default:
1114 break;
1115 }
1116 return Precision;
1117 }
1118};
1119
1120} // namespace
1121
1122static bool ProcessFormatStringLiteral(const Expr *FormatExpr,
1123 StringRef &FormatStrRef, size_t &StrLen,
1124 ASTContext &Context) {
1125 if (const auto *Format = dyn_cast<StringLiteral>(Val: FormatExpr);
1126 Format && (Format->isOrdinary() || Format->isUTF8())) {
1127 FormatStrRef = Format->getString();
1128 const ConstantArrayType *T =
1129 Context.getAsConstantArrayType(T: Format->getType());
1130 assert(T && "String literal not of constant array type!");
1131 size_t TypeSize = T->getZExtSize();
1132 // In case there's a null byte somewhere.
1133 StrLen = std::min(a: std::max(a: TypeSize, b: size_t(1)) - 1, b: FormatStrRef.find(C: 0));
1134 return true;
1135 }
1136 return false;
1137}
1138
1139void Sema::checkFortifiedBuiltinMemoryFunction(FunctionDecl *FD,
1140 CallExpr *TheCall) {
1141 if (TheCall->isValueDependent() || TheCall->isTypeDependent() ||
1142 isConstantEvaluatedContext())
1143 return;
1144
1145 bool UseDABAttr = false;
1146 const FunctionDecl *UseDecl = FD;
1147
1148 const auto *DABAttr = FD->getAttr<DiagnoseAsBuiltinAttr>();
1149 if (DABAttr) {
1150 UseDecl = DABAttr->getFunction();
1151 assert(UseDecl && "Missing FunctionDecl in DiagnoseAsBuiltin attribute!");
1152 UseDABAttr = true;
1153 }
1154
1155 unsigned BuiltinID = UseDecl->getBuiltinID(/*ConsiderWrappers=*/ConsiderWrapperFunctions: true);
1156
1157 if (!BuiltinID)
1158 return;
1159
1160 const TargetInfo &TI = getASTContext().getTargetInfo();
1161 unsigned SizeTypeWidth = TI.getTypeWidth(T: TI.getSizeType());
1162
1163 auto TranslateIndex = [&](unsigned Index) -> std::optional<unsigned> {
1164 // If we refer to a diagnose_as_builtin attribute, we need to change the
1165 // argument index to refer to the arguments of the called function. Unless
1166 // the index is out of bounds, which presumably means it's a variadic
1167 // function.
1168 if (!UseDABAttr)
1169 return Index;
1170 unsigned DABIndices = DABAttr->argIndices_size();
1171 unsigned NewIndex = Index < DABIndices
1172 ? DABAttr->argIndices_begin()[Index]
1173 : Index - DABIndices + FD->getNumParams();
1174 if (NewIndex >= TheCall->getNumArgs())
1175 return std::nullopt;
1176 return NewIndex;
1177 };
1178
1179 auto ComputeExplicitObjectSizeArgument =
1180 [&](unsigned Index) -> std::optional<llvm::APSInt> {
1181 std::optional<unsigned> IndexOptional = TranslateIndex(Index);
1182 if (!IndexOptional)
1183 return std::nullopt;
1184 unsigned NewIndex = *IndexOptional;
1185 Expr::EvalResult Result;
1186 Expr *SizeArg = TheCall->getArg(Arg: NewIndex);
1187 if (!SizeArg->EvaluateAsInt(Result, Ctx: getASTContext()))
1188 return std::nullopt;
1189 llvm::APSInt Integer = Result.Val.getInt();
1190 Integer.setIsUnsigned(true);
1191 return Integer;
1192 };
1193
1194 auto ComputeSizeArgument =
1195 [&](unsigned Index) -> std::optional<llvm::APSInt> {
1196 // If the parameter has a pass_object_size attribute, then we should use its
1197 // (potentially) more strict checking mode. Otherwise, conservatively assume
1198 // type 0.
1199 int BOSType = 0;
1200 // This check can fail for variadic functions.
1201 if (Index < FD->getNumParams()) {
1202 if (const auto *POS =
1203 FD->getParamDecl(i: Index)->getAttr<PassObjectSizeAttr>())
1204 BOSType = POS->getType();
1205 }
1206
1207 std::optional<unsigned> IndexOptional = TranslateIndex(Index);
1208 if (!IndexOptional)
1209 return std::nullopt;
1210 unsigned NewIndex = *IndexOptional;
1211
1212 if (NewIndex >= TheCall->getNumArgs())
1213 return std::nullopt;
1214
1215 const Expr *ObjArg = TheCall->getArg(Arg: NewIndex);
1216 uint64_t Result;
1217 if (!ObjArg->tryEvaluateObjectSize(Result, Ctx&: getASTContext(), Type: BOSType))
1218 return std::nullopt;
1219
1220 // Get the object size in the target's size_t width.
1221 return llvm::APSInt::getUnsigned(X: Result).extOrTrunc(width: SizeTypeWidth);
1222 };
1223
1224 auto ComputeStrLenArgument =
1225 [&](unsigned Index) -> std::optional<llvm::APSInt> {
1226 std::optional<unsigned> IndexOptional = TranslateIndex(Index);
1227 if (!IndexOptional)
1228 return std::nullopt;
1229 unsigned NewIndex = *IndexOptional;
1230
1231 const Expr *ObjArg = TheCall->getArg(Arg: NewIndex);
1232 uint64_t Result;
1233 if (!ObjArg->tryEvaluateStrLen(Result, Ctx&: getASTContext()))
1234 return std::nullopt;
1235 // Add 1 for null byte.
1236 return llvm::APSInt::getUnsigned(X: Result + 1).extOrTrunc(width: SizeTypeWidth);
1237 };
1238
1239 std::optional<llvm::APSInt> SourceSize;
1240 std::optional<llvm::APSInt> DestinationSize;
1241 unsigned DiagID = 0;
1242 bool IsChkVariant = false;
1243
1244 auto GetFunctionName = [&]() {
1245 std::string FunctionNameStr =
1246 getASTContext().BuiltinInfo.getName(ID: BuiltinID);
1247 llvm::StringRef FunctionName = FunctionNameStr;
1248 // Skim off the details of whichever builtin was called to produce a better
1249 // diagnostic, as it's unlikely that the user wrote the __builtin
1250 // explicitly.
1251 if (IsChkVariant) {
1252 FunctionName = FunctionName.drop_front(N: std::strlen(s: "__builtin___"));
1253 FunctionName = FunctionName.drop_back(N: std::strlen(s: "_chk"));
1254 } else {
1255 FunctionName.consume_front(Prefix: "__builtin_");
1256 }
1257 return FunctionName.str();
1258 };
1259
1260 switch (BuiltinID) {
1261 default:
1262 return;
1263 case Builtin::BI__builtin_stpcpy:
1264 case Builtin::BIstpcpy:
1265 case Builtin::BI__builtin_strcpy:
1266 case Builtin::BIstrcpy: {
1267 DiagID = diag::warn_fortify_strlen_overflow;
1268 SourceSize = ComputeStrLenArgument(1);
1269 DestinationSize = ComputeSizeArgument(0);
1270 break;
1271 }
1272
1273 case Builtin::BI__builtin___stpcpy_chk:
1274 case Builtin::BI__builtin___strcpy_chk: {
1275 DiagID = diag::warn_fortify_strlen_overflow;
1276 SourceSize = ComputeStrLenArgument(1);
1277 DestinationSize = ComputeExplicitObjectSizeArgument(2);
1278 IsChkVariant = true;
1279 break;
1280 }
1281
1282 case Builtin::BIscanf:
1283 case Builtin::BIfscanf:
1284 case Builtin::BIsscanf: {
1285 unsigned FormatIndex = 1;
1286 unsigned DataIndex = 2;
1287 if (BuiltinID == Builtin::BIscanf) {
1288 FormatIndex = 0;
1289 DataIndex = 1;
1290 }
1291
1292 const auto *FormatExpr =
1293 TheCall->getArg(Arg: FormatIndex)->IgnoreParenImpCasts();
1294
1295 StringRef FormatStrRef;
1296 size_t StrLen;
1297 if (!ProcessFormatStringLiteral(FormatExpr, FormatStrRef, StrLen, Context))
1298 return;
1299
1300 auto Diagnose = [&](unsigned ArgIndex, unsigned DestSize,
1301 unsigned SourceSize) {
1302 DiagID = diag::warn_fortify_scanf_overflow;
1303 unsigned Index = ArgIndex + DataIndex;
1304 std::string FunctionName = GetFunctionName();
1305 DiagRuntimeBehavior(Loc: TheCall->getArg(Arg: Index)->getBeginLoc(), Statement: TheCall,
1306 PD: PDiag(DiagID) << FunctionName << (Index + 1)
1307 << DestSize << SourceSize);
1308 };
1309
1310 auto ShiftedComputeSizeArgument = [&](unsigned Index) {
1311 return ComputeSizeArgument(Index + DataIndex);
1312 };
1313 ScanfDiagnosticFormatHandler H(ShiftedComputeSizeArgument, Diagnose);
1314 const char *FormatBytes = FormatStrRef.data();
1315 analyze_format_string::ParseScanfString(H, beg: FormatBytes,
1316 end: FormatBytes + StrLen, LO: getLangOpts(),
1317 Target: Context.getTargetInfo());
1318
1319 // Unlike the other cases, in this one we have already issued the diagnostic
1320 // here, so no need to continue (because unlike the other cases, here the
1321 // diagnostic refers to the argument number).
1322 return;
1323 }
1324
1325 case Builtin::BIsprintf:
1326 case Builtin::BI__builtin___sprintf_chk: {
1327 size_t FormatIndex = BuiltinID == Builtin::BIsprintf ? 1 : 3;
1328 auto *FormatExpr = TheCall->getArg(Arg: FormatIndex)->IgnoreParenImpCasts();
1329
1330 StringRef FormatStrRef;
1331 size_t StrLen;
1332 if (ProcessFormatStringLiteral(FormatExpr, FormatStrRef, StrLen, Context)) {
1333 EstimateSizeFormatHandler H(FormatStrRef);
1334 const char *FormatBytes = FormatStrRef.data();
1335 if (!analyze_format_string::ParsePrintfString(
1336 H, beg: FormatBytes, end: FormatBytes + StrLen, LO: getLangOpts(),
1337 Target: Context.getTargetInfo(), isFreeBSDKPrintf: false)) {
1338 DiagID = H.isKernelCompatible()
1339 ? diag::warn_format_overflow
1340 : diag::warn_format_overflow_non_kprintf;
1341 SourceSize = llvm::APSInt::getUnsigned(X: H.getSizeLowerBound())
1342 .extOrTrunc(width: SizeTypeWidth);
1343 if (BuiltinID == Builtin::BI__builtin___sprintf_chk) {
1344 DestinationSize = ComputeExplicitObjectSizeArgument(2);
1345 IsChkVariant = true;
1346 } else {
1347 DestinationSize = ComputeSizeArgument(0);
1348 }
1349 break;
1350 }
1351 }
1352 return;
1353 }
1354 case Builtin::BI__builtin___memcpy_chk:
1355 case Builtin::BI__builtin___memmove_chk:
1356 case Builtin::BI__builtin___memset_chk:
1357 case Builtin::BI__builtin___strlcat_chk:
1358 case Builtin::BI__builtin___strlcpy_chk:
1359 case Builtin::BI__builtin___strncat_chk:
1360 case Builtin::BI__builtin___strncpy_chk:
1361 case Builtin::BI__builtin___stpncpy_chk:
1362 case Builtin::BI__builtin___memccpy_chk:
1363 case Builtin::BI__builtin___mempcpy_chk: {
1364 DiagID = diag::warn_builtin_chk_overflow;
1365 SourceSize = ComputeExplicitObjectSizeArgument(TheCall->getNumArgs() - 2);
1366 DestinationSize =
1367 ComputeExplicitObjectSizeArgument(TheCall->getNumArgs() - 1);
1368 IsChkVariant = true;
1369 break;
1370 }
1371
1372 case Builtin::BI__builtin___snprintf_chk:
1373 case Builtin::BI__builtin___vsnprintf_chk: {
1374 DiagID = diag::warn_builtin_chk_overflow;
1375 SourceSize = ComputeExplicitObjectSizeArgument(1);
1376 DestinationSize = ComputeExplicitObjectSizeArgument(3);
1377 IsChkVariant = true;
1378 break;
1379 }
1380
1381 case Builtin::BIstrncat:
1382 case Builtin::BI__builtin_strncat:
1383 case Builtin::BIstrncpy:
1384 case Builtin::BI__builtin_strncpy:
1385 case Builtin::BIstpncpy:
1386 case Builtin::BI__builtin_stpncpy: {
1387 // Whether these functions overflow depends on the runtime strlen of the
1388 // string, not just the buffer size, so emitting the "always overflow"
1389 // diagnostic isn't quite right. We should still diagnose passing a buffer
1390 // size larger than the destination buffer though; this is a runtime abort
1391 // in _FORTIFY_SOURCE mode, and is quite suspicious otherwise.
1392 DiagID = diag::warn_fortify_source_size_mismatch;
1393 SourceSize = ComputeExplicitObjectSizeArgument(TheCall->getNumArgs() - 1);
1394 DestinationSize = ComputeSizeArgument(0);
1395 break;
1396 }
1397
1398 case Builtin::BImemcpy:
1399 case Builtin::BI__builtin_memcpy:
1400 case Builtin::BImemmove:
1401 case Builtin::BI__builtin_memmove:
1402 case Builtin::BImemset:
1403 case Builtin::BI__builtin_memset:
1404 case Builtin::BImempcpy:
1405 case Builtin::BI__builtin_mempcpy: {
1406 DiagID = diag::warn_fortify_source_overflow;
1407 SourceSize = ComputeExplicitObjectSizeArgument(TheCall->getNumArgs() - 1);
1408 DestinationSize = ComputeSizeArgument(0);
1409 break;
1410 }
1411 case Builtin::BIsnprintf:
1412 case Builtin::BI__builtin_snprintf:
1413 case Builtin::BIvsnprintf:
1414 case Builtin::BI__builtin_vsnprintf: {
1415 DiagID = diag::warn_fortify_source_size_mismatch;
1416 SourceSize = ComputeExplicitObjectSizeArgument(1);
1417 const auto *FormatExpr = TheCall->getArg(Arg: 2)->IgnoreParenImpCasts();
1418 StringRef FormatStrRef;
1419 size_t StrLen;
1420 if (SourceSize &&
1421 ProcessFormatStringLiteral(FormatExpr, FormatStrRef, StrLen, Context)) {
1422 EstimateSizeFormatHandler H(FormatStrRef);
1423 const char *FormatBytes = FormatStrRef.data();
1424 if (!analyze_format_string::ParsePrintfString(
1425 H, beg: FormatBytes, end: FormatBytes + StrLen, LO: getLangOpts(),
1426 Target: Context.getTargetInfo(), /*isFreeBSDKPrintf=*/false)) {
1427 llvm::APSInt FormatSize =
1428 llvm::APSInt::getUnsigned(X: H.getSizeLowerBound())
1429 .extOrTrunc(width: SizeTypeWidth);
1430 if (FormatSize > *SourceSize && *SourceSize != 0) {
1431 unsigned TruncationDiagID =
1432 H.isKernelCompatible() ? diag::warn_format_truncation
1433 : diag::warn_format_truncation_non_kprintf;
1434 SmallString<16> SpecifiedSizeStr;
1435 SmallString<16> FormatSizeStr;
1436 SourceSize->toString(Str&: SpecifiedSizeStr, /*Radix=*/10);
1437 FormatSize.toString(Str&: FormatSizeStr, /*Radix=*/10);
1438 DiagRuntimeBehavior(Loc: TheCall->getBeginLoc(), Statement: TheCall,
1439 PD: PDiag(DiagID: TruncationDiagID)
1440 << GetFunctionName() << SpecifiedSizeStr
1441 << FormatSizeStr);
1442 }
1443 }
1444 }
1445 DestinationSize = ComputeSizeArgument(0);
1446 }
1447 }
1448
1449 if (!SourceSize || !DestinationSize ||
1450 llvm::APSInt::compareValues(I1: *SourceSize, I2: *DestinationSize) <= 0)
1451 return;
1452
1453 std::string FunctionName = GetFunctionName();
1454
1455 SmallString<16> DestinationStr;
1456 SmallString<16> SourceStr;
1457 DestinationSize->toString(Str&: DestinationStr, /*Radix=*/10);
1458 SourceSize->toString(Str&: SourceStr, /*Radix=*/10);
1459 DiagRuntimeBehavior(Loc: TheCall->getBeginLoc(), Statement: TheCall,
1460 PD: PDiag(DiagID)
1461 << FunctionName << DestinationStr << SourceStr);
1462}
1463
1464static bool BuiltinSEHScopeCheck(Sema &SemaRef, CallExpr *TheCall,
1465 Scope::ScopeFlags NeededScopeFlags,
1466 unsigned DiagID) {
1467 // Scopes aren't available during instantiation. Fortunately, builtin
1468 // functions cannot be template args so they cannot be formed through template
1469 // instantiation. Therefore checking once during the parse is sufficient.
1470 if (SemaRef.inTemplateInstantiation())
1471 return false;
1472
1473 Scope *S = SemaRef.getCurScope();
1474 while (S && !S->isSEHExceptScope())
1475 S = S->getParent();
1476 if (!S || !(S->getFlags() & NeededScopeFlags)) {
1477 auto *DRE = cast<DeclRefExpr>(Val: TheCall->getCallee()->IgnoreParenCasts());
1478 SemaRef.Diag(Loc: TheCall->getExprLoc(), DiagID)
1479 << DRE->getDecl()->getIdentifier();
1480 return true;
1481 }
1482
1483 return false;
1484}
1485
1486// In OpenCL, __builtin_alloca_* should return a pointer to address space
1487// that corresponds to the stack address space i.e private address space.
1488static void builtinAllocaAddrSpace(Sema &S, CallExpr *TheCall) {
1489 QualType RT = TheCall->getType();
1490 assert((RT->isPointerType() && !(RT->getPointeeType().hasAddressSpace())) &&
1491 "__builtin_alloca has invalid address space");
1492
1493 RT = RT->getPointeeType();
1494 RT = S.Context.getAddrSpaceQualType(T: RT, AddressSpace: LangAS::opencl_private);
1495 TheCall->setType(S.Context.getPointerType(T: RT));
1496}
1497
1498namespace {
1499enum PointerAuthOpKind {
1500 PAO_Strip,
1501 PAO_Sign,
1502 PAO_Auth,
1503 PAO_SignGeneric,
1504 PAO_Discriminator,
1505 PAO_BlendPointer,
1506 PAO_BlendInteger
1507};
1508}
1509
1510bool Sema::checkPointerAuthEnabled(SourceLocation Loc, SourceRange Range) {
1511 if (getLangOpts().PointerAuthIntrinsics)
1512 return false;
1513
1514 Diag(Loc, DiagID: diag::err_ptrauth_disabled) << Range;
1515 return true;
1516}
1517
1518static bool checkPointerAuthEnabled(Sema &S, Expr *E) {
1519 return S.checkPointerAuthEnabled(Loc: E->getExprLoc(), Range: E->getSourceRange());
1520}
1521
1522static bool checkPointerAuthKey(Sema &S, Expr *&Arg) {
1523 // Convert it to type 'int'.
1524 if (convertArgumentToType(S, Value&: Arg, Ty: S.Context.IntTy))
1525 return true;
1526
1527 // Value-dependent expressions are okay; wait for template instantiation.
1528 if (Arg->isValueDependent())
1529 return false;
1530
1531 unsigned KeyValue;
1532 return S.checkConstantPointerAuthKey(keyExpr: Arg, key&: KeyValue);
1533}
1534
1535bool Sema::checkConstantPointerAuthKey(Expr *Arg, unsigned &Result) {
1536 // Attempt to constant-evaluate the expression.
1537 std::optional<llvm::APSInt> KeyValue = Arg->getIntegerConstantExpr(Ctx: Context);
1538 if (!KeyValue) {
1539 Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_expr_not_ice)
1540 << 0 << Arg->getSourceRange();
1541 return true;
1542 }
1543
1544 // Ask the target to validate the key parameter.
1545 if (!Context.getTargetInfo().validatePointerAuthKey(value: *KeyValue)) {
1546 llvm::SmallString<32> Value;
1547 {
1548 llvm::raw_svector_ostream Str(Value);
1549 Str << *KeyValue;
1550 }
1551
1552 Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_invalid_key)
1553 << Value << Arg->getSourceRange();
1554 return true;
1555 }
1556
1557 Result = KeyValue->getZExtValue();
1558 return false;
1559}
1560
1561bool Sema::checkPointerAuthDiscriminatorArg(Expr *Arg,
1562 PointerAuthDiscArgKind Kind,
1563 unsigned &IntVal) {
1564 if (!Arg) {
1565 IntVal = 0;
1566 return true;
1567 }
1568
1569 std::optional<llvm::APSInt> Result = Arg->getIntegerConstantExpr(Ctx: Context);
1570 if (!Result) {
1571 Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_arg_not_ice);
1572 return false;
1573 }
1574
1575 unsigned Max;
1576 bool IsAddrDiscArg = false;
1577
1578 switch (Kind) {
1579 case PointerAuthDiscArgKind::Addr:
1580 Max = 1;
1581 IsAddrDiscArg = true;
1582 break;
1583 case PointerAuthDiscArgKind::Extra:
1584 Max = PointerAuthQualifier::MaxDiscriminator;
1585 break;
1586 };
1587
1588 if (*Result < 0 || *Result > Max) {
1589 if (IsAddrDiscArg)
1590 Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_address_discrimination_invalid)
1591 << Result->getExtValue();
1592 else
1593 Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_extra_discriminator_invalid)
1594 << Result->getExtValue() << Max;
1595
1596 return false;
1597 };
1598
1599 IntVal = Result->getZExtValue();
1600 return true;
1601}
1602
1603static std::pair<const ValueDecl *, CharUnits>
1604findConstantBaseAndOffset(Sema &S, Expr *E) {
1605 // Must evaluate as a pointer.
1606 Expr::EvalResult Result;
1607 if (!E->EvaluateAsRValue(Result, Ctx: S.Context) || !Result.Val.isLValue())
1608 return {nullptr, CharUnits()};
1609
1610 const auto *BaseDecl =
1611 Result.Val.getLValueBase().dyn_cast<const ValueDecl *>();
1612 if (!BaseDecl)
1613 return {nullptr, CharUnits()};
1614
1615 return {BaseDecl, Result.Val.getLValueOffset()};
1616}
1617
1618static bool checkPointerAuthValue(Sema &S, Expr *&Arg, PointerAuthOpKind OpKind,
1619 bool RequireConstant = false) {
1620 if (Arg->hasPlaceholderType()) {
1621 ExprResult R = S.CheckPlaceholderExpr(E: Arg);
1622 if (R.isInvalid())
1623 return true;
1624 Arg = R.get();
1625 }
1626
1627 auto AllowsPointer = [](PointerAuthOpKind OpKind) {
1628 return OpKind != PAO_BlendInteger;
1629 };
1630 auto AllowsInteger = [](PointerAuthOpKind OpKind) {
1631 return OpKind == PAO_Discriminator || OpKind == PAO_BlendInteger ||
1632 OpKind == PAO_SignGeneric;
1633 };
1634
1635 // Require the value to have the right range of type.
1636 QualType ExpectedTy;
1637 if (AllowsPointer(OpKind) && Arg->getType()->isPointerType()) {
1638 ExpectedTy = Arg->getType().getUnqualifiedType();
1639 } else if (AllowsPointer(OpKind) && Arg->getType()->isNullPtrType()) {
1640 ExpectedTy = S.Context.VoidPtrTy;
1641 } else if (AllowsInteger(OpKind) &&
1642 Arg->getType()->isIntegralOrUnscopedEnumerationType()) {
1643 ExpectedTy = S.Context.getUIntPtrType();
1644
1645 } else {
1646 // Diagnose the failures.
1647 S.Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_value_bad_type)
1648 << unsigned(OpKind == PAO_Discriminator ? 1
1649 : OpKind == PAO_BlendPointer ? 2
1650 : OpKind == PAO_BlendInteger ? 3
1651 : 0)
1652 << unsigned(AllowsInteger(OpKind) ? (AllowsPointer(OpKind) ? 2 : 1) : 0)
1653 << Arg->getType() << Arg->getSourceRange();
1654 return true;
1655 }
1656
1657 // Convert to that type. This should just be an lvalue-to-rvalue
1658 // conversion.
1659 if (convertArgumentToType(S, Value&: Arg, Ty: ExpectedTy))
1660 return true;
1661
1662 if (!RequireConstant) {
1663 // Warn about null pointers for non-generic sign and auth operations.
1664 if ((OpKind == PAO_Sign || OpKind == PAO_Auth) &&
1665 Arg->isNullPointerConstant(Ctx&: S.Context, NPC: Expr::NPC_ValueDependentIsNull)) {
1666 S.Diag(Loc: Arg->getExprLoc(), DiagID: OpKind == PAO_Sign
1667 ? diag::warn_ptrauth_sign_null_pointer
1668 : diag::warn_ptrauth_auth_null_pointer)
1669 << Arg->getSourceRange();
1670 }
1671
1672 return false;
1673 }
1674
1675 // Perform special checking on the arguments to ptrauth_sign_constant.
1676
1677 // The main argument.
1678 if (OpKind == PAO_Sign) {
1679 // Require the value we're signing to have a special form.
1680 auto [BaseDecl, Offset] = findConstantBaseAndOffset(S, E: Arg);
1681 bool Invalid;
1682
1683 // Must be rooted in a declaration reference.
1684 if (!BaseDecl)
1685 Invalid = true;
1686
1687 // If it's a function declaration, we can't have an offset.
1688 else if (isa<FunctionDecl>(Val: BaseDecl))
1689 Invalid = !Offset.isZero();
1690
1691 // Otherwise we're fine.
1692 else
1693 Invalid = false;
1694
1695 if (Invalid)
1696 S.Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_bad_constant_pointer);
1697 return Invalid;
1698 }
1699
1700 // The discriminator argument.
1701 assert(OpKind == PAO_Discriminator);
1702
1703 // Must be a pointer or integer or blend thereof.
1704 Expr *Pointer = nullptr;
1705 Expr *Integer = nullptr;
1706 if (auto *Call = dyn_cast<CallExpr>(Val: Arg->IgnoreParens())) {
1707 if (Call->getBuiltinCallee() ==
1708 Builtin::BI__builtin_ptrauth_blend_discriminator) {
1709 Pointer = Call->getArg(Arg: 0);
1710 Integer = Call->getArg(Arg: 1);
1711 }
1712 }
1713 if (!Pointer && !Integer) {
1714 if (Arg->getType()->isPointerType())
1715 Pointer = Arg;
1716 else
1717 Integer = Arg;
1718 }
1719
1720 // Check the pointer.
1721 bool Invalid = false;
1722 if (Pointer) {
1723 assert(Pointer->getType()->isPointerType());
1724
1725 // TODO: if we're initializing a global, check that the address is
1726 // somehow related to what we're initializing. This probably will
1727 // never really be feasible and we'll have to catch it at link-time.
1728 auto [BaseDecl, Offset] = findConstantBaseAndOffset(S, E: Pointer);
1729 if (!BaseDecl || !isa<VarDecl>(Val: BaseDecl))
1730 Invalid = true;
1731 }
1732
1733 // Check the integer.
1734 if (Integer) {
1735 assert(Integer->getType()->isIntegerType());
1736 if (!Integer->isEvaluatable(Ctx: S.Context))
1737 Invalid = true;
1738 }
1739
1740 if (Invalid)
1741 S.Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_bad_constant_discriminator);
1742 return Invalid;
1743}
1744
1745static ExprResult PointerAuthStrip(Sema &S, CallExpr *Call) {
1746 if (S.checkArgCount(Call, DesiredArgCount: 2))
1747 return ExprError();
1748 if (checkPointerAuthEnabled(S, E: Call))
1749 return ExprError();
1750 if (checkPointerAuthValue(S, Arg&: Call->getArgs()[0], OpKind: PAO_Strip) ||
1751 checkPointerAuthKey(S, Arg&: Call->getArgs()[1]))
1752 return ExprError();
1753
1754 Call->setType(Call->getArgs()[0]->getType());
1755 return Call;
1756}
1757
1758static ExprResult PointerAuthBlendDiscriminator(Sema &S, CallExpr *Call) {
1759 if (S.checkArgCount(Call, DesiredArgCount: 2))
1760 return ExprError();
1761 if (checkPointerAuthEnabled(S, E: Call))
1762 return ExprError();
1763 if (checkPointerAuthValue(S, Arg&: Call->getArgs()[0], OpKind: PAO_BlendPointer) ||
1764 checkPointerAuthValue(S, Arg&: Call->getArgs()[1], OpKind: PAO_BlendInteger))
1765 return ExprError();
1766
1767 Call->setType(S.Context.getUIntPtrType());
1768 return Call;
1769}
1770
1771static ExprResult PointerAuthSignGenericData(Sema &S, CallExpr *Call) {
1772 if (S.checkArgCount(Call, DesiredArgCount: 2))
1773 return ExprError();
1774 if (checkPointerAuthEnabled(S, E: Call))
1775 return ExprError();
1776 if (checkPointerAuthValue(S, Arg&: Call->getArgs()[0], OpKind: PAO_SignGeneric) ||
1777 checkPointerAuthValue(S, Arg&: Call->getArgs()[1], OpKind: PAO_Discriminator))
1778 return ExprError();
1779
1780 Call->setType(S.Context.getUIntPtrType());
1781 return Call;
1782}
1783
1784static ExprResult PointerAuthSignOrAuth(Sema &S, CallExpr *Call,
1785 PointerAuthOpKind OpKind,
1786 bool RequireConstant) {
1787 if (S.checkArgCount(Call, DesiredArgCount: 3))
1788 return ExprError();
1789 if (checkPointerAuthEnabled(S, E: Call))
1790 return ExprError();
1791 if (checkPointerAuthValue(S, Arg&: Call->getArgs()[0], OpKind, RequireConstant) ||
1792 checkPointerAuthKey(S, Arg&: Call->getArgs()[1]) ||
1793 checkPointerAuthValue(S, Arg&: Call->getArgs()[2], OpKind: PAO_Discriminator,
1794 RequireConstant))
1795 return ExprError();
1796
1797 Call->setType(Call->getArgs()[0]->getType());
1798 return Call;
1799}
1800
1801static ExprResult PointerAuthAuthAndResign(Sema &S, CallExpr *Call) {
1802 if (S.checkArgCount(Call, DesiredArgCount: 5))
1803 return ExprError();
1804 if (checkPointerAuthEnabled(S, E: Call))
1805 return ExprError();
1806 if (checkPointerAuthValue(S, Arg&: Call->getArgs()[0], OpKind: PAO_Auth) ||
1807 checkPointerAuthKey(S, Arg&: Call->getArgs()[1]) ||
1808 checkPointerAuthValue(S, Arg&: Call->getArgs()[2], OpKind: PAO_Discriminator) ||
1809 checkPointerAuthKey(S, Arg&: Call->getArgs()[3]) ||
1810 checkPointerAuthValue(S, Arg&: Call->getArgs()[4], OpKind: PAO_Discriminator))
1811 return ExprError();
1812
1813 Call->setType(Call->getArgs()[0]->getType());
1814 return Call;
1815}
1816
1817static ExprResult PointerAuthStringDiscriminator(Sema &S, CallExpr *Call) {
1818 if (checkPointerAuthEnabled(S, E: Call))
1819 return ExprError();
1820
1821 // We've already performed normal call type-checking.
1822 const Expr *Arg = Call->getArg(Arg: 0)->IgnoreParenImpCasts();
1823
1824 // Operand must be an ordinary or UTF-8 string literal.
1825 const auto *Literal = dyn_cast<StringLiteral>(Val: Arg);
1826 if (!Literal || Literal->getCharByteWidth() != 1) {
1827 S.Diag(Loc: Arg->getExprLoc(), DiagID: diag::err_ptrauth_string_not_literal)
1828 << (Literal ? 1 : 0) << Arg->getSourceRange();
1829 return ExprError();
1830 }
1831
1832 return Call;
1833}
1834
1835static ExprResult GetVTablePointer(Sema &S, CallExpr *Call) {
1836 if (S.checkArgCount(Call, DesiredArgCount: 1))
1837 return ExprError();
1838 Expr *FirstArg = Call->getArg(Arg: 0);
1839 ExprResult FirstValue = S.DefaultFunctionArrayLvalueConversion(E: FirstArg);
1840 if (FirstValue.isInvalid())
1841 return ExprError();
1842 Call->setArg(Arg: 0, ArgExpr: FirstValue.get());
1843 QualType FirstArgType = FirstArg->getType();
1844 if (FirstArgType->canDecayToPointerType() && FirstArgType->isArrayType())
1845 FirstArgType = S.Context.getDecayedType(T: FirstArgType);
1846
1847 const CXXRecordDecl *FirstArgRecord = FirstArgType->getPointeeCXXRecordDecl();
1848 if (!FirstArgRecord) {
1849 S.Diag(Loc: FirstArg->getBeginLoc(), DiagID: diag::err_get_vtable_pointer_incorrect_type)
1850 << /*isPolymorphic=*/0 << FirstArgType;
1851 return ExprError();
1852 }
1853 if (S.RequireCompleteType(
1854 Loc: FirstArg->getBeginLoc(), T: FirstArgType->getPointeeType(),
1855 DiagID: diag::err_get_vtable_pointer_requires_complete_type)) {
1856 return ExprError();
1857 }
1858
1859 if (!FirstArgRecord->isPolymorphic()) {
1860 S.Diag(Loc: FirstArg->getBeginLoc(), DiagID: diag::err_get_vtable_pointer_incorrect_type)
1861 << /*isPolymorphic=*/1 << FirstArgRecord;
1862 return ExprError();
1863 }
1864 QualType ReturnType = S.Context.getPointerType(T: S.Context.VoidTy.withConst());
1865 Call->setType(ReturnType);
1866 return Call;
1867}
1868
1869static ExprResult BuiltinLaunder(Sema &S, CallExpr *TheCall) {
1870 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 1))
1871 return ExprError();
1872
1873 // Compute __builtin_launder's parameter type from the argument.
1874 // The parameter type is:
1875 // * The type of the argument if it's not an array or function type,
1876 // Otherwise,
1877 // * The decayed argument type.
1878 QualType ParamTy = [&]() {
1879 QualType ArgTy = TheCall->getArg(Arg: 0)->getType();
1880 if (const ArrayType *Ty = ArgTy->getAsArrayTypeUnsafe())
1881 return S.Context.getPointerType(T: Ty->getElementType());
1882 if (ArgTy->isFunctionType()) {
1883 return S.Context.getPointerType(T: ArgTy);
1884 }
1885 return ArgTy;
1886 }();
1887
1888 TheCall->setType(ParamTy);
1889
1890 auto DiagSelect = [&]() -> std::optional<unsigned> {
1891 if (!ParamTy->isPointerType())
1892 return 0;
1893 if (ParamTy->isFunctionPointerType())
1894 return 1;
1895 if (ParamTy->isVoidPointerType())
1896 return 2;
1897 return std::optional<unsigned>{};
1898 }();
1899 if (DiagSelect) {
1900 S.Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_launder_invalid_arg)
1901 << *DiagSelect << TheCall->getSourceRange();
1902 return ExprError();
1903 }
1904
1905 // We either have an incomplete class type, or we have a class template
1906 // whose instantiation has not been forced. Example:
1907 //
1908 // template <class T> struct Foo { T value; };
1909 // Foo<int> *p = nullptr;
1910 // auto *d = __builtin_launder(p);
1911 if (S.RequireCompleteType(Loc: TheCall->getBeginLoc(), T: ParamTy->getPointeeType(),
1912 DiagID: diag::err_incomplete_type))
1913 return ExprError();
1914
1915 assert(ParamTy->getPointeeType()->isObjectType() &&
1916 "Unhandled non-object pointer case");
1917
1918 InitializedEntity Entity =
1919 InitializedEntity::InitializeParameter(Context&: S.Context, Type: ParamTy, Consumed: false);
1920 ExprResult Arg =
1921 S.PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: TheCall->getArg(Arg: 0));
1922 if (Arg.isInvalid())
1923 return ExprError();
1924 TheCall->setArg(Arg: 0, ArgExpr: Arg.get());
1925
1926 return TheCall;
1927}
1928
1929static ExprResult BuiltinIsWithinLifetime(Sema &S, CallExpr *TheCall) {
1930 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 1))
1931 return ExprError();
1932
1933 ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(E: TheCall->getArg(Arg: 0));
1934 if (Arg.isInvalid())
1935 return ExprError();
1936 QualType ParamTy = Arg.get()->getType();
1937 TheCall->setArg(Arg: 0, ArgExpr: Arg.get());
1938 TheCall->setType(S.Context.BoolTy);
1939
1940 // Only accept pointers to objects as arguments, which should have object
1941 // pointer or void pointer types.
1942 if (const auto *PT = ParamTy->getAs<PointerType>()) {
1943 // LWG4138: Function pointer types not allowed
1944 if (PT->getPointeeType()->isFunctionType()) {
1945 S.Diag(Loc: TheCall->getArg(Arg: 0)->getExprLoc(),
1946 DiagID: diag::err_builtin_is_within_lifetime_invalid_arg)
1947 << 1;
1948 return ExprError();
1949 }
1950 // Disallow VLAs too since those shouldn't be able to
1951 // be a template parameter for `std::is_within_lifetime`
1952 if (PT->getPointeeType()->isVariableArrayType()) {
1953 S.Diag(Loc: TheCall->getArg(Arg: 0)->getExprLoc(), DiagID: diag::err_vla_unsupported)
1954 << 1 << "__builtin_is_within_lifetime";
1955 return ExprError();
1956 }
1957 } else {
1958 S.Diag(Loc: TheCall->getArg(Arg: 0)->getExprLoc(),
1959 DiagID: diag::err_builtin_is_within_lifetime_invalid_arg)
1960 << 0;
1961 return ExprError();
1962 }
1963 return TheCall;
1964}
1965
1966static ExprResult BuiltinTriviallyRelocate(Sema &S, CallExpr *TheCall) {
1967 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 3))
1968 return ExprError();
1969
1970 QualType Dest = TheCall->getArg(Arg: 0)->getType();
1971 if (!Dest->isPointerType() || Dest.getCVRQualifiers() != 0) {
1972 S.Diag(Loc: TheCall->getArg(Arg: 0)->getExprLoc(),
1973 DiagID: diag::err_builtin_trivially_relocate_invalid_arg_type)
1974 << /*a pointer*/ 0;
1975 return ExprError();
1976 }
1977
1978 QualType T = Dest->getPointeeType();
1979 if (S.RequireCompleteType(Loc: TheCall->getBeginLoc(), T,
1980 DiagID: diag::err_incomplete_type))
1981 return ExprError();
1982
1983 if (T.isConstQualified() || !S.IsCXXTriviallyRelocatableType(T) ||
1984 T->isIncompleteArrayType()) {
1985 S.Diag(Loc: TheCall->getArg(Arg: 0)->getExprLoc(),
1986 DiagID: diag::err_builtin_trivially_relocate_invalid_arg_type)
1987 << (T.isConstQualified() ? /*non-const*/ 1 : /*relocatable*/ 2);
1988 return ExprError();
1989 }
1990
1991 TheCall->setType(Dest);
1992
1993 QualType Src = TheCall->getArg(Arg: 1)->getType();
1994 if (Src.getCanonicalType() != Dest.getCanonicalType()) {
1995 S.Diag(Loc: TheCall->getArg(Arg: 1)->getExprLoc(),
1996 DiagID: diag::err_builtin_trivially_relocate_invalid_arg_type)
1997 << /*the same*/ 3;
1998 return ExprError();
1999 }
2000
2001 Expr *SizeExpr = TheCall->getArg(Arg: 2);
2002 ExprResult Size = S.DefaultLvalueConversion(E: SizeExpr);
2003 if (Size.isInvalid())
2004 return ExprError();
2005
2006 Size = S.tryConvertExprToType(E: Size.get(), Ty: S.getASTContext().getSizeType());
2007 if (Size.isInvalid())
2008 return ExprError();
2009 SizeExpr = Size.get();
2010 TheCall->setArg(Arg: 2, ArgExpr: SizeExpr);
2011
2012 return TheCall;
2013}
2014
2015// Emit an error and return true if the current object format type is in the
2016// list of unsupported types.
2017static bool CheckBuiltinTargetNotInUnsupported(
2018 Sema &S, unsigned BuiltinID, CallExpr *TheCall,
2019 ArrayRef<llvm::Triple::ObjectFormatType> UnsupportedObjectFormatTypes) {
2020 llvm::Triple::ObjectFormatType CurObjFormat =
2021 S.getASTContext().getTargetInfo().getTriple().getObjectFormat();
2022 if (llvm::is_contained(Range&: UnsupportedObjectFormatTypes, Element: CurObjFormat)) {
2023 S.Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_target_unsupported)
2024 << TheCall->getSourceRange();
2025 return true;
2026 }
2027 return false;
2028}
2029
2030// Emit an error and return true if the current architecture is not in the list
2031// of supported architectures.
2032static bool
2033CheckBuiltinTargetInSupported(Sema &S, CallExpr *TheCall,
2034 ArrayRef<llvm::Triple::ArchType> SupportedArchs) {
2035 llvm::Triple::ArchType CurArch =
2036 S.getASTContext().getTargetInfo().getTriple().getArch();
2037 if (llvm::is_contained(Range&: SupportedArchs, Element: CurArch))
2038 return false;
2039 S.Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_target_unsupported)
2040 << TheCall->getSourceRange();
2041 return true;
2042}
2043
2044static void CheckNonNullArgument(Sema &S, const Expr *ArgExpr,
2045 SourceLocation CallSiteLoc);
2046
2047bool Sema::CheckTSBuiltinFunctionCall(const TargetInfo &TI, unsigned BuiltinID,
2048 CallExpr *TheCall) {
2049 switch (TI.getTriple().getArch()) {
2050 default:
2051 // Some builtins don't require additional checking, so just consider these
2052 // acceptable.
2053 return false;
2054 case llvm::Triple::arm:
2055 case llvm::Triple::armeb:
2056 case llvm::Triple::thumb:
2057 case llvm::Triple::thumbeb:
2058 return ARM().CheckARMBuiltinFunctionCall(TI, BuiltinID, TheCall);
2059 case llvm::Triple::aarch64:
2060 case llvm::Triple::aarch64_32:
2061 case llvm::Triple::aarch64_be:
2062 return ARM().CheckAArch64BuiltinFunctionCall(TI, BuiltinID, TheCall);
2063 case llvm::Triple::bpfeb:
2064 case llvm::Triple::bpfel:
2065 return BPF().CheckBPFBuiltinFunctionCall(BuiltinID, TheCall);
2066 case llvm::Triple::dxil:
2067 return DirectX().CheckDirectXBuiltinFunctionCall(BuiltinID, TheCall);
2068 case llvm::Triple::hexagon:
2069 return Hexagon().CheckHexagonBuiltinFunctionCall(BuiltinID, TheCall);
2070 case llvm::Triple::mips:
2071 case llvm::Triple::mipsel:
2072 case llvm::Triple::mips64:
2073 case llvm::Triple::mips64el:
2074 return MIPS().CheckMipsBuiltinFunctionCall(TI, BuiltinID, TheCall);
2075 case llvm::Triple::spirv:
2076 case llvm::Triple::spirv32:
2077 case llvm::Triple::spirv64:
2078 if (TI.getTriple().getOS() != llvm::Triple::OSType::AMDHSA)
2079 return SPIRV().CheckSPIRVBuiltinFunctionCall(TI, BuiltinID, TheCall);
2080 return false;
2081 case llvm::Triple::systemz:
2082 return SystemZ().CheckSystemZBuiltinFunctionCall(BuiltinID, TheCall);
2083 case llvm::Triple::x86:
2084 case llvm::Triple::x86_64:
2085 return X86().CheckBuiltinFunctionCall(TI, BuiltinID, TheCall);
2086 case llvm::Triple::ppc:
2087 case llvm::Triple::ppcle:
2088 case llvm::Triple::ppc64:
2089 case llvm::Triple::ppc64le:
2090 return PPC().CheckPPCBuiltinFunctionCall(TI, BuiltinID, TheCall);
2091 case llvm::Triple::amdgcn:
2092 return AMDGPU().CheckAMDGCNBuiltinFunctionCall(BuiltinID, TheCall);
2093 case llvm::Triple::riscv32:
2094 case llvm::Triple::riscv64:
2095 return RISCV().CheckBuiltinFunctionCall(TI, BuiltinID, TheCall);
2096 case llvm::Triple::loongarch32:
2097 case llvm::Triple::loongarch64:
2098 return LoongArch().CheckLoongArchBuiltinFunctionCall(TI, BuiltinID,
2099 TheCall);
2100 case llvm::Triple::wasm32:
2101 case llvm::Triple::wasm64:
2102 return Wasm().CheckWebAssemblyBuiltinFunctionCall(TI, BuiltinID, TheCall);
2103 case llvm::Triple::nvptx:
2104 case llvm::Triple::nvptx64:
2105 return NVPTX().CheckNVPTXBuiltinFunctionCall(TI, BuiltinID, TheCall);
2106 }
2107}
2108
2109// Check if \p Ty is a valid type for the elementwise math builtins. If it is
2110// not a valid type, emit an error message and return true. Otherwise return
2111// false.
2112static bool
2113checkMathBuiltinElementType(Sema &S, SourceLocation Loc, QualType ArgTy,
2114 Sema::EltwiseBuiltinArgTyRestriction ArgTyRestr,
2115 int ArgOrdinal) {
2116 QualType EltTy = ArgTy;
2117 if (auto *VecTy = EltTy->getAs<VectorType>())
2118 EltTy = VecTy->getElementType();
2119
2120 switch (ArgTyRestr) {
2121 case Sema::EltwiseBuiltinArgTyRestriction::None:
2122 if (!ArgTy->getAs<VectorType>() &&
2123 !ConstantMatrixType::isValidElementType(T: ArgTy)) {
2124 return S.Diag(Loc, DiagID: diag::err_builtin_invalid_arg_type)
2125 << ArgOrdinal << /* vector */ 2 << /* integer */ 1 << /* fp */ 1
2126 << ArgTy;
2127 }
2128 break;
2129 case Sema::EltwiseBuiltinArgTyRestriction::FloatTy:
2130 if (!EltTy->isRealFloatingType()) {
2131 return S.Diag(Loc, DiagID: diag::err_builtin_invalid_arg_type)
2132 << ArgOrdinal << /* scalar or vector */ 5 << /* no int */ 0
2133 << /* floating-point */ 1 << ArgTy;
2134 }
2135 break;
2136 case Sema::EltwiseBuiltinArgTyRestriction::IntegerTy:
2137 if (!EltTy->isIntegerType()) {
2138 return S.Diag(Loc, DiagID: diag::err_builtin_invalid_arg_type)
2139 << ArgOrdinal << /* scalar or vector */ 5 << /* integer */ 1
2140 << /* no fp */ 0 << ArgTy;
2141 }
2142 break;
2143 case Sema::EltwiseBuiltinArgTyRestriction::SignedIntOrFloatTy:
2144 if (EltTy->isUnsignedIntegerType()) {
2145 return S.Diag(Loc, DiagID: diag::err_builtin_invalid_arg_type)
2146 << 1 << /* scalar or vector */ 5 << /* signed int */ 2
2147 << /* or fp */ 1 << ArgTy;
2148 }
2149 break;
2150 }
2151
2152 return false;
2153}
2154
2155/// BuiltinCpu{Supports|Is} - Handle __builtin_cpu_{supports|is}(char *).
2156/// This checks that the target supports the builtin and that the string
2157/// argument is constant and valid.
2158static bool BuiltinCpu(Sema &S, const TargetInfo &TI, CallExpr *TheCall,
2159 const TargetInfo *AuxTI, unsigned BuiltinID) {
2160 assert((BuiltinID == Builtin::BI__builtin_cpu_supports ||
2161 BuiltinID == Builtin::BI__builtin_cpu_is) &&
2162 "Expecting __builtin_cpu_...");
2163
2164 bool IsCPUSupports = BuiltinID == Builtin::BI__builtin_cpu_supports;
2165 const TargetInfo *TheTI = &TI;
2166 auto SupportsBI = [=](const TargetInfo *TInfo) {
2167 return TInfo && ((IsCPUSupports && TInfo->supportsCpuSupports()) ||
2168 (!IsCPUSupports && TInfo->supportsCpuIs()));
2169 };
2170 if (!SupportsBI(&TI) && SupportsBI(AuxTI))
2171 TheTI = AuxTI;
2172
2173 if ((!IsCPUSupports && !TheTI->supportsCpuIs()) ||
2174 (IsCPUSupports && !TheTI->supportsCpuSupports()))
2175 return S.Diag(Loc: TheCall->getBeginLoc(),
2176 DiagID: TI.getTriple().isOSAIX()
2177 ? diag::err_builtin_aix_os_unsupported
2178 : diag::err_builtin_target_unsupported)
2179 << SourceRange(TheCall->getBeginLoc(), TheCall->getEndLoc());
2180
2181 Expr *Arg = TheCall->getArg(Arg: 0)->IgnoreParenImpCasts();
2182 // Check if the argument is a string literal.
2183 if (!isa<StringLiteral>(Val: Arg))
2184 return S.Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_expr_not_string_literal)
2185 << Arg->getSourceRange();
2186
2187 // Check the contents of the string.
2188 StringRef Feature = cast<StringLiteral>(Val: Arg)->getString();
2189 if (IsCPUSupports && !TheTI->validateCpuSupports(Name: Feature)) {
2190 S.Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_invalid_cpu_supports)
2191 << Arg->getSourceRange();
2192 return false;
2193 }
2194 if (!IsCPUSupports && !TheTI->validateCpuIs(Name: Feature))
2195 return S.Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_invalid_cpu_is)
2196 << Arg->getSourceRange();
2197 return false;
2198}
2199
2200/// Checks that __builtin_popcountg was called with a single argument, which is
2201/// an unsigned integer.
2202static bool BuiltinPopcountg(Sema &S, CallExpr *TheCall) {
2203 if (S.checkArgCount(Call: TheCall, DesiredArgCount: 1))
2204 return true;
2205
2206 ExprResult ArgRes = S.DefaultLvalueConversion(E: TheCall->getArg(Arg: 0));
2207 if (ArgRes.isInvalid())
2208 return true;
2209
2210 Expr *Arg = ArgRes.get();
2211 TheCall->setArg(Arg: 0, ArgExpr: Arg);
2212
2213 QualType ArgTy = Arg->getType();
2214
2215 if (!ArgTy->isUnsignedIntegerType()) {
2216 S.Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
2217 << 1 << /* scalar */ 1 << /* unsigned integer ty */ 3 << /* no fp */ 0
2218 << ArgTy;
2219 return true;
2220 }
2221 return false;
2222}
2223
2224/// Checks that __builtin_{clzg,ctzg} was called with a first argument, which is
2225/// an unsigned integer, and an optional second argument, which is promoted to
2226/// an 'int'.
2227static bool BuiltinCountZeroBitsGeneric(Sema &S, CallExpr *TheCall) {
2228 if (S.checkArgCountRange(Call: TheCall, MinArgCount: 1, MaxArgCount: 2))
2229 return true;
2230
2231 ExprResult Arg0Res = S.DefaultLvalueConversion(E: TheCall->getArg(Arg: 0));
2232 if (Arg0Res.isInvalid())
2233 return true;
2234
2235 Expr *Arg0 = Arg0Res.get();
2236 TheCall->setArg(Arg: 0, ArgExpr: Arg0);
2237
2238 QualType Arg0Ty = Arg0->getType();
2239
2240 if (!Arg0Ty->isUnsignedIntegerType()) {
2241 S.Diag(Loc: Arg0->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
2242 << 1 << /* scalar */ 1 << /* unsigned integer ty */ 3 << /* no fp */ 0
2243 << Arg0Ty;
2244 return true;
2245 }
2246
2247 if (TheCall->getNumArgs() > 1) {
2248 ExprResult Arg1Res = S.UsualUnaryConversions(E: TheCall->getArg(Arg: 1));
2249 if (Arg1Res.isInvalid())
2250 return true;
2251
2252 Expr *Arg1 = Arg1Res.get();
2253 TheCall->setArg(Arg: 1, ArgExpr: Arg1);
2254
2255 QualType Arg1Ty = Arg1->getType();
2256
2257 if (!Arg1Ty->isSpecificBuiltinType(K: BuiltinType::Int)) {
2258 S.Diag(Loc: Arg1->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
2259 << 2 << /* scalar */ 1 << /* 'int' ty */ 4 << /* no fp */ 0 << Arg1Ty;
2260 return true;
2261 }
2262 }
2263
2264 return false;
2265}
2266
2267static ExprResult BuiltinInvoke(Sema &S, CallExpr *TheCall) {
2268 SourceLocation Loc = TheCall->getBeginLoc();
2269 MutableArrayRef Args(TheCall->getArgs(), TheCall->getNumArgs());
2270 assert(llvm::none_of(Args, [](Expr *Arg) { return Arg->isTypeDependent(); }));
2271
2272 if (Args.size() == 0) {
2273 S.Diag(Loc: TheCall->getBeginLoc(),
2274 DiagID: diag::err_typecheck_call_too_few_args_at_least)
2275 << /*callee_type=*/0 << /*min_arg_count=*/1 << /*actual_arg_count=*/0
2276 << /*is_non_object=*/0 << TheCall->getSourceRange();
2277 return ExprError();
2278 }
2279
2280 QualType FuncT = Args[0]->getType();
2281
2282 if (const auto *MPT = FuncT->getAs<MemberPointerType>()) {
2283 if (Args.size() < 2) {
2284 S.Diag(Loc: TheCall->getBeginLoc(),
2285 DiagID: diag::err_typecheck_call_too_few_args_at_least)
2286 << /*callee_type=*/0 << /*min_arg_count=*/2 << /*actual_arg_count=*/1
2287 << /*is_non_object=*/0 << TheCall->getSourceRange();
2288 return ExprError();
2289 }
2290
2291 const Type *MemPtrClass = MPT->getQualifier()->getAsType();
2292 QualType ObjectT = Args[1]->getType();
2293
2294 if (MPT->isMemberDataPointer() && S.checkArgCount(Call: TheCall, DesiredArgCount: 2))
2295 return ExprError();
2296
2297 ExprResult ObjectArg = [&]() -> ExprResult {
2298 // (1.1): (t1.*f)(t2, ..., tN) when f is a pointer to a member function of
2299 // a class T and is_same_v<T, remove_cvref_t<decltype(t1)>> ||
2300 // is_base_of_v<T, remove_cvref_t<decltype(t1)>> is true;
2301 // (1.4): t1.*f when N=1 and f is a pointer to data member of a class T
2302 // and is_same_v<T, remove_cvref_t<decltype(t1)>> ||
2303 // is_base_of_v<T, remove_cvref_t<decltype(t1)>> is true;
2304 if (S.Context.hasSameType(T1: QualType(MemPtrClass, 0),
2305 T2: S.BuiltinRemoveCVRef(BaseType: ObjectT, Loc)) ||
2306 S.BuiltinIsBaseOf(RhsTLoc: Args[1]->getBeginLoc(), LhsT: QualType(MemPtrClass, 0),
2307 RhsT: S.BuiltinRemoveCVRef(BaseType: ObjectT, Loc))) {
2308 return Args[1];
2309 }
2310
2311 // (t1.get().*f)(t2, ..., tN) when f is a pointer to a member function of
2312 // a class T and remove_cvref_t<decltype(t1)> is a specialization of
2313 // reference_wrapper;
2314 if (const auto *RD = ObjectT->getAsCXXRecordDecl()) {
2315 if (RD->isInStdNamespace() &&
2316 RD->getDeclName().getAsString() == "reference_wrapper") {
2317 CXXScopeSpec SS;
2318 IdentifierInfo *GetName = &S.Context.Idents.get(Name: "get");
2319 UnqualifiedId GetID;
2320 GetID.setIdentifier(Id: GetName, IdLoc: Loc);
2321
2322 ExprResult MemExpr = S.ActOnMemberAccessExpr(
2323 S: S.getCurScope(), Base: Args[1], OpLoc: Loc, OpKind: tok::period, SS,
2324 /*TemplateKWLoc=*/SourceLocation(), Member&: GetID, ObjCImpDecl: nullptr);
2325
2326 if (MemExpr.isInvalid())
2327 return ExprError();
2328
2329 return S.ActOnCallExpr(S: S.getCurScope(), Fn: MemExpr.get(), LParenLoc: Loc, ArgExprs: {}, RParenLoc: Loc);
2330 }
2331 }
2332
2333 // ((*t1).*f)(t2, ..., tN) when f is a pointer to a member function of a
2334 // class T and t1 does not satisfy the previous two items;
2335
2336 return S.ActOnUnaryOp(S: S.getCurScope(), OpLoc: Loc, Op: tok::star, Input: Args[1]);
2337 }();
2338
2339 if (ObjectArg.isInvalid())
2340 return ExprError();
2341
2342 ExprResult BinOp = S.ActOnBinOp(S: S.getCurScope(), TokLoc: TheCall->getBeginLoc(),
2343 Kind: tok::periodstar, LHSExpr: ObjectArg.get(), RHSExpr: Args[0]);
2344 if (BinOp.isInvalid())
2345 return ExprError();
2346
2347 if (MPT->isMemberDataPointer())
2348 return BinOp;
2349
2350 auto *MemCall = new (S.Context)
2351 ParenExpr(SourceLocation(), SourceLocation(), BinOp.get());
2352
2353 return S.ActOnCallExpr(S: S.getCurScope(), Fn: MemCall, LParenLoc: TheCall->getBeginLoc(),
2354 ArgExprs: Args.drop_front(N: 2), RParenLoc: TheCall->getRParenLoc());
2355 }
2356 return S.ActOnCallExpr(S: S.getCurScope(), Fn: Args.front(), LParenLoc: TheCall->getBeginLoc(),
2357 ArgExprs: Args.drop_front(), RParenLoc: TheCall->getRParenLoc());
2358}
2359
2360ExprResult
2361Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,
2362 CallExpr *TheCall) {
2363 ExprResult TheCallResult(TheCall);
2364
2365 // Find out if any arguments are required to be integer constant expressions.
2366 unsigned ICEArguments = 0;
2367 ASTContext::GetBuiltinTypeError Error;
2368 Context.GetBuiltinType(ID: BuiltinID, Error, IntegerConstantArgs: &ICEArguments);
2369 if (Error != ASTContext::GE_None)
2370 ICEArguments = 0; // Don't diagnose previously diagnosed errors.
2371
2372 // If any arguments are required to be ICE's, check and diagnose.
2373 for (unsigned ArgNo = 0; ICEArguments != 0; ++ArgNo) {
2374 // Skip arguments not required to be ICE's.
2375 if ((ICEArguments & (1 << ArgNo)) == 0) continue;
2376
2377 llvm::APSInt Result;
2378 // If we don't have enough arguments, continue so we can issue better
2379 // diagnostic in checkArgCount(...)
2380 if (ArgNo < TheCall->getNumArgs() &&
2381 BuiltinConstantArg(TheCall, ArgNum: ArgNo, Result))
2382 return true;
2383 ICEArguments &= ~(1 << ArgNo);
2384 }
2385
2386 FPOptions FPO;
2387 switch (BuiltinID) {
2388 case Builtin::BI__builtin_cpu_supports:
2389 case Builtin::BI__builtin_cpu_is:
2390 if (BuiltinCpu(S&: *this, TI: Context.getTargetInfo(), TheCall,
2391 AuxTI: Context.getAuxTargetInfo(), BuiltinID))
2392 return ExprError();
2393 break;
2394 case Builtin::BI__builtin_cpu_init:
2395 if (!Context.getTargetInfo().supportsCpuInit()) {
2396 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_target_unsupported)
2397 << SourceRange(TheCall->getBeginLoc(), TheCall->getEndLoc());
2398 return ExprError();
2399 }
2400 break;
2401 case Builtin::BI__builtin___CFStringMakeConstantString:
2402 // CFStringMakeConstantString is currently not implemented for GOFF (i.e.,
2403 // on z/OS) and for XCOFF (i.e., on AIX). Emit unsupported
2404 if (CheckBuiltinTargetNotInUnsupported(
2405 S&: *this, BuiltinID, TheCall,
2406 UnsupportedObjectFormatTypes: {llvm::Triple::GOFF, llvm::Triple::XCOFF}))
2407 return ExprError();
2408 assert(TheCall->getNumArgs() == 1 &&
2409 "Wrong # arguments to builtin CFStringMakeConstantString");
2410 if (ObjC().CheckObjCString(Arg: TheCall->getArg(Arg: 0)))
2411 return ExprError();
2412 break;
2413 case Builtin::BI__builtin_ms_va_start:
2414 case Builtin::BI__builtin_stdarg_start:
2415 case Builtin::BI__builtin_va_start:
2416 case Builtin::BI__builtin_c23_va_start:
2417 if (BuiltinVAStart(BuiltinID, TheCall))
2418 return ExprError();
2419 break;
2420 case Builtin::BI__va_start: {
2421 switch (Context.getTargetInfo().getTriple().getArch()) {
2422 case llvm::Triple::aarch64:
2423 case llvm::Triple::arm:
2424 case llvm::Triple::thumb:
2425 if (BuiltinVAStartARMMicrosoft(Call: TheCall))
2426 return ExprError();
2427 break;
2428 default:
2429 if (BuiltinVAStart(BuiltinID, TheCall))
2430 return ExprError();
2431 break;
2432 }
2433 break;
2434 }
2435
2436 // The acquire, release, and no fence variants are ARM and AArch64 only.
2437 case Builtin::BI_interlockedbittestandset_acq:
2438 case Builtin::BI_interlockedbittestandset_rel:
2439 case Builtin::BI_interlockedbittestandset_nf:
2440 case Builtin::BI_interlockedbittestandreset_acq:
2441 case Builtin::BI_interlockedbittestandreset_rel:
2442 case Builtin::BI_interlockedbittestandreset_nf:
2443 if (CheckBuiltinTargetInSupported(
2444 S&: *this, TheCall,
2445 SupportedArchs: {llvm::Triple::arm, llvm::Triple::thumb, llvm::Triple::aarch64}))
2446 return ExprError();
2447 break;
2448
2449 // The 64-bit bittest variants are x64, ARM, and AArch64 only.
2450 case Builtin::BI_bittest64:
2451 case Builtin::BI_bittestandcomplement64:
2452 case Builtin::BI_bittestandreset64:
2453 case Builtin::BI_bittestandset64:
2454 case Builtin::BI_interlockedbittestandreset64:
2455 case Builtin::BI_interlockedbittestandset64:
2456 if (CheckBuiltinTargetInSupported(
2457 S&: *this, TheCall,
2458 SupportedArchs: {llvm::Triple::x86_64, llvm::Triple::arm, llvm::Triple::thumb,
2459 llvm::Triple::aarch64, llvm::Triple::amdgcn}))
2460 return ExprError();
2461 break;
2462
2463 // The 64-bit acquire, release, and no fence variants are AArch64 only.
2464 case Builtin::BI_interlockedbittestandreset64_acq:
2465 case Builtin::BI_interlockedbittestandreset64_rel:
2466 case Builtin::BI_interlockedbittestandreset64_nf:
2467 case Builtin::BI_interlockedbittestandset64_acq:
2468 case Builtin::BI_interlockedbittestandset64_rel:
2469 case Builtin::BI_interlockedbittestandset64_nf:
2470 if (CheckBuiltinTargetInSupported(S&: *this, TheCall, SupportedArchs: {llvm::Triple::aarch64}))
2471 return ExprError();
2472 break;
2473
2474 case Builtin::BI__builtin_set_flt_rounds:
2475 if (CheckBuiltinTargetInSupported(
2476 S&: *this, TheCall,
2477 SupportedArchs: {llvm::Triple::x86, llvm::Triple::x86_64, llvm::Triple::arm,
2478 llvm::Triple::thumb, llvm::Triple::aarch64, llvm::Triple::amdgcn,
2479 llvm::Triple::ppc, llvm::Triple::ppc64, llvm::Triple::ppcle,
2480 llvm::Triple::ppc64le}))
2481 return ExprError();
2482 break;
2483
2484 case Builtin::BI__builtin_isgreater:
2485 case Builtin::BI__builtin_isgreaterequal:
2486 case Builtin::BI__builtin_isless:
2487 case Builtin::BI__builtin_islessequal:
2488 case Builtin::BI__builtin_islessgreater:
2489 case Builtin::BI__builtin_isunordered:
2490 if (BuiltinUnorderedCompare(TheCall, BuiltinID))
2491 return ExprError();
2492 break;
2493 case Builtin::BI__builtin_fpclassify:
2494 if (BuiltinFPClassification(TheCall, NumArgs: 6, BuiltinID))
2495 return ExprError();
2496 break;
2497 case Builtin::BI__builtin_isfpclass:
2498 if (BuiltinFPClassification(TheCall, NumArgs: 2, BuiltinID))
2499 return ExprError();
2500 break;
2501 case Builtin::BI__builtin_isfinite:
2502 case Builtin::BI__builtin_isinf:
2503 case Builtin::BI__builtin_isinf_sign:
2504 case Builtin::BI__builtin_isnan:
2505 case Builtin::BI__builtin_issignaling:
2506 case Builtin::BI__builtin_isnormal:
2507 case Builtin::BI__builtin_issubnormal:
2508 case Builtin::BI__builtin_iszero:
2509 case Builtin::BI__builtin_signbit:
2510 case Builtin::BI__builtin_signbitf:
2511 case Builtin::BI__builtin_signbitl:
2512 if (BuiltinFPClassification(TheCall, NumArgs: 1, BuiltinID))
2513 return ExprError();
2514 break;
2515 case Builtin::BI__builtin_shufflevector:
2516 return BuiltinShuffleVector(TheCall);
2517 // TheCall will be freed by the smart pointer here, but that's fine, since
2518 // BuiltinShuffleVector guts it, but then doesn't release it.
2519 case Builtin::BI__builtin_invoke:
2520 return BuiltinInvoke(S&: *this, TheCall);
2521 case Builtin::BI__builtin_prefetch:
2522 if (BuiltinPrefetch(TheCall))
2523 return ExprError();
2524 break;
2525 case Builtin::BI__builtin_alloca_with_align:
2526 case Builtin::BI__builtin_alloca_with_align_uninitialized:
2527 if (BuiltinAllocaWithAlign(TheCall))
2528 return ExprError();
2529 [[fallthrough]];
2530 case Builtin::BI__builtin_alloca:
2531 case Builtin::BI__builtin_alloca_uninitialized:
2532 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_alloca)
2533 << TheCall->getDirectCallee();
2534 if (getLangOpts().OpenCL) {
2535 builtinAllocaAddrSpace(S&: *this, TheCall);
2536 }
2537 break;
2538 case Builtin::BI__arithmetic_fence:
2539 if (BuiltinArithmeticFence(TheCall))
2540 return ExprError();
2541 break;
2542 case Builtin::BI__assume:
2543 case Builtin::BI__builtin_assume:
2544 if (BuiltinAssume(TheCall))
2545 return ExprError();
2546 break;
2547 case Builtin::BI__builtin_assume_aligned:
2548 if (BuiltinAssumeAligned(TheCall))
2549 return ExprError();
2550 break;
2551 case Builtin::BI__builtin_dynamic_object_size:
2552 case Builtin::BI__builtin_object_size:
2553 if (BuiltinConstantArgRange(TheCall, ArgNum: 1, Low: 0, High: 3))
2554 return ExprError();
2555 break;
2556 case Builtin::BI__builtin_longjmp:
2557 if (BuiltinLongjmp(TheCall))
2558 return ExprError();
2559 break;
2560 case Builtin::BI__builtin_setjmp:
2561 if (BuiltinSetjmp(TheCall))
2562 return ExprError();
2563 break;
2564 case Builtin::BI__builtin_classify_type:
2565 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
2566 return true;
2567 TheCall->setType(Context.IntTy);
2568 break;
2569 case Builtin::BI__builtin_complex:
2570 if (BuiltinComplex(TheCall))
2571 return ExprError();
2572 break;
2573 case Builtin::BI__builtin_constant_p: {
2574 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
2575 return true;
2576 ExprResult Arg = DefaultFunctionArrayLvalueConversion(E: TheCall->getArg(Arg: 0));
2577 if (Arg.isInvalid()) return true;
2578 TheCall->setArg(Arg: 0, ArgExpr: Arg.get());
2579 TheCall->setType(Context.IntTy);
2580 break;
2581 }
2582 case Builtin::BI__builtin_launder:
2583 return BuiltinLaunder(S&: *this, TheCall);
2584 case Builtin::BI__builtin_is_within_lifetime:
2585 return BuiltinIsWithinLifetime(S&: *this, TheCall);
2586 case Builtin::BI__builtin_trivially_relocate:
2587 return BuiltinTriviallyRelocate(S&: *this, TheCall);
2588
2589 case Builtin::BI__sync_fetch_and_add:
2590 case Builtin::BI__sync_fetch_and_add_1:
2591 case Builtin::BI__sync_fetch_and_add_2:
2592 case Builtin::BI__sync_fetch_and_add_4:
2593 case Builtin::BI__sync_fetch_and_add_8:
2594 case Builtin::BI__sync_fetch_and_add_16:
2595 case Builtin::BI__sync_fetch_and_sub:
2596 case Builtin::BI__sync_fetch_and_sub_1:
2597 case Builtin::BI__sync_fetch_and_sub_2:
2598 case Builtin::BI__sync_fetch_and_sub_4:
2599 case Builtin::BI__sync_fetch_and_sub_8:
2600 case Builtin::BI__sync_fetch_and_sub_16:
2601 case Builtin::BI__sync_fetch_and_or:
2602 case Builtin::BI__sync_fetch_and_or_1:
2603 case Builtin::BI__sync_fetch_and_or_2:
2604 case Builtin::BI__sync_fetch_and_or_4:
2605 case Builtin::BI__sync_fetch_and_or_8:
2606 case Builtin::BI__sync_fetch_and_or_16:
2607 case Builtin::BI__sync_fetch_and_and:
2608 case Builtin::BI__sync_fetch_and_and_1:
2609 case Builtin::BI__sync_fetch_and_and_2:
2610 case Builtin::BI__sync_fetch_and_and_4:
2611 case Builtin::BI__sync_fetch_and_and_8:
2612 case Builtin::BI__sync_fetch_and_and_16:
2613 case Builtin::BI__sync_fetch_and_xor:
2614 case Builtin::BI__sync_fetch_and_xor_1:
2615 case Builtin::BI__sync_fetch_and_xor_2:
2616 case Builtin::BI__sync_fetch_and_xor_4:
2617 case Builtin::BI__sync_fetch_and_xor_8:
2618 case Builtin::BI__sync_fetch_and_xor_16:
2619 case Builtin::BI__sync_fetch_and_nand:
2620 case Builtin::BI__sync_fetch_and_nand_1:
2621 case Builtin::BI__sync_fetch_and_nand_2:
2622 case Builtin::BI__sync_fetch_and_nand_4:
2623 case Builtin::BI__sync_fetch_and_nand_8:
2624 case Builtin::BI__sync_fetch_and_nand_16:
2625 case Builtin::BI__sync_add_and_fetch:
2626 case Builtin::BI__sync_add_and_fetch_1:
2627 case Builtin::BI__sync_add_and_fetch_2:
2628 case Builtin::BI__sync_add_and_fetch_4:
2629 case Builtin::BI__sync_add_and_fetch_8:
2630 case Builtin::BI__sync_add_and_fetch_16:
2631 case Builtin::BI__sync_sub_and_fetch:
2632 case Builtin::BI__sync_sub_and_fetch_1:
2633 case Builtin::BI__sync_sub_and_fetch_2:
2634 case Builtin::BI__sync_sub_and_fetch_4:
2635 case Builtin::BI__sync_sub_and_fetch_8:
2636 case Builtin::BI__sync_sub_and_fetch_16:
2637 case Builtin::BI__sync_and_and_fetch:
2638 case Builtin::BI__sync_and_and_fetch_1:
2639 case Builtin::BI__sync_and_and_fetch_2:
2640 case Builtin::BI__sync_and_and_fetch_4:
2641 case Builtin::BI__sync_and_and_fetch_8:
2642 case Builtin::BI__sync_and_and_fetch_16:
2643 case Builtin::BI__sync_or_and_fetch:
2644 case Builtin::BI__sync_or_and_fetch_1:
2645 case Builtin::BI__sync_or_and_fetch_2:
2646 case Builtin::BI__sync_or_and_fetch_4:
2647 case Builtin::BI__sync_or_and_fetch_8:
2648 case Builtin::BI__sync_or_and_fetch_16:
2649 case Builtin::BI__sync_xor_and_fetch:
2650 case Builtin::BI__sync_xor_and_fetch_1:
2651 case Builtin::BI__sync_xor_and_fetch_2:
2652 case Builtin::BI__sync_xor_and_fetch_4:
2653 case Builtin::BI__sync_xor_and_fetch_8:
2654 case Builtin::BI__sync_xor_and_fetch_16:
2655 case Builtin::BI__sync_nand_and_fetch:
2656 case Builtin::BI__sync_nand_and_fetch_1:
2657 case Builtin::BI__sync_nand_and_fetch_2:
2658 case Builtin::BI__sync_nand_and_fetch_4:
2659 case Builtin::BI__sync_nand_and_fetch_8:
2660 case Builtin::BI__sync_nand_and_fetch_16:
2661 case Builtin::BI__sync_val_compare_and_swap:
2662 case Builtin::BI__sync_val_compare_and_swap_1:
2663 case Builtin::BI__sync_val_compare_and_swap_2:
2664 case Builtin::BI__sync_val_compare_and_swap_4:
2665 case Builtin::BI__sync_val_compare_and_swap_8:
2666 case Builtin::BI__sync_val_compare_and_swap_16:
2667 case Builtin::BI__sync_bool_compare_and_swap:
2668 case Builtin::BI__sync_bool_compare_and_swap_1:
2669 case Builtin::BI__sync_bool_compare_and_swap_2:
2670 case Builtin::BI__sync_bool_compare_and_swap_4:
2671 case Builtin::BI__sync_bool_compare_and_swap_8:
2672 case Builtin::BI__sync_bool_compare_and_swap_16:
2673 case Builtin::BI__sync_lock_test_and_set:
2674 case Builtin::BI__sync_lock_test_and_set_1:
2675 case Builtin::BI__sync_lock_test_and_set_2:
2676 case Builtin::BI__sync_lock_test_and_set_4:
2677 case Builtin::BI__sync_lock_test_and_set_8:
2678 case Builtin::BI__sync_lock_test_and_set_16:
2679 case Builtin::BI__sync_lock_release:
2680 case Builtin::BI__sync_lock_release_1:
2681 case Builtin::BI__sync_lock_release_2:
2682 case Builtin::BI__sync_lock_release_4:
2683 case Builtin::BI__sync_lock_release_8:
2684 case Builtin::BI__sync_lock_release_16:
2685 case Builtin::BI__sync_swap:
2686 case Builtin::BI__sync_swap_1:
2687 case Builtin::BI__sync_swap_2:
2688 case Builtin::BI__sync_swap_4:
2689 case Builtin::BI__sync_swap_8:
2690 case Builtin::BI__sync_swap_16:
2691 return BuiltinAtomicOverloaded(TheCallResult);
2692 case Builtin::BI__sync_synchronize:
2693 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_atomic_implicit_seq_cst)
2694 << TheCall->getCallee()->getSourceRange();
2695 break;
2696 case Builtin::BI__builtin_nontemporal_load:
2697 case Builtin::BI__builtin_nontemporal_store:
2698 return BuiltinNontemporalOverloaded(TheCallResult);
2699 case Builtin::BI__builtin_memcpy_inline: {
2700 clang::Expr *SizeOp = TheCall->getArg(Arg: 2);
2701 // We warn about copying to or from `nullptr` pointers when `size` is
2702 // greater than 0. When `size` is value dependent we cannot evaluate its
2703 // value so we bail out.
2704 if (SizeOp->isValueDependent())
2705 break;
2706 if (!SizeOp->EvaluateKnownConstInt(Ctx: Context).isZero()) {
2707 CheckNonNullArgument(S&: *this, ArgExpr: TheCall->getArg(Arg: 0), CallSiteLoc: TheCall->getExprLoc());
2708 CheckNonNullArgument(S&: *this, ArgExpr: TheCall->getArg(Arg: 1), CallSiteLoc: TheCall->getExprLoc());
2709 }
2710 break;
2711 }
2712 case Builtin::BI__builtin_memset_inline: {
2713 clang::Expr *SizeOp = TheCall->getArg(Arg: 2);
2714 // We warn about filling to `nullptr` pointers when `size` is greater than
2715 // 0. When `size` is value dependent we cannot evaluate its value so we bail
2716 // out.
2717 if (SizeOp->isValueDependent())
2718 break;
2719 if (!SizeOp->EvaluateKnownConstInt(Ctx: Context).isZero())
2720 CheckNonNullArgument(S&: *this, ArgExpr: TheCall->getArg(Arg: 0), CallSiteLoc: TheCall->getExprLoc());
2721 break;
2722 }
2723#define ATOMIC_BUILTIN(ID, TYPE, ATTRS) \
2724 case Builtin::BI##ID: \
2725 return AtomicOpsOverloaded(TheCallResult, AtomicExpr::AO##ID);
2726#include "clang/Basic/Builtins.inc"
2727 case Builtin::BI__annotation:
2728 if (BuiltinMSVCAnnotation(S&: *this, TheCall))
2729 return ExprError();
2730 break;
2731 case Builtin::BI__builtin_annotation:
2732 if (BuiltinAnnotation(S&: *this, TheCall))
2733 return ExprError();
2734 break;
2735 case Builtin::BI__builtin_addressof:
2736 if (BuiltinAddressof(S&: *this, TheCall))
2737 return ExprError();
2738 break;
2739 case Builtin::BI__builtin_function_start:
2740 if (BuiltinFunctionStart(S&: *this, TheCall))
2741 return ExprError();
2742 break;
2743 case Builtin::BI__builtin_is_aligned:
2744 case Builtin::BI__builtin_align_up:
2745 case Builtin::BI__builtin_align_down:
2746 if (BuiltinAlignment(S&: *this, TheCall, ID: BuiltinID))
2747 return ExprError();
2748 break;
2749 case Builtin::BI__builtin_add_overflow:
2750 case Builtin::BI__builtin_sub_overflow:
2751 case Builtin::BI__builtin_mul_overflow:
2752 if (BuiltinOverflow(S&: *this, TheCall, BuiltinID))
2753 return ExprError();
2754 break;
2755 case Builtin::BI__builtin_operator_new:
2756 case Builtin::BI__builtin_operator_delete: {
2757 bool IsDelete = BuiltinID == Builtin::BI__builtin_operator_delete;
2758 ExprResult Res =
2759 BuiltinOperatorNewDeleteOverloaded(TheCallResult, IsDelete);
2760 return Res;
2761 }
2762 case Builtin::BI__builtin_dump_struct:
2763 return BuiltinDumpStruct(S&: *this, TheCall);
2764 case Builtin::BI__builtin_expect_with_probability: {
2765 // We first want to ensure we are called with 3 arguments
2766 if (checkArgCount(Call: TheCall, DesiredArgCount: 3))
2767 return ExprError();
2768 // then check probability is constant float in range [0.0, 1.0]
2769 const Expr *ProbArg = TheCall->getArg(Arg: 2);
2770 SmallVector<PartialDiagnosticAt, 8> Notes;
2771 Expr::EvalResult Eval;
2772 Eval.Diag = &Notes;
2773 if ((!ProbArg->EvaluateAsConstantExpr(Result&: Eval, Ctx: Context)) ||
2774 !Eval.Val.isFloat()) {
2775 Diag(Loc: ProbArg->getBeginLoc(), DiagID: diag::err_probability_not_constant_float)
2776 << ProbArg->getSourceRange();
2777 for (const PartialDiagnosticAt &PDiag : Notes)
2778 Diag(Loc: PDiag.first, PD: PDiag.second);
2779 return ExprError();
2780 }
2781 llvm::APFloat Probability = Eval.Val.getFloat();
2782 bool LoseInfo = false;
2783 Probability.convert(ToSemantics: llvm::APFloat::IEEEdouble(),
2784 RM: llvm::RoundingMode::Dynamic, losesInfo: &LoseInfo);
2785 if (!(Probability >= llvm::APFloat(0.0) &&
2786 Probability <= llvm::APFloat(1.0))) {
2787 Diag(Loc: ProbArg->getBeginLoc(), DiagID: diag::err_probability_out_of_range)
2788 << ProbArg->getSourceRange();
2789 return ExprError();
2790 }
2791 break;
2792 }
2793 case Builtin::BI__builtin_preserve_access_index:
2794 if (BuiltinPreserveAI(S&: *this, TheCall))
2795 return ExprError();
2796 break;
2797 case Builtin::BI__builtin_call_with_static_chain:
2798 if (BuiltinCallWithStaticChain(S&: *this, BuiltinCall: TheCall))
2799 return ExprError();
2800 break;
2801 case Builtin::BI__exception_code:
2802 case Builtin::BI_exception_code:
2803 if (BuiltinSEHScopeCheck(SemaRef&: *this, TheCall, NeededScopeFlags: Scope::SEHExceptScope,
2804 DiagID: diag::err_seh___except_block))
2805 return ExprError();
2806 break;
2807 case Builtin::BI__exception_info:
2808 case Builtin::BI_exception_info:
2809 if (BuiltinSEHScopeCheck(SemaRef&: *this, TheCall, NeededScopeFlags: Scope::SEHFilterScope,
2810 DiagID: diag::err_seh___except_filter))
2811 return ExprError();
2812 break;
2813 case Builtin::BI__GetExceptionInfo:
2814 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
2815 return ExprError();
2816
2817 if (CheckCXXThrowOperand(
2818 ThrowLoc: TheCall->getBeginLoc(),
2819 ThrowTy: Context.getExceptionObjectType(T: FDecl->getParamDecl(i: 0)->getType()),
2820 E: TheCall))
2821 return ExprError();
2822
2823 TheCall->setType(Context.VoidPtrTy);
2824 break;
2825 case Builtin::BIaddressof:
2826 case Builtin::BI__addressof:
2827 case Builtin::BIforward:
2828 case Builtin::BIforward_like:
2829 case Builtin::BImove:
2830 case Builtin::BImove_if_noexcept:
2831 case Builtin::BIas_const: {
2832 // These are all expected to be of the form
2833 // T &/&&/* f(U &/&&)
2834 // where T and U only differ in qualification.
2835 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
2836 return ExprError();
2837 QualType Param = FDecl->getParamDecl(i: 0)->getType();
2838 QualType Result = FDecl->getReturnType();
2839 bool ReturnsPointer = BuiltinID == Builtin::BIaddressof ||
2840 BuiltinID == Builtin::BI__addressof;
2841 if (!(Param->isReferenceType() &&
2842 (ReturnsPointer ? Result->isAnyPointerType()
2843 : Result->isReferenceType()) &&
2844 Context.hasSameUnqualifiedType(T1: Param->getPointeeType(),
2845 T2: Result->getPointeeType()))) {
2846 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_move_forward_unsupported)
2847 << FDecl;
2848 return ExprError();
2849 }
2850 break;
2851 }
2852 case Builtin::BI__builtin_ptrauth_strip:
2853 return PointerAuthStrip(S&: *this, Call: TheCall);
2854 case Builtin::BI__builtin_ptrauth_blend_discriminator:
2855 return PointerAuthBlendDiscriminator(S&: *this, Call: TheCall);
2856 case Builtin::BI__builtin_ptrauth_sign_constant:
2857 return PointerAuthSignOrAuth(S&: *this, Call: TheCall, OpKind: PAO_Sign,
2858 /*RequireConstant=*/true);
2859 case Builtin::BI__builtin_ptrauth_sign_unauthenticated:
2860 return PointerAuthSignOrAuth(S&: *this, Call: TheCall, OpKind: PAO_Sign,
2861 /*RequireConstant=*/false);
2862 case Builtin::BI__builtin_ptrauth_auth:
2863 return PointerAuthSignOrAuth(S&: *this, Call: TheCall, OpKind: PAO_Auth,
2864 /*RequireConstant=*/false);
2865 case Builtin::BI__builtin_ptrauth_sign_generic_data:
2866 return PointerAuthSignGenericData(S&: *this, Call: TheCall);
2867 case Builtin::BI__builtin_ptrauth_auth_and_resign:
2868 return PointerAuthAuthAndResign(S&: *this, Call: TheCall);
2869 case Builtin::BI__builtin_ptrauth_string_discriminator:
2870 return PointerAuthStringDiscriminator(S&: *this, Call: TheCall);
2871
2872 case Builtin::BI__builtin_get_vtable_pointer:
2873 return GetVTablePointer(S&: *this, Call: TheCall);
2874
2875 // OpenCL v2.0, s6.13.16 - Pipe functions
2876 case Builtin::BIread_pipe:
2877 case Builtin::BIwrite_pipe:
2878 // Since those two functions are declared with var args, we need a semantic
2879 // check for the argument.
2880 if (OpenCL().checkBuiltinRWPipe(Call: TheCall))
2881 return ExprError();
2882 break;
2883 case Builtin::BIreserve_read_pipe:
2884 case Builtin::BIreserve_write_pipe:
2885 case Builtin::BIwork_group_reserve_read_pipe:
2886 case Builtin::BIwork_group_reserve_write_pipe:
2887 if (OpenCL().checkBuiltinReserveRWPipe(Call: TheCall))
2888 return ExprError();
2889 break;
2890 case Builtin::BIsub_group_reserve_read_pipe:
2891 case Builtin::BIsub_group_reserve_write_pipe:
2892 if (OpenCL().checkSubgroupExt(Call: TheCall) ||
2893 OpenCL().checkBuiltinReserveRWPipe(Call: TheCall))
2894 return ExprError();
2895 break;
2896 case Builtin::BIcommit_read_pipe:
2897 case Builtin::BIcommit_write_pipe:
2898 case Builtin::BIwork_group_commit_read_pipe:
2899 case Builtin::BIwork_group_commit_write_pipe:
2900 if (OpenCL().checkBuiltinCommitRWPipe(Call: TheCall))
2901 return ExprError();
2902 break;
2903 case Builtin::BIsub_group_commit_read_pipe:
2904 case Builtin::BIsub_group_commit_write_pipe:
2905 if (OpenCL().checkSubgroupExt(Call: TheCall) ||
2906 OpenCL().checkBuiltinCommitRWPipe(Call: TheCall))
2907 return ExprError();
2908 break;
2909 case Builtin::BIget_pipe_num_packets:
2910 case Builtin::BIget_pipe_max_packets:
2911 if (OpenCL().checkBuiltinPipePackets(Call: TheCall))
2912 return ExprError();
2913 break;
2914 case Builtin::BIto_global:
2915 case Builtin::BIto_local:
2916 case Builtin::BIto_private:
2917 if (OpenCL().checkBuiltinToAddr(BuiltinID, Call: TheCall))
2918 return ExprError();
2919 break;
2920 // OpenCL v2.0, s6.13.17 - Enqueue kernel functions.
2921 case Builtin::BIenqueue_kernel:
2922 if (OpenCL().checkBuiltinEnqueueKernel(TheCall))
2923 return ExprError();
2924 break;
2925 case Builtin::BIget_kernel_work_group_size:
2926 case Builtin::BIget_kernel_preferred_work_group_size_multiple:
2927 if (OpenCL().checkBuiltinKernelWorkGroupSize(TheCall))
2928 return ExprError();
2929 break;
2930 case Builtin::BIget_kernel_max_sub_group_size_for_ndrange:
2931 case Builtin::BIget_kernel_sub_group_count_for_ndrange:
2932 if (OpenCL().checkBuiltinNDRangeAndBlock(TheCall))
2933 return ExprError();
2934 break;
2935 case Builtin::BI__builtin_os_log_format:
2936 Cleanup.setExprNeedsCleanups(true);
2937 [[fallthrough]];
2938 case Builtin::BI__builtin_os_log_format_buffer_size:
2939 if (BuiltinOSLogFormat(TheCall))
2940 return ExprError();
2941 break;
2942 case Builtin::BI__builtin_frame_address:
2943 case Builtin::BI__builtin_return_address: {
2944 if (BuiltinConstantArgRange(TheCall, ArgNum: 0, Low: 0, High: 0xFFFF))
2945 return ExprError();
2946
2947 // -Wframe-address warning if non-zero passed to builtin
2948 // return/frame address.
2949 Expr::EvalResult Result;
2950 if (!TheCall->getArg(Arg: 0)->isValueDependent() &&
2951 TheCall->getArg(Arg: 0)->EvaluateAsInt(Result, Ctx: getASTContext()) &&
2952 Result.Val.getInt() != 0)
2953 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_frame_address)
2954 << ((BuiltinID == Builtin::BI__builtin_return_address)
2955 ? "__builtin_return_address"
2956 : "__builtin_frame_address")
2957 << TheCall->getSourceRange();
2958 break;
2959 }
2960
2961 case Builtin::BI__builtin_nondeterministic_value: {
2962 if (BuiltinNonDeterministicValue(TheCall))
2963 return ExprError();
2964 break;
2965 }
2966
2967 // __builtin_elementwise_abs restricts the element type to signed integers or
2968 // floating point types only.
2969 case Builtin::BI__builtin_elementwise_abs:
2970 if (PrepareBuiltinElementwiseMathOneArgCall(
2971 TheCall, ArgTyRestr: EltwiseBuiltinArgTyRestriction::SignedIntOrFloatTy))
2972 return ExprError();
2973 break;
2974
2975 // These builtins restrict the element type to floating point
2976 // types only.
2977 case Builtin::BI__builtin_elementwise_acos:
2978 case Builtin::BI__builtin_elementwise_asin:
2979 case Builtin::BI__builtin_elementwise_atan:
2980 case Builtin::BI__builtin_elementwise_ceil:
2981 case Builtin::BI__builtin_elementwise_cos:
2982 case Builtin::BI__builtin_elementwise_cosh:
2983 case Builtin::BI__builtin_elementwise_exp:
2984 case Builtin::BI__builtin_elementwise_exp2:
2985 case Builtin::BI__builtin_elementwise_exp10:
2986 case Builtin::BI__builtin_elementwise_floor:
2987 case Builtin::BI__builtin_elementwise_log:
2988 case Builtin::BI__builtin_elementwise_log2:
2989 case Builtin::BI__builtin_elementwise_log10:
2990 case Builtin::BI__builtin_elementwise_roundeven:
2991 case Builtin::BI__builtin_elementwise_round:
2992 case Builtin::BI__builtin_elementwise_rint:
2993 case Builtin::BI__builtin_elementwise_nearbyint:
2994 case Builtin::BI__builtin_elementwise_sin:
2995 case Builtin::BI__builtin_elementwise_sinh:
2996 case Builtin::BI__builtin_elementwise_sqrt:
2997 case Builtin::BI__builtin_elementwise_tan:
2998 case Builtin::BI__builtin_elementwise_tanh:
2999 case Builtin::BI__builtin_elementwise_trunc:
3000 case Builtin::BI__builtin_elementwise_canonicalize:
3001 if (PrepareBuiltinElementwiseMathOneArgCall(
3002 TheCall, ArgTyRestr: EltwiseBuiltinArgTyRestriction::FloatTy))
3003 return ExprError();
3004 break;
3005 case Builtin::BI__builtin_elementwise_fma:
3006 if (BuiltinElementwiseTernaryMath(TheCall))
3007 return ExprError();
3008 break;
3009
3010 // These builtins restrict the element type to floating point
3011 // types only, and take in two arguments.
3012 case Builtin::BI__builtin_elementwise_minnum:
3013 case Builtin::BI__builtin_elementwise_maxnum:
3014 case Builtin::BI__builtin_elementwise_minimum:
3015 case Builtin::BI__builtin_elementwise_maximum:
3016 case Builtin::BI__builtin_elementwise_atan2:
3017 case Builtin::BI__builtin_elementwise_fmod:
3018 case Builtin::BI__builtin_elementwise_pow:
3019 if (BuiltinElementwiseMath(TheCall,
3020 ArgTyRestr: EltwiseBuiltinArgTyRestriction::FloatTy))
3021 return ExprError();
3022 break;
3023 // These builtins restrict the element type to integer
3024 // types only.
3025 case Builtin::BI__builtin_elementwise_add_sat:
3026 case Builtin::BI__builtin_elementwise_sub_sat:
3027 if (BuiltinElementwiseMath(TheCall,
3028 ArgTyRestr: EltwiseBuiltinArgTyRestriction::IntegerTy))
3029 return ExprError();
3030 break;
3031 case Builtin::BI__builtin_elementwise_min:
3032 case Builtin::BI__builtin_elementwise_max:
3033 if (BuiltinElementwiseMath(TheCall))
3034 return ExprError();
3035 break;
3036 case Builtin::BI__builtin_elementwise_popcount:
3037 case Builtin::BI__builtin_elementwise_bitreverse:
3038 if (PrepareBuiltinElementwiseMathOneArgCall(
3039 TheCall, ArgTyRestr: EltwiseBuiltinArgTyRestriction::IntegerTy))
3040 return ExprError();
3041 break;
3042 case Builtin::BI__builtin_elementwise_copysign: {
3043 if (checkArgCount(Call: TheCall, DesiredArgCount: 2))
3044 return ExprError();
3045
3046 ExprResult Magnitude = UsualUnaryConversions(E: TheCall->getArg(Arg: 0));
3047 ExprResult Sign = UsualUnaryConversions(E: TheCall->getArg(Arg: 1));
3048 if (Magnitude.isInvalid() || Sign.isInvalid())
3049 return ExprError();
3050
3051 QualType MagnitudeTy = Magnitude.get()->getType();
3052 QualType SignTy = Sign.get()->getType();
3053 if (checkMathBuiltinElementType(
3054 S&: *this, Loc: TheCall->getArg(Arg: 0)->getBeginLoc(), ArgTy: MagnitudeTy,
3055 ArgTyRestr: EltwiseBuiltinArgTyRestriction::FloatTy, ArgOrdinal: 1) ||
3056 checkMathBuiltinElementType(
3057 S&: *this, Loc: TheCall->getArg(Arg: 1)->getBeginLoc(), ArgTy: SignTy,
3058 ArgTyRestr: EltwiseBuiltinArgTyRestriction::FloatTy, ArgOrdinal: 2)) {
3059 return ExprError();
3060 }
3061
3062 if (MagnitudeTy.getCanonicalType() != SignTy.getCanonicalType()) {
3063 return Diag(Loc: Sign.get()->getBeginLoc(),
3064 DiagID: diag::err_typecheck_call_different_arg_types)
3065 << MagnitudeTy << SignTy;
3066 }
3067
3068 TheCall->setArg(Arg: 0, ArgExpr: Magnitude.get());
3069 TheCall->setArg(Arg: 1, ArgExpr: Sign.get());
3070 TheCall->setType(Magnitude.get()->getType());
3071 break;
3072 }
3073 case Builtin::BI__builtin_reduce_max:
3074 case Builtin::BI__builtin_reduce_min: {
3075 if (PrepareBuiltinReduceMathOneArgCall(TheCall))
3076 return ExprError();
3077
3078 const Expr *Arg = TheCall->getArg(Arg: 0);
3079 const auto *TyA = Arg->getType()->getAs<VectorType>();
3080
3081 QualType ElTy;
3082 if (TyA)
3083 ElTy = TyA->getElementType();
3084 else if (Arg->getType()->isSizelessVectorType())
3085 ElTy = Arg->getType()->getSizelessVectorEltType(Ctx: Context);
3086
3087 if (ElTy.isNull()) {
3088 Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
3089 << 1 << /* vector ty */ 2 << /* no int */ 0 << /* no fp */ 0
3090 << Arg->getType();
3091 return ExprError();
3092 }
3093
3094 TheCall->setType(ElTy);
3095 break;
3096 }
3097 case Builtin::BI__builtin_reduce_maximum:
3098 case Builtin::BI__builtin_reduce_minimum: {
3099 if (PrepareBuiltinReduceMathOneArgCall(TheCall))
3100 return ExprError();
3101
3102 const Expr *Arg = TheCall->getArg(Arg: 0);
3103 const auto *TyA = Arg->getType()->getAs<VectorType>();
3104
3105 QualType ElTy;
3106 if (TyA)
3107 ElTy = TyA->getElementType();
3108 else if (Arg->getType()->isSizelessVectorType())
3109 ElTy = Arg->getType()->getSizelessVectorEltType(Ctx: Context);
3110
3111 if (ElTy.isNull() || !ElTy->isFloatingType()) {
3112 Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
3113 << 1 << /* vector of */ 4 << /* no int */ 0 << /* fp */ 1
3114 << Arg->getType();
3115 return ExprError();
3116 }
3117
3118 TheCall->setType(ElTy);
3119 break;
3120 }
3121
3122 // These builtins support vectors of integers only.
3123 // TODO: ADD/MUL should support floating-point types.
3124 case Builtin::BI__builtin_reduce_add:
3125 case Builtin::BI__builtin_reduce_mul:
3126 case Builtin::BI__builtin_reduce_xor:
3127 case Builtin::BI__builtin_reduce_or:
3128 case Builtin::BI__builtin_reduce_and: {
3129 if (PrepareBuiltinReduceMathOneArgCall(TheCall))
3130 return ExprError();
3131
3132 const Expr *Arg = TheCall->getArg(Arg: 0);
3133 const auto *TyA = Arg->getType()->getAs<VectorType>();
3134
3135 QualType ElTy;
3136 if (TyA)
3137 ElTy = TyA->getElementType();
3138 else if (Arg->getType()->isSizelessVectorType())
3139 ElTy = Arg->getType()->getSizelessVectorEltType(Ctx: Context);
3140
3141 if (ElTy.isNull() || !ElTy->isIntegerType()) {
3142 Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
3143 << 1 << /* vector of */ 4 << /* int */ 1 << /* no fp */ 0
3144 << Arg->getType();
3145 return ExprError();
3146 }
3147
3148 TheCall->setType(ElTy);
3149 break;
3150 }
3151
3152 case Builtin::BI__builtin_matrix_transpose:
3153 return BuiltinMatrixTranspose(TheCall, CallResult: TheCallResult);
3154
3155 case Builtin::BI__builtin_matrix_column_major_load:
3156 return BuiltinMatrixColumnMajorLoad(TheCall, CallResult: TheCallResult);
3157
3158 case Builtin::BI__builtin_matrix_column_major_store:
3159 return BuiltinMatrixColumnMajorStore(TheCall, CallResult: TheCallResult);
3160
3161 case Builtin::BI__builtin_verbose_trap:
3162 if (!checkBuiltinVerboseTrap(Call: TheCall, S&: *this))
3163 return ExprError();
3164 break;
3165
3166 case Builtin::BI__builtin_get_device_side_mangled_name: {
3167 auto Check = [](CallExpr *TheCall) {
3168 if (TheCall->getNumArgs() != 1)
3169 return false;
3170 auto *DRE = dyn_cast<DeclRefExpr>(Val: TheCall->getArg(Arg: 0)->IgnoreImpCasts());
3171 if (!DRE)
3172 return false;
3173 auto *D = DRE->getDecl();
3174 if (!isa<FunctionDecl>(Val: D) && !isa<VarDecl>(Val: D))
3175 return false;
3176 return D->hasAttr<CUDAGlobalAttr>() || D->hasAttr<CUDADeviceAttr>() ||
3177 D->hasAttr<CUDAConstantAttr>() || D->hasAttr<HIPManagedAttr>();
3178 };
3179 if (!Check(TheCall)) {
3180 Diag(Loc: TheCall->getBeginLoc(),
3181 DiagID: diag::err_hip_invalid_args_builtin_mangled_name);
3182 return ExprError();
3183 }
3184 break;
3185 }
3186 case Builtin::BI__builtin_popcountg:
3187 if (BuiltinPopcountg(S&: *this, TheCall))
3188 return ExprError();
3189 break;
3190 case Builtin::BI__builtin_clzg:
3191 case Builtin::BI__builtin_ctzg:
3192 if (BuiltinCountZeroBitsGeneric(S&: *this, TheCall))
3193 return ExprError();
3194 break;
3195
3196 case Builtin::BI__builtin_allow_runtime_check: {
3197 Expr *Arg = TheCall->getArg(Arg: 0);
3198 // Check if the argument is a string literal.
3199 if (!isa<StringLiteral>(Val: Arg->IgnoreParenImpCasts())) {
3200 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_expr_not_string_literal)
3201 << Arg->getSourceRange();
3202 return ExprError();
3203 }
3204 break;
3205 }
3206 case Builtin::BI__builtin_counted_by_ref:
3207 if (BuiltinCountedByRef(TheCall))
3208 return ExprError();
3209 break;
3210 }
3211
3212 if (getLangOpts().HLSL && HLSL().CheckBuiltinFunctionCall(BuiltinID, TheCall))
3213 return ExprError();
3214
3215 // Since the target specific builtins for each arch overlap, only check those
3216 // of the arch we are compiling for.
3217 if (Context.BuiltinInfo.isTSBuiltin(ID: BuiltinID)) {
3218 if (Context.BuiltinInfo.isAuxBuiltinID(ID: BuiltinID)) {
3219 assert(Context.getAuxTargetInfo() &&
3220 "Aux Target Builtin, but not an aux target?");
3221
3222 if (CheckTSBuiltinFunctionCall(
3223 TI: *Context.getAuxTargetInfo(),
3224 BuiltinID: Context.BuiltinInfo.getAuxBuiltinID(ID: BuiltinID), TheCall))
3225 return ExprError();
3226 } else {
3227 if (CheckTSBuiltinFunctionCall(TI: Context.getTargetInfo(), BuiltinID,
3228 TheCall))
3229 return ExprError();
3230 }
3231 }
3232
3233 return TheCallResult;
3234}
3235
3236bool Sema::ValueIsRunOfOnes(CallExpr *TheCall, unsigned ArgNum) {
3237 llvm::APSInt Result;
3238 // We can't check the value of a dependent argument.
3239 Expr *Arg = TheCall->getArg(Arg: ArgNum);
3240 if (Arg->isTypeDependent() || Arg->isValueDependent())
3241 return false;
3242
3243 // Check constant-ness first.
3244 if (BuiltinConstantArg(TheCall, ArgNum, Result))
3245 return true;
3246
3247 // Check contiguous run of 1s, 0xFF0000FF is also a run of 1s.
3248 if (Result.isShiftedMask() || (~Result).isShiftedMask())
3249 return false;
3250
3251 return Diag(Loc: TheCall->getBeginLoc(),
3252 DiagID: diag::err_argument_not_contiguous_bit_field)
3253 << ArgNum << Arg->getSourceRange();
3254}
3255
3256bool Sema::getFormatStringInfo(const Decl *D, unsigned FormatIdx,
3257 unsigned FirstArg, FormatStringInfo *FSI) {
3258 bool IsCXXMember = false;
3259 if (const auto *MD = dyn_cast<CXXMethodDecl>(Val: D))
3260 IsCXXMember = MD->isInstance();
3261 bool IsVariadic = false;
3262 if (const FunctionType *FnTy = D->getFunctionType())
3263 IsVariadic = cast<FunctionProtoType>(Val: FnTy)->isVariadic();
3264 else if (const auto *BD = dyn_cast<BlockDecl>(Val: D))
3265 IsVariadic = BD->isVariadic();
3266 else if (const auto *OMD = dyn_cast<ObjCMethodDecl>(Val: D))
3267 IsVariadic = OMD->isVariadic();
3268
3269 return getFormatStringInfo(FormatIdx, FirstArg, IsCXXMember, IsVariadic, FSI);
3270}
3271
3272bool Sema::getFormatStringInfo(unsigned FormatIdx, unsigned FirstArg,
3273 bool IsCXXMember, bool IsVariadic,
3274 FormatStringInfo *FSI) {
3275 if (FirstArg == 0)
3276 FSI->ArgPassingKind = FAPK_VAList;
3277 else if (IsVariadic)
3278 FSI->ArgPassingKind = FAPK_Variadic;
3279 else
3280 FSI->ArgPassingKind = FAPK_Fixed;
3281 FSI->FormatIdx = FormatIdx - 1;
3282 FSI->FirstDataArg = FSI->ArgPassingKind == FAPK_VAList ? 0 : FirstArg - 1;
3283
3284 // The way the format attribute works in GCC, the implicit this argument
3285 // of member functions is counted. However, it doesn't appear in our own
3286 // lists, so decrement format_idx in that case.
3287 if (IsCXXMember) {
3288 if(FSI->FormatIdx == 0)
3289 return false;
3290 --FSI->FormatIdx;
3291 if (FSI->FirstDataArg != 0)
3292 --FSI->FirstDataArg;
3293 }
3294 return true;
3295}
3296
3297/// Checks if a the given expression evaluates to null.
3298///
3299/// Returns true if the value evaluates to null.
3300static bool CheckNonNullExpr(Sema &S, const Expr *Expr) {
3301 // Treat (smart) pointers constructed from nullptr as null, whether we can
3302 // const-evaluate them or not.
3303 // This must happen first: the smart pointer expr might have _Nonnull type!
3304 if (isa<CXXNullPtrLiteralExpr>(
3305 Val: IgnoreExprNodes(E: Expr, Fns&: IgnoreImplicitAsWrittenSingleStep,
3306 Fns&: IgnoreElidableImplicitConstructorSingleStep)))
3307 return true;
3308
3309 // If the expression has non-null type, it doesn't evaluate to null.
3310 if (auto nullability = Expr->IgnoreImplicit()->getType()->getNullability()) {
3311 if (*nullability == NullabilityKind::NonNull)
3312 return false;
3313 }
3314
3315 // As a special case, transparent unions initialized with zero are
3316 // considered null for the purposes of the nonnull attribute.
3317 if (const RecordType *UT = Expr->getType()->getAsUnionType();
3318 UT && UT->getDecl()->hasAttr<TransparentUnionAttr>()) {
3319 if (const auto *CLE = dyn_cast<CompoundLiteralExpr>(Val: Expr))
3320 if (const auto *ILE = dyn_cast<InitListExpr>(Val: CLE->getInitializer()))
3321 Expr = ILE->getInit(Init: 0);
3322 }
3323
3324 bool Result;
3325 return (!Expr->isValueDependent() &&
3326 Expr->EvaluateAsBooleanCondition(Result, Ctx: S.Context) &&
3327 !Result);
3328}
3329
3330static void CheckNonNullArgument(Sema &S,
3331 const Expr *ArgExpr,
3332 SourceLocation CallSiteLoc) {
3333 if (CheckNonNullExpr(S, Expr: ArgExpr))
3334 S.DiagRuntimeBehavior(Loc: CallSiteLoc, Statement: ArgExpr,
3335 PD: S.PDiag(DiagID: diag::warn_null_arg)
3336 << ArgExpr->getSourceRange());
3337}
3338
3339/// Determine whether the given type has a non-null nullability annotation.
3340static bool isNonNullType(QualType type) {
3341 if (auto nullability = type->getNullability())
3342 return *nullability == NullabilityKind::NonNull;
3343
3344 return false;
3345}
3346
3347static void CheckNonNullArguments(Sema &S,
3348 const NamedDecl *FDecl,
3349 const FunctionProtoType *Proto,
3350 ArrayRef<const Expr *> Args,
3351 SourceLocation CallSiteLoc) {
3352 assert((FDecl || Proto) && "Need a function declaration or prototype");
3353
3354 // Already checked by constant evaluator.
3355 if (S.isConstantEvaluatedContext())
3356 return;
3357 // Check the attributes attached to the method/function itself.
3358 llvm::SmallBitVector NonNullArgs;
3359 if (FDecl) {
3360 // Handle the nonnull attribute on the function/method declaration itself.
3361 for (const auto *NonNull : FDecl->specific_attrs<NonNullAttr>()) {
3362 if (!NonNull->args_size()) {
3363 // Easy case: all pointer arguments are nonnull.
3364 for (const auto *Arg : Args)
3365 if (S.isValidPointerAttrType(T: Arg->getType()))
3366 CheckNonNullArgument(S, ArgExpr: Arg, CallSiteLoc);
3367 return;
3368 }
3369
3370 for (const ParamIdx &Idx : NonNull->args()) {
3371 unsigned IdxAST = Idx.getASTIndex();
3372 if (IdxAST >= Args.size())
3373 continue;
3374 if (NonNullArgs.empty())
3375 NonNullArgs.resize(N: Args.size());
3376 NonNullArgs.set(IdxAST);
3377 }
3378 }
3379 }
3380
3381 if (FDecl && (isa<FunctionDecl>(Val: FDecl) || isa<ObjCMethodDecl>(Val: FDecl))) {
3382 // Handle the nonnull attribute on the parameters of the
3383 // function/method.
3384 ArrayRef<ParmVarDecl*> parms;
3385 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(Val: FDecl))
3386 parms = FD->parameters();
3387 else
3388 parms = cast<ObjCMethodDecl>(Val: FDecl)->parameters();
3389
3390 unsigned ParamIndex = 0;
3391 for (ArrayRef<ParmVarDecl*>::iterator I = parms.begin(), E = parms.end();
3392 I != E; ++I, ++ParamIndex) {
3393 const ParmVarDecl *PVD = *I;
3394 if (PVD->hasAttr<NonNullAttr>() || isNonNullType(type: PVD->getType())) {
3395 if (NonNullArgs.empty())
3396 NonNullArgs.resize(N: Args.size());
3397
3398 NonNullArgs.set(ParamIndex);
3399 }
3400 }
3401 } else {
3402 // If we have a non-function, non-method declaration but no
3403 // function prototype, try to dig out the function prototype.
3404 if (!Proto) {
3405 if (const ValueDecl *VD = dyn_cast<ValueDecl>(Val: FDecl)) {
3406 QualType type = VD->getType().getNonReferenceType();
3407 if (auto pointerType = type->getAs<PointerType>())
3408 type = pointerType->getPointeeType();
3409 else if (auto blockType = type->getAs<BlockPointerType>())
3410 type = blockType->getPointeeType();
3411 // FIXME: data member pointers?
3412
3413 // Dig out the function prototype, if there is one.
3414 Proto = type->getAs<FunctionProtoType>();
3415 }
3416 }
3417
3418 // Fill in non-null argument information from the nullability
3419 // information on the parameter types (if we have them).
3420 if (Proto) {
3421 unsigned Index = 0;
3422 for (auto paramType : Proto->getParamTypes()) {
3423 if (isNonNullType(type: paramType)) {
3424 if (NonNullArgs.empty())
3425 NonNullArgs.resize(N: Args.size());
3426
3427 NonNullArgs.set(Index);
3428 }
3429
3430 ++Index;
3431 }
3432 }
3433 }
3434
3435 // Check for non-null arguments.
3436 for (unsigned ArgIndex = 0, ArgIndexEnd = NonNullArgs.size();
3437 ArgIndex != ArgIndexEnd; ++ArgIndex) {
3438 if (NonNullArgs[ArgIndex])
3439 CheckNonNullArgument(S, ArgExpr: Args[ArgIndex], CallSiteLoc: Args[ArgIndex]->getExprLoc());
3440 }
3441}
3442
3443void Sema::CheckArgAlignment(SourceLocation Loc, NamedDecl *FDecl,
3444 StringRef ParamName, QualType ArgTy,
3445 QualType ParamTy) {
3446
3447 // If a function accepts a pointer or reference type
3448 if (!ParamTy->isPointerType() && !ParamTy->isReferenceType())
3449 return;
3450
3451 // If the parameter is a pointer type, get the pointee type for the
3452 // argument too. If the parameter is a reference type, don't try to get
3453 // the pointee type for the argument.
3454 if (ParamTy->isPointerType())
3455 ArgTy = ArgTy->getPointeeType();
3456
3457 // Remove reference or pointer
3458 ParamTy = ParamTy->getPointeeType();
3459
3460 // Find expected alignment, and the actual alignment of the passed object.
3461 // getTypeAlignInChars requires complete types
3462 if (ArgTy.isNull() || ParamTy->isDependentType() ||
3463 ParamTy->isIncompleteType() || ArgTy->isIncompleteType() ||
3464 ParamTy->isUndeducedType() || ArgTy->isUndeducedType())
3465 return;
3466
3467 CharUnits ParamAlign = Context.getTypeAlignInChars(T: ParamTy);
3468 CharUnits ArgAlign = Context.getTypeAlignInChars(T: ArgTy);
3469
3470 // If the argument is less aligned than the parameter, there is a
3471 // potential alignment issue.
3472 if (ArgAlign < ParamAlign)
3473 Diag(Loc, DiagID: diag::warn_param_mismatched_alignment)
3474 << (int)ArgAlign.getQuantity() << (int)ParamAlign.getQuantity()
3475 << ParamName << (FDecl != nullptr) << FDecl;
3476}
3477
3478void Sema::checkLifetimeCaptureBy(FunctionDecl *FD, bool IsMemberFunction,
3479 const Expr *ThisArg,
3480 ArrayRef<const Expr *> Args) {
3481 if (!FD || Args.empty())
3482 return;
3483 auto GetArgAt = [&](int Idx) -> const Expr * {
3484 if (Idx == LifetimeCaptureByAttr::Global ||
3485 Idx == LifetimeCaptureByAttr::Unknown)
3486 return nullptr;
3487 if (IsMemberFunction && Idx == 0)
3488 return ThisArg;
3489 return Args[Idx - IsMemberFunction];
3490 };
3491 auto HandleCaptureByAttr = [&](const LifetimeCaptureByAttr *Attr,
3492 unsigned ArgIdx) {
3493 if (!Attr)
3494 return;
3495
3496 Expr *Captured = const_cast<Expr *>(GetArgAt(ArgIdx));
3497 for (int CapturingParamIdx : Attr->params()) {
3498 // lifetime_capture_by(this) case is handled in the lifetimebound expr
3499 // initialization codepath.
3500 if (CapturingParamIdx == LifetimeCaptureByAttr::This &&
3501 isa<CXXConstructorDecl>(Val: FD))
3502 continue;
3503 Expr *Capturing = const_cast<Expr *>(GetArgAt(CapturingParamIdx));
3504 CapturingEntity CE{.Entity: Capturing};
3505 // Ensure that 'Captured' outlives the 'Capturing' entity.
3506 checkCaptureByLifetime(SemaRef&: *this, Entity: CE, Init: Captured);
3507 }
3508 };
3509 for (unsigned I = 0; I < FD->getNumParams(); ++I)
3510 HandleCaptureByAttr(FD->getParamDecl(i: I)->getAttr<LifetimeCaptureByAttr>(),
3511 I + IsMemberFunction);
3512 // Check when the implicit object param is captured.
3513 if (IsMemberFunction) {
3514 TypeSourceInfo *TSI = FD->getTypeSourceInfo();
3515 if (!TSI)
3516 return;
3517 AttributedTypeLoc ATL;
3518 for (TypeLoc TL = TSI->getTypeLoc();
3519 (ATL = TL.getAsAdjusted<AttributedTypeLoc>());
3520 TL = ATL.getModifiedLoc())
3521 HandleCaptureByAttr(ATL.getAttrAs<LifetimeCaptureByAttr>(), 0);
3522 }
3523}
3524
3525void Sema::checkCall(NamedDecl *FDecl, const FunctionProtoType *Proto,
3526 const Expr *ThisArg, ArrayRef<const Expr *> Args,
3527 bool IsMemberFunction, SourceLocation Loc,
3528 SourceRange Range, VariadicCallType CallType) {
3529 // FIXME: We should check as much as we can in the template definition.
3530 if (CurContext->isDependentContext())
3531 return;
3532
3533 // Printf and scanf checking.
3534 llvm::SmallBitVector CheckedVarArgs;
3535 if (FDecl) {
3536 for (const auto *I : FDecl->specific_attrs<FormatMatchesAttr>()) {
3537 // Only create vector if there are format attributes.
3538 CheckedVarArgs.resize(N: Args.size());
3539 CheckFormatString(Format: I, Args, IsCXXMember: IsMemberFunction, CallType, Loc, Range,
3540 CheckedVarArgs);
3541 }
3542
3543 for (const auto *I : FDecl->specific_attrs<FormatAttr>()) {
3544 CheckedVarArgs.resize(N: Args.size());
3545 CheckFormatArguments(Format: I, Args, IsCXXMember: IsMemberFunction, CallType, Loc, Range,
3546 CheckedVarArgs);
3547 }
3548 }
3549
3550 // Refuse POD arguments that weren't caught by the format string
3551 // checks above.
3552 auto *FD = dyn_cast_or_null<FunctionDecl>(Val: FDecl);
3553 if (CallType != VariadicCallType::DoesNotApply &&
3554 (!FD || FD->getBuiltinID() != Builtin::BI__noop)) {
3555 unsigned NumParams = Proto ? Proto->getNumParams()
3556 : isa_and_nonnull<FunctionDecl>(Val: FDecl)
3557 ? cast<FunctionDecl>(Val: FDecl)->getNumParams()
3558 : isa_and_nonnull<ObjCMethodDecl>(Val: FDecl)
3559 ? cast<ObjCMethodDecl>(Val: FDecl)->param_size()
3560 : 0;
3561
3562 for (unsigned ArgIdx = NumParams; ArgIdx < Args.size(); ++ArgIdx) {
3563 // Args[ArgIdx] can be null in malformed code.
3564 if (const Expr *Arg = Args[ArgIdx]) {
3565 if (CheckedVarArgs.empty() || !CheckedVarArgs[ArgIdx])
3566 checkVariadicArgument(E: Arg, CT: CallType);
3567 }
3568 }
3569 }
3570 if (FD)
3571 checkLifetimeCaptureBy(FD, IsMemberFunction, ThisArg, Args);
3572 if (FDecl || Proto) {
3573 CheckNonNullArguments(S&: *this, FDecl, Proto, Args, CallSiteLoc: Loc);
3574
3575 // Type safety checking.
3576 if (FDecl) {
3577 for (const auto *I : FDecl->specific_attrs<ArgumentWithTypeTagAttr>())
3578 CheckArgumentWithTypeTag(Attr: I, ExprArgs: Args, CallSiteLoc: Loc);
3579 }
3580 }
3581
3582 // Check that passed arguments match the alignment of original arguments.
3583 // Try to get the missing prototype from the declaration.
3584 if (!Proto && FDecl) {
3585 const auto *FT = FDecl->getFunctionType();
3586 if (isa_and_nonnull<FunctionProtoType>(Val: FT))
3587 Proto = cast<FunctionProtoType>(Val: FDecl->getFunctionType());
3588 }
3589 if (Proto) {
3590 // For variadic functions, we may have more args than parameters.
3591 // For some K&R functions, we may have less args than parameters.
3592 const auto N = std::min<unsigned>(a: Proto->getNumParams(), b: Args.size());
3593 bool IsScalableRet = Proto->getReturnType()->isSizelessVectorType();
3594 bool IsScalableArg = false;
3595 for (unsigned ArgIdx = 0; ArgIdx < N; ++ArgIdx) {
3596 // Args[ArgIdx] can be null in malformed code.
3597 if (const Expr *Arg = Args[ArgIdx]) {
3598 if (Arg->containsErrors())
3599 continue;
3600
3601 if (Context.getTargetInfo().getTriple().isOSAIX() && FDecl && Arg &&
3602 FDecl->hasLinkage() &&
3603 FDecl->getFormalLinkage() != Linkage::Internal &&
3604 CallType == VariadicCallType::DoesNotApply)
3605 PPC().checkAIXMemberAlignment(Loc: (Arg->getExprLoc()), Arg);
3606
3607 QualType ParamTy = Proto->getParamType(i: ArgIdx);
3608 if (ParamTy->isSizelessVectorType())
3609 IsScalableArg = true;
3610 QualType ArgTy = Arg->getType();
3611 CheckArgAlignment(Loc: Arg->getExprLoc(), FDecl, ParamName: std::to_string(val: ArgIdx + 1),
3612 ArgTy, ParamTy);
3613 }
3614 }
3615
3616 // If the callee has an AArch64 SME attribute to indicate that it is an
3617 // __arm_streaming function, then the caller requires SME to be available.
3618 FunctionProtoType::ExtProtoInfo ExtInfo = Proto->getExtProtoInfo();
3619 if (ExtInfo.AArch64SMEAttributes & FunctionType::SME_PStateSMEnabledMask) {
3620 if (auto *CallerFD = dyn_cast<FunctionDecl>(Val: CurContext)) {
3621 llvm::StringMap<bool> CallerFeatureMap;
3622 Context.getFunctionFeatureMap(FeatureMap&: CallerFeatureMap, CallerFD);
3623 if (!CallerFeatureMap.contains(Key: "sme"))
3624 Diag(Loc, DiagID: diag::err_sme_call_in_non_sme_target);
3625 } else if (!Context.getTargetInfo().hasFeature(Feature: "sme")) {
3626 Diag(Loc, DiagID: diag::err_sme_call_in_non_sme_target);
3627 }
3628 }
3629
3630 // If the call requires a streaming-mode change and has scalable vector
3631 // arguments or return values, then warn the user that the streaming and
3632 // non-streaming vector lengths may be different.
3633 const auto *CallerFD = dyn_cast<FunctionDecl>(Val: CurContext);
3634 if (CallerFD && (!FD || !FD->getBuiltinID()) &&
3635 (IsScalableArg || IsScalableRet)) {
3636 bool IsCalleeStreaming =
3637 ExtInfo.AArch64SMEAttributes & FunctionType::SME_PStateSMEnabledMask;
3638 bool IsCalleeStreamingCompatible =
3639 ExtInfo.AArch64SMEAttributes &
3640 FunctionType::SME_PStateSMCompatibleMask;
3641 SemaARM::ArmStreamingType CallerFnType = getArmStreamingFnType(FD: CallerFD);
3642 if (!IsCalleeStreamingCompatible &&
3643 (CallerFnType == SemaARM::ArmStreamingCompatible ||
3644 ((CallerFnType == SemaARM::ArmStreaming) ^ IsCalleeStreaming))) {
3645 if (IsScalableArg)
3646 Diag(Loc, DiagID: diag::warn_sme_streaming_pass_return_vl_to_non_streaming)
3647 << /*IsArg=*/true;
3648 if (IsScalableRet)
3649 Diag(Loc, DiagID: diag::warn_sme_streaming_pass_return_vl_to_non_streaming)
3650 << /*IsArg=*/false;
3651 }
3652 }
3653
3654 FunctionType::ArmStateValue CalleeArmZAState =
3655 FunctionType::getArmZAState(AttrBits: ExtInfo.AArch64SMEAttributes);
3656 FunctionType::ArmStateValue CalleeArmZT0State =
3657 FunctionType::getArmZT0State(AttrBits: ExtInfo.AArch64SMEAttributes);
3658 if (CalleeArmZAState != FunctionType::ARM_None ||
3659 CalleeArmZT0State != FunctionType::ARM_None) {
3660 bool CallerHasZAState = false;
3661 bool CallerHasZT0State = false;
3662 if (CallerFD) {
3663 auto *Attr = CallerFD->getAttr<ArmNewAttr>();
3664 if (Attr && Attr->isNewZA())
3665 CallerHasZAState = true;
3666 if (Attr && Attr->isNewZT0())
3667 CallerHasZT0State = true;
3668 if (const auto *FPT = CallerFD->getType()->getAs<FunctionProtoType>()) {
3669 CallerHasZAState |=
3670 FunctionType::getArmZAState(
3671 AttrBits: FPT->getExtProtoInfo().AArch64SMEAttributes) !=
3672 FunctionType::ARM_None;
3673 CallerHasZT0State |=
3674 FunctionType::getArmZT0State(
3675 AttrBits: FPT->getExtProtoInfo().AArch64SMEAttributes) !=
3676 FunctionType::ARM_None;
3677 }
3678 }
3679
3680 if (CalleeArmZAState != FunctionType::ARM_None && !CallerHasZAState)
3681 Diag(Loc, DiagID: diag::err_sme_za_call_no_za_state);
3682
3683 if (CalleeArmZT0State != FunctionType::ARM_None && !CallerHasZT0State)
3684 Diag(Loc, DiagID: diag::err_sme_zt0_call_no_zt0_state);
3685
3686 if (CallerHasZAState && CalleeArmZAState == FunctionType::ARM_None &&
3687 CalleeArmZT0State != FunctionType::ARM_None) {
3688 Diag(Loc, DiagID: diag::err_sme_unimplemented_za_save_restore);
3689 Diag(Loc, DiagID: diag::note_sme_use_preserves_za);
3690 }
3691 }
3692 }
3693
3694 if (FDecl && FDecl->hasAttr<AllocAlignAttr>()) {
3695 auto *AA = FDecl->getAttr<AllocAlignAttr>();
3696 const Expr *Arg = Args[AA->getParamIndex().getASTIndex()];
3697 if (!Arg->isValueDependent()) {
3698 Expr::EvalResult Align;
3699 if (Arg->EvaluateAsInt(Result&: Align, Ctx: Context)) {
3700 const llvm::APSInt &I = Align.Val.getInt();
3701 if (!I.isPowerOf2())
3702 Diag(Loc: Arg->getExprLoc(), DiagID: diag::warn_alignment_not_power_of_two)
3703 << Arg->getSourceRange();
3704
3705 if (I > Sema::MaximumAlignment)
3706 Diag(Loc: Arg->getExprLoc(), DiagID: diag::warn_assume_aligned_too_great)
3707 << Arg->getSourceRange() << Sema::MaximumAlignment;
3708 }
3709 }
3710 }
3711
3712 if (FD)
3713 diagnoseArgDependentDiagnoseIfAttrs(Function: FD, ThisArg, Args, Loc);
3714}
3715
3716void Sema::CheckConstrainedAuto(const AutoType *AutoT, SourceLocation Loc) {
3717 if (ConceptDecl *Decl = AutoT->getTypeConstraintConcept()) {
3718 DiagnoseUseOfDecl(D: Decl, Locs: Loc);
3719 }
3720}
3721
3722void Sema::CheckConstructorCall(FunctionDecl *FDecl, QualType ThisType,
3723 ArrayRef<const Expr *> Args,
3724 const FunctionProtoType *Proto,
3725 SourceLocation Loc) {
3726 VariadicCallType CallType = Proto->isVariadic()
3727 ? VariadicCallType::Constructor
3728 : VariadicCallType::DoesNotApply;
3729
3730 auto *Ctor = cast<CXXConstructorDecl>(Val: FDecl);
3731 CheckArgAlignment(
3732 Loc, FDecl, ParamName: "'this'", ArgTy: Context.getPointerType(T: ThisType),
3733 ParamTy: Context.getPointerType(T: Ctor->getFunctionObjectParameterType()));
3734
3735 checkCall(FDecl, Proto, /*ThisArg=*/nullptr, Args, /*IsMemberFunction=*/true,
3736 Loc, Range: SourceRange(), CallType);
3737}
3738
3739bool Sema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCall,
3740 const FunctionProtoType *Proto) {
3741 bool IsMemberOperatorCall = isa<CXXOperatorCallExpr>(Val: TheCall) &&
3742 isa<CXXMethodDecl>(Val: FDecl);
3743 bool IsMemberFunction = isa<CXXMemberCallExpr>(Val: TheCall) ||
3744 IsMemberOperatorCall;
3745 VariadicCallType CallType = getVariadicCallType(FDecl, Proto,
3746 Fn: TheCall->getCallee());
3747 Expr** Args = TheCall->getArgs();
3748 unsigned NumArgs = TheCall->getNumArgs();
3749
3750 Expr *ImplicitThis = nullptr;
3751 if (IsMemberOperatorCall && !FDecl->hasCXXExplicitFunctionObjectParameter()) {
3752 // If this is a call to a member operator, hide the first
3753 // argument from checkCall.
3754 // FIXME: Our choice of AST representation here is less than ideal.
3755 ImplicitThis = Args[0];
3756 ++Args;
3757 --NumArgs;
3758 } else if (IsMemberFunction && !FDecl->isStatic() &&
3759 !FDecl->hasCXXExplicitFunctionObjectParameter())
3760 ImplicitThis =
3761 cast<CXXMemberCallExpr>(Val: TheCall)->getImplicitObjectArgument();
3762
3763 if (ImplicitThis) {
3764 // ImplicitThis may or may not be a pointer, depending on whether . or -> is
3765 // used.
3766 QualType ThisType = ImplicitThis->getType();
3767 if (!ThisType->isPointerType()) {
3768 assert(!ThisType->isReferenceType());
3769 ThisType = Context.getPointerType(T: ThisType);
3770 }
3771
3772 QualType ThisTypeFromDecl = Context.getPointerType(
3773 T: cast<CXXMethodDecl>(Val: FDecl)->getFunctionObjectParameterType());
3774
3775 CheckArgAlignment(Loc: TheCall->getRParenLoc(), FDecl, ParamName: "'this'", ArgTy: ThisType,
3776 ParamTy: ThisTypeFromDecl);
3777 }
3778
3779 checkCall(FDecl, Proto, ThisArg: ImplicitThis, Args: llvm::ArrayRef(Args, NumArgs),
3780 IsMemberFunction, Loc: TheCall->getRParenLoc(),
3781 Range: TheCall->getCallee()->getSourceRange(), CallType);
3782
3783 IdentifierInfo *FnInfo = FDecl->getIdentifier();
3784 // None of the checks below are needed for functions that don't have
3785 // simple names (e.g., C++ conversion functions).
3786 if (!FnInfo)
3787 return false;
3788
3789 // Enforce TCB except for builtin calls, which are always allowed.
3790 if (FDecl->getBuiltinID() == 0)
3791 CheckTCBEnforcement(CallExprLoc: TheCall->getExprLoc(), Callee: FDecl);
3792
3793 CheckAbsoluteValueFunction(Call: TheCall, FDecl);
3794 CheckMaxUnsignedZero(Call: TheCall, FDecl);
3795 CheckInfNaNFunction(Call: TheCall, FDecl);
3796
3797 if (getLangOpts().ObjC)
3798 ObjC().DiagnoseCStringFormatDirectiveInCFAPI(FDecl, Args, NumArgs);
3799
3800 unsigned CMId = FDecl->getMemoryFunctionKind();
3801
3802 // Handle memory setting and copying functions.
3803 switch (CMId) {
3804 case 0:
3805 return false;
3806 case Builtin::BIstrlcpy: // fallthrough
3807 case Builtin::BIstrlcat:
3808 CheckStrlcpycatArguments(Call: TheCall, FnName: FnInfo);
3809 break;
3810 case Builtin::BIstrncat:
3811 CheckStrncatArguments(Call: TheCall, FnName: FnInfo);
3812 break;
3813 case Builtin::BIfree:
3814 CheckFreeArguments(E: TheCall);
3815 break;
3816 default:
3817 CheckMemaccessArguments(Call: TheCall, BId: CMId, FnName: FnInfo);
3818 }
3819
3820 return false;
3821}
3822
3823bool Sema::CheckPointerCall(NamedDecl *NDecl, CallExpr *TheCall,
3824 const FunctionProtoType *Proto) {
3825 QualType Ty;
3826 if (const auto *V = dyn_cast<VarDecl>(Val: NDecl))
3827 Ty = V->getType().getNonReferenceType();
3828 else if (const auto *F = dyn_cast<FieldDecl>(Val: NDecl))
3829 Ty = F->getType().getNonReferenceType();
3830 else
3831 return false;
3832
3833 if (!Ty->isBlockPointerType() && !Ty->isFunctionPointerType() &&
3834 !Ty->isFunctionProtoType())
3835 return false;
3836
3837 VariadicCallType CallType;
3838 if (!Proto || !Proto->isVariadic()) {
3839 CallType = VariadicCallType::DoesNotApply;
3840 } else if (Ty->isBlockPointerType()) {
3841 CallType = VariadicCallType::Block;
3842 } else { // Ty->isFunctionPointerType()
3843 CallType = VariadicCallType::Function;
3844 }
3845
3846 checkCall(FDecl: NDecl, Proto, /*ThisArg=*/nullptr,
3847 Args: llvm::ArrayRef(TheCall->getArgs(), TheCall->getNumArgs()),
3848 /*IsMemberFunction=*/false, Loc: TheCall->getRParenLoc(),
3849 Range: TheCall->getCallee()->getSourceRange(), CallType);
3850
3851 return false;
3852}
3853
3854bool Sema::CheckOtherCall(CallExpr *TheCall, const FunctionProtoType *Proto) {
3855 VariadicCallType CallType = getVariadicCallType(/*FDecl=*/nullptr, Proto,
3856 Fn: TheCall->getCallee());
3857 checkCall(/*FDecl=*/nullptr, Proto, /*ThisArg=*/nullptr,
3858 Args: llvm::ArrayRef(TheCall->getArgs(), TheCall->getNumArgs()),
3859 /*IsMemberFunction=*/false, Loc: TheCall->getRParenLoc(),
3860 Range: TheCall->getCallee()->getSourceRange(), CallType);
3861
3862 return false;
3863}
3864
3865static bool isValidOrderingForOp(int64_t Ordering, AtomicExpr::AtomicOp Op) {
3866 if (!llvm::isValidAtomicOrderingCABI(I: Ordering))
3867 return false;
3868
3869 auto OrderingCABI = (llvm::AtomicOrderingCABI)Ordering;
3870 switch (Op) {
3871 case AtomicExpr::AO__c11_atomic_init:
3872 case AtomicExpr::AO__opencl_atomic_init:
3873 llvm_unreachable("There is no ordering argument for an init");
3874
3875 case AtomicExpr::AO__c11_atomic_load:
3876 case AtomicExpr::AO__opencl_atomic_load:
3877 case AtomicExpr::AO__hip_atomic_load:
3878 case AtomicExpr::AO__atomic_load_n:
3879 case AtomicExpr::AO__atomic_load:
3880 case AtomicExpr::AO__scoped_atomic_load_n:
3881 case AtomicExpr::AO__scoped_atomic_load:
3882 return OrderingCABI != llvm::AtomicOrderingCABI::release &&
3883 OrderingCABI != llvm::AtomicOrderingCABI::acq_rel;
3884
3885 case AtomicExpr::AO__c11_atomic_store:
3886 case AtomicExpr::AO__opencl_atomic_store:
3887 case AtomicExpr::AO__hip_atomic_store:
3888 case AtomicExpr::AO__atomic_store:
3889 case AtomicExpr::AO__atomic_store_n:
3890 case AtomicExpr::AO__scoped_atomic_store:
3891 case AtomicExpr::AO__scoped_atomic_store_n:
3892 case AtomicExpr::AO__atomic_clear:
3893 return OrderingCABI != llvm::AtomicOrderingCABI::consume &&
3894 OrderingCABI != llvm::AtomicOrderingCABI::acquire &&
3895 OrderingCABI != llvm::AtomicOrderingCABI::acq_rel;
3896
3897 default:
3898 return true;
3899 }
3900}
3901
3902ExprResult Sema::AtomicOpsOverloaded(ExprResult TheCallResult,
3903 AtomicExpr::AtomicOp Op) {
3904 CallExpr *TheCall = cast<CallExpr>(Val: TheCallResult.get());
3905 DeclRefExpr *DRE =cast<DeclRefExpr>(Val: TheCall->getCallee()->IgnoreParenCasts());
3906 MultiExprArg Args{TheCall->getArgs(), TheCall->getNumArgs()};
3907 return BuildAtomicExpr(CallRange: {TheCall->getBeginLoc(), TheCall->getEndLoc()},
3908 ExprRange: DRE->getSourceRange(), RParenLoc: TheCall->getRParenLoc(), Args,
3909 Op);
3910}
3911
3912ExprResult Sema::BuildAtomicExpr(SourceRange CallRange, SourceRange ExprRange,
3913 SourceLocation RParenLoc, MultiExprArg Args,
3914 AtomicExpr::AtomicOp Op,
3915 AtomicArgumentOrder ArgOrder) {
3916 // All the non-OpenCL operations take one of the following forms.
3917 // The OpenCL operations take the __c11 forms with one extra argument for
3918 // synchronization scope.
3919 enum {
3920 // C __c11_atomic_init(A *, C)
3921 Init,
3922
3923 // C __c11_atomic_load(A *, int)
3924 Load,
3925
3926 // void __atomic_load(A *, CP, int)
3927 LoadCopy,
3928
3929 // void __atomic_store(A *, CP, int)
3930 Copy,
3931
3932 // C __c11_atomic_add(A *, M, int)
3933 Arithmetic,
3934
3935 // C __atomic_exchange_n(A *, CP, int)
3936 Xchg,
3937
3938 // void __atomic_exchange(A *, C *, CP, int)
3939 GNUXchg,
3940
3941 // bool __c11_atomic_compare_exchange_strong(A *, C *, CP, int, int)
3942 C11CmpXchg,
3943
3944 // bool __atomic_compare_exchange(A *, C *, CP, bool, int, int)
3945 GNUCmpXchg,
3946
3947 // bool __atomic_test_and_set(A *, int)
3948 TestAndSetByte,
3949
3950 // void __atomic_clear(A *, int)
3951 ClearByte,
3952 } Form = Init;
3953
3954 const unsigned NumForm = ClearByte + 1;
3955 const unsigned NumArgs[] = {2, 2, 3, 3, 3, 3, 4, 5, 6, 2, 2};
3956 const unsigned NumVals[] = {1, 0, 1, 1, 1, 1, 2, 2, 3, 0, 0};
3957 // where:
3958 // C is an appropriate type,
3959 // A is volatile _Atomic(C) for __c11 builtins and is C for GNU builtins,
3960 // CP is C for __c11 builtins and GNU _n builtins and is C * otherwise,
3961 // M is C if C is an integer, and ptrdiff_t if C is a pointer, and
3962 // the int parameters are for orderings.
3963
3964 static_assert(sizeof(NumArgs)/sizeof(NumArgs[0]) == NumForm
3965 && sizeof(NumVals)/sizeof(NumVals[0]) == NumForm,
3966 "need to update code for modified forms");
3967 static_assert(AtomicExpr::AO__atomic_add_fetch == 0 &&
3968 AtomicExpr::AO__atomic_xor_fetch + 1 ==
3969 AtomicExpr::AO__c11_atomic_compare_exchange_strong,
3970 "need to update code for modified C11 atomics");
3971 bool IsOpenCL = Op >= AtomicExpr::AO__opencl_atomic_compare_exchange_strong &&
3972 Op <= AtomicExpr::AO__opencl_atomic_store;
3973 bool IsHIP = Op >= AtomicExpr::AO__hip_atomic_compare_exchange_strong &&
3974 Op <= AtomicExpr::AO__hip_atomic_store;
3975 bool IsScoped = Op >= AtomicExpr::AO__scoped_atomic_add_fetch &&
3976 Op <= AtomicExpr::AO__scoped_atomic_xor_fetch;
3977 bool IsC11 = (Op >= AtomicExpr::AO__c11_atomic_compare_exchange_strong &&
3978 Op <= AtomicExpr::AO__c11_atomic_store) ||
3979 IsOpenCL;
3980 bool IsN = Op == AtomicExpr::AO__atomic_load_n ||
3981 Op == AtomicExpr::AO__atomic_store_n ||
3982 Op == AtomicExpr::AO__atomic_exchange_n ||
3983 Op == AtomicExpr::AO__atomic_compare_exchange_n ||
3984 Op == AtomicExpr::AO__scoped_atomic_load_n ||
3985 Op == AtomicExpr::AO__scoped_atomic_store_n ||
3986 Op == AtomicExpr::AO__scoped_atomic_exchange_n ||
3987 Op == AtomicExpr::AO__scoped_atomic_compare_exchange_n;
3988 // Bit mask for extra allowed value types other than integers for atomic
3989 // arithmetic operations. Add/sub allow pointer and floating point. Min/max
3990 // allow floating point.
3991 enum ArithOpExtraValueType {
3992 AOEVT_None = 0,
3993 AOEVT_Pointer = 1,
3994 AOEVT_FP = 2,
3995 };
3996 unsigned ArithAllows = AOEVT_None;
3997
3998 switch (Op) {
3999 case AtomicExpr::AO__c11_atomic_init:
4000 case AtomicExpr::AO__opencl_atomic_init:
4001 Form = Init;
4002 break;
4003
4004 case AtomicExpr::AO__c11_atomic_load:
4005 case AtomicExpr::AO__opencl_atomic_load:
4006 case AtomicExpr::AO__hip_atomic_load:
4007 case AtomicExpr::AO__atomic_load_n:
4008 case AtomicExpr::AO__scoped_atomic_load_n:
4009 Form = Load;
4010 break;
4011
4012 case AtomicExpr::AO__atomic_load:
4013 case AtomicExpr::AO__scoped_atomic_load:
4014 Form = LoadCopy;
4015 break;
4016
4017 case AtomicExpr::AO__c11_atomic_store:
4018 case AtomicExpr::AO__opencl_atomic_store:
4019 case AtomicExpr::AO__hip_atomic_store:
4020 case AtomicExpr::AO__atomic_store:
4021 case AtomicExpr::AO__atomic_store_n:
4022 case AtomicExpr::AO__scoped_atomic_store:
4023 case AtomicExpr::AO__scoped_atomic_store_n:
4024 Form = Copy;
4025 break;
4026 case AtomicExpr::AO__atomic_fetch_add:
4027 case AtomicExpr::AO__atomic_fetch_sub:
4028 case AtomicExpr::AO__atomic_add_fetch:
4029 case AtomicExpr::AO__atomic_sub_fetch:
4030 case AtomicExpr::AO__scoped_atomic_fetch_add:
4031 case AtomicExpr::AO__scoped_atomic_fetch_sub:
4032 case AtomicExpr::AO__scoped_atomic_add_fetch:
4033 case AtomicExpr::AO__scoped_atomic_sub_fetch:
4034 case AtomicExpr::AO__c11_atomic_fetch_add:
4035 case AtomicExpr::AO__c11_atomic_fetch_sub:
4036 case AtomicExpr::AO__opencl_atomic_fetch_add:
4037 case AtomicExpr::AO__opencl_atomic_fetch_sub:
4038 case AtomicExpr::AO__hip_atomic_fetch_add:
4039 case AtomicExpr::AO__hip_atomic_fetch_sub:
4040 ArithAllows = AOEVT_Pointer | AOEVT_FP;
4041 Form = Arithmetic;
4042 break;
4043 case AtomicExpr::AO__atomic_fetch_max:
4044 case AtomicExpr::AO__atomic_fetch_min:
4045 case AtomicExpr::AO__atomic_max_fetch:
4046 case AtomicExpr::AO__atomic_min_fetch:
4047 case AtomicExpr::AO__scoped_atomic_fetch_max:
4048 case AtomicExpr::AO__scoped_atomic_fetch_min:
4049 case AtomicExpr::AO__scoped_atomic_max_fetch:
4050 case AtomicExpr::AO__scoped_atomic_min_fetch:
4051 case AtomicExpr::AO__c11_atomic_fetch_max:
4052 case AtomicExpr::AO__c11_atomic_fetch_min:
4053 case AtomicExpr::AO__opencl_atomic_fetch_max:
4054 case AtomicExpr::AO__opencl_atomic_fetch_min:
4055 case AtomicExpr::AO__hip_atomic_fetch_max:
4056 case AtomicExpr::AO__hip_atomic_fetch_min:
4057 ArithAllows = AOEVT_FP;
4058 Form = Arithmetic;
4059 break;
4060 case AtomicExpr::AO__c11_atomic_fetch_and:
4061 case AtomicExpr::AO__c11_atomic_fetch_or:
4062 case AtomicExpr::AO__c11_atomic_fetch_xor:
4063 case AtomicExpr::AO__hip_atomic_fetch_and:
4064 case AtomicExpr::AO__hip_atomic_fetch_or:
4065 case AtomicExpr::AO__hip_atomic_fetch_xor:
4066 case AtomicExpr::AO__c11_atomic_fetch_nand:
4067 case AtomicExpr::AO__opencl_atomic_fetch_and:
4068 case AtomicExpr::AO__opencl_atomic_fetch_or:
4069 case AtomicExpr::AO__opencl_atomic_fetch_xor:
4070 case AtomicExpr::AO__atomic_fetch_and:
4071 case AtomicExpr::AO__atomic_fetch_or:
4072 case AtomicExpr::AO__atomic_fetch_xor:
4073 case AtomicExpr::AO__atomic_fetch_nand:
4074 case AtomicExpr::AO__atomic_and_fetch:
4075 case AtomicExpr::AO__atomic_or_fetch:
4076 case AtomicExpr::AO__atomic_xor_fetch:
4077 case AtomicExpr::AO__atomic_nand_fetch:
4078 case AtomicExpr::AO__scoped_atomic_fetch_and:
4079 case AtomicExpr::AO__scoped_atomic_fetch_or:
4080 case AtomicExpr::AO__scoped_atomic_fetch_xor:
4081 case AtomicExpr::AO__scoped_atomic_fetch_nand:
4082 case AtomicExpr::AO__scoped_atomic_and_fetch:
4083 case AtomicExpr::AO__scoped_atomic_or_fetch:
4084 case AtomicExpr::AO__scoped_atomic_xor_fetch:
4085 case AtomicExpr::AO__scoped_atomic_nand_fetch:
4086 Form = Arithmetic;
4087 break;
4088
4089 case AtomicExpr::AO__c11_atomic_exchange:
4090 case AtomicExpr::AO__hip_atomic_exchange:
4091 case AtomicExpr::AO__opencl_atomic_exchange:
4092 case AtomicExpr::AO__atomic_exchange_n:
4093 case AtomicExpr::AO__scoped_atomic_exchange_n:
4094 Form = Xchg;
4095 break;
4096
4097 case AtomicExpr::AO__atomic_exchange:
4098 case AtomicExpr::AO__scoped_atomic_exchange:
4099 Form = GNUXchg;
4100 break;
4101
4102 case AtomicExpr::AO__c11_atomic_compare_exchange_strong:
4103 case AtomicExpr::AO__c11_atomic_compare_exchange_weak:
4104 case AtomicExpr::AO__hip_atomic_compare_exchange_strong:
4105 case AtomicExpr::AO__opencl_atomic_compare_exchange_strong:
4106 case AtomicExpr::AO__opencl_atomic_compare_exchange_weak:
4107 case AtomicExpr::AO__hip_atomic_compare_exchange_weak:
4108 Form = C11CmpXchg;
4109 break;
4110
4111 case AtomicExpr::AO__atomic_compare_exchange:
4112 case AtomicExpr::AO__atomic_compare_exchange_n:
4113 case AtomicExpr::AO__scoped_atomic_compare_exchange:
4114 case AtomicExpr::AO__scoped_atomic_compare_exchange_n:
4115 Form = GNUCmpXchg;
4116 break;
4117
4118 case AtomicExpr::AO__atomic_test_and_set:
4119 Form = TestAndSetByte;
4120 break;
4121
4122 case AtomicExpr::AO__atomic_clear:
4123 Form = ClearByte;
4124 break;
4125 }
4126
4127 unsigned AdjustedNumArgs = NumArgs[Form];
4128 if ((IsOpenCL || IsHIP || IsScoped) &&
4129 Op != AtomicExpr::AO__opencl_atomic_init)
4130 ++AdjustedNumArgs;
4131 // Check we have the right number of arguments.
4132 if (Args.size() < AdjustedNumArgs) {
4133 Diag(Loc: CallRange.getEnd(), DiagID: diag::err_typecheck_call_too_few_args)
4134 << 0 << AdjustedNumArgs << static_cast<unsigned>(Args.size())
4135 << /*is non object*/ 0 << ExprRange;
4136 return ExprError();
4137 } else if (Args.size() > AdjustedNumArgs) {
4138 Diag(Loc: Args[AdjustedNumArgs]->getBeginLoc(),
4139 DiagID: diag::err_typecheck_call_too_many_args)
4140 << 0 << AdjustedNumArgs << static_cast<unsigned>(Args.size())
4141 << /*is non object*/ 0 << ExprRange;
4142 return ExprError();
4143 }
4144
4145 // Inspect the first argument of the atomic operation.
4146 Expr *Ptr = Args[0];
4147 ExprResult ConvertedPtr = DefaultFunctionArrayLvalueConversion(E: Ptr);
4148 if (ConvertedPtr.isInvalid())
4149 return ExprError();
4150
4151 Ptr = ConvertedPtr.get();
4152 const PointerType *pointerType = Ptr->getType()->getAs<PointerType>();
4153 if (!pointerType) {
4154 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_atomic_builtin_must_be_pointer)
4155 << Ptr->getType() << 0 << Ptr->getSourceRange();
4156 return ExprError();
4157 }
4158
4159 // For a __c11 builtin, this should be a pointer to an _Atomic type.
4160 QualType AtomTy = pointerType->getPointeeType(); // 'A'
4161 QualType ValType = AtomTy; // 'C'
4162 if (IsC11) {
4163 if (!AtomTy->isAtomicType()) {
4164 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_atomic_op_needs_atomic)
4165 << Ptr->getType() << Ptr->getSourceRange();
4166 return ExprError();
4167 }
4168 if ((Form != Load && Form != LoadCopy && AtomTy.isConstQualified()) ||
4169 AtomTy.getAddressSpace() == LangAS::opencl_constant) {
4170 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_atomic_op_needs_non_const_atomic)
4171 << (AtomTy.isConstQualified() ? 0 : 1) << Ptr->getType()
4172 << Ptr->getSourceRange();
4173 return ExprError();
4174 }
4175 ValType = AtomTy->castAs<AtomicType>()->getValueType();
4176 } else if (Form != Load && Form != LoadCopy) {
4177 if (ValType.isConstQualified()) {
4178 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_atomic_op_needs_non_const_pointer)
4179 << Ptr->getType() << Ptr->getSourceRange();
4180 return ExprError();
4181 }
4182 }
4183
4184 if (Form != TestAndSetByte && Form != ClearByte) {
4185 // Pointer to object of size zero is not allowed.
4186 if (RequireCompleteType(Loc: Ptr->getBeginLoc(), T: AtomTy,
4187 DiagID: diag::err_incomplete_type))
4188 return ExprError();
4189
4190 if (Context.getTypeInfoInChars(T: AtomTy).Width.isZero()) {
4191 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_atomic_builtin_must_be_pointer)
4192 << Ptr->getType() << 1 << Ptr->getSourceRange();
4193 return ExprError();
4194 }
4195 } else {
4196 // The __atomic_clear and __atomic_test_and_set intrinsics accept any
4197 // non-const pointer type, including void* and pointers to incomplete
4198 // structs, but only access the first byte.
4199 AtomTy = Context.CharTy;
4200 AtomTy = AtomTy.withCVRQualifiers(
4201 CVR: pointerType->getPointeeType().getCVRQualifiers());
4202 QualType PointerQT = Context.getPointerType(T: AtomTy);
4203 pointerType = PointerQT->getAs<PointerType>();
4204 Ptr = ImpCastExprToType(E: Ptr, Type: PointerQT, CK: CK_BitCast).get();
4205 ValType = AtomTy;
4206 }
4207
4208 PointerAuthQualifier PointerAuth = AtomTy.getPointerAuth();
4209 if (PointerAuth && PointerAuth.isAddressDiscriminated()) {
4210 Diag(Loc: ExprRange.getBegin(),
4211 DiagID: diag::err_atomic_op_needs_non_address_discriminated_pointer)
4212 << 0 << Ptr->getType() << Ptr->getSourceRange();
4213 return ExprError();
4214 }
4215
4216 // For an arithmetic operation, the implied arithmetic must be well-formed.
4217 if (Form == Arithmetic) {
4218 // GCC does not enforce these rules for GNU atomics, but we do to help catch
4219 // trivial type errors.
4220 auto IsAllowedValueType = [&](QualType ValType,
4221 unsigned AllowedType) -> bool {
4222 if (ValType->isIntegerType())
4223 return true;
4224 if (ValType->isPointerType())
4225 return AllowedType & AOEVT_Pointer;
4226 if (!(ValType->isFloatingType() && (AllowedType & AOEVT_FP)))
4227 return false;
4228 // LLVM Parser does not allow atomicrmw with x86_fp80 type.
4229 if (ValType->isSpecificBuiltinType(K: BuiltinType::LongDouble) &&
4230 &Context.getTargetInfo().getLongDoubleFormat() ==
4231 &llvm::APFloat::x87DoubleExtended())
4232 return false;
4233 return true;
4234 };
4235 if (!IsAllowedValueType(ValType, ArithAllows)) {
4236 auto DID = ArithAllows & AOEVT_FP
4237 ? (ArithAllows & AOEVT_Pointer
4238 ? diag::err_atomic_op_needs_atomic_int_ptr_or_fp
4239 : diag::err_atomic_op_needs_atomic_int_or_fp)
4240 : diag::err_atomic_op_needs_atomic_int;
4241 Diag(Loc: ExprRange.getBegin(), DiagID: DID)
4242 << IsC11 << Ptr->getType() << Ptr->getSourceRange();
4243 return ExprError();
4244 }
4245 if (IsC11 && ValType->isPointerType() &&
4246 RequireCompleteType(Loc: Ptr->getBeginLoc(), T: ValType->getPointeeType(),
4247 DiagID: diag::err_incomplete_type)) {
4248 return ExprError();
4249 }
4250 } else if (IsN && !ValType->isIntegerType() && !ValType->isPointerType()) {
4251 // For __atomic_*_n operations, the value type must be a scalar integral or
4252 // pointer type which is 1, 2, 4, 8 or 16 bytes in length.
4253 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_atomic_op_needs_atomic_int_or_ptr)
4254 << IsC11 << Ptr->getType() << Ptr->getSourceRange();
4255 return ExprError();
4256 }
4257
4258 if (!IsC11 && !AtomTy.isTriviallyCopyableType(Context) &&
4259 !AtomTy->isScalarType()) {
4260 // For GNU atomics, require a trivially-copyable type. This is not part of
4261 // the GNU atomics specification but we enforce it for consistency with
4262 // other atomics which generally all require a trivially-copyable type. This
4263 // is because atomics just copy bits.
4264 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_atomic_op_needs_trivial_copy)
4265 << Ptr->getType() << Ptr->getSourceRange();
4266 return ExprError();
4267 }
4268
4269 switch (ValType.getObjCLifetime()) {
4270 case Qualifiers::OCL_None:
4271 case Qualifiers::OCL_ExplicitNone:
4272 // okay
4273 break;
4274
4275 case Qualifiers::OCL_Weak:
4276 case Qualifiers::OCL_Strong:
4277 case Qualifiers::OCL_Autoreleasing:
4278 // FIXME: Can this happen? By this point, ValType should be known
4279 // to be trivially copyable.
4280 Diag(Loc: ExprRange.getBegin(), DiagID: diag::err_arc_atomic_ownership)
4281 << ValType << Ptr->getSourceRange();
4282 return ExprError();
4283 }
4284
4285 // All atomic operations have an overload which takes a pointer to a volatile
4286 // 'A'. We shouldn't let the volatile-ness of the pointee-type inject itself
4287 // into the result or the other operands. Similarly atomic_load takes a
4288 // pointer to a const 'A'.
4289 ValType.removeLocalVolatile();
4290 ValType.removeLocalConst();
4291 QualType ResultType = ValType;
4292 if (Form == Copy || Form == LoadCopy || Form == GNUXchg || Form == Init ||
4293 Form == ClearByte)
4294 ResultType = Context.VoidTy;
4295 else if (Form == C11CmpXchg || Form == GNUCmpXchg || Form == TestAndSetByte)
4296 ResultType = Context.BoolTy;
4297
4298 // The type of a parameter passed 'by value'. In the GNU atomics, such
4299 // arguments are actually passed as pointers.
4300 QualType ByValType = ValType; // 'CP'
4301 bool IsPassedByAddress = false;
4302 if (!IsC11 && !IsHIP && !IsN) {
4303 ByValType = Ptr->getType();
4304 IsPassedByAddress = true;
4305 }
4306
4307 SmallVector<Expr *, 5> APIOrderedArgs;
4308 if (ArgOrder == Sema::AtomicArgumentOrder::AST) {
4309 APIOrderedArgs.push_back(Elt: Args[0]);
4310 switch (Form) {
4311 case Init:
4312 case Load:
4313 APIOrderedArgs.push_back(Elt: Args[1]); // Val1/Order
4314 break;
4315 case LoadCopy:
4316 case Copy:
4317 case Arithmetic:
4318 case Xchg:
4319 APIOrderedArgs.push_back(Elt: Args[2]); // Val1
4320 APIOrderedArgs.push_back(Elt: Args[1]); // Order
4321 break;
4322 case GNUXchg:
4323 APIOrderedArgs.push_back(Elt: Args[2]); // Val1
4324 APIOrderedArgs.push_back(Elt: Args[3]); // Val2
4325 APIOrderedArgs.push_back(Elt: Args[1]); // Order
4326 break;
4327 case C11CmpXchg:
4328 APIOrderedArgs.push_back(Elt: Args[2]); // Val1
4329 APIOrderedArgs.push_back(Elt: Args[4]); // Val2
4330 APIOrderedArgs.push_back(Elt: Args[1]); // Order
4331 APIOrderedArgs.push_back(Elt: Args[3]); // OrderFail
4332 break;
4333 case GNUCmpXchg:
4334 APIOrderedArgs.push_back(Elt: Args[2]); // Val1
4335 APIOrderedArgs.push_back(Elt: Args[4]); // Val2
4336 APIOrderedArgs.push_back(Elt: Args[5]); // Weak
4337 APIOrderedArgs.push_back(Elt: Args[1]); // Order
4338 APIOrderedArgs.push_back(Elt: Args[3]); // OrderFail
4339 break;
4340 case TestAndSetByte:
4341 case ClearByte:
4342 APIOrderedArgs.push_back(Elt: Args[1]); // Order
4343 break;
4344 }
4345 } else
4346 APIOrderedArgs.append(in_start: Args.begin(), in_end: Args.end());
4347
4348 // The first argument's non-CV pointer type is used to deduce the type of
4349 // subsequent arguments, except for:
4350 // - weak flag (always converted to bool)
4351 // - memory order (always converted to int)
4352 // - scope (always converted to int)
4353 for (unsigned i = 0; i != APIOrderedArgs.size(); ++i) {
4354 QualType Ty;
4355 if (i < NumVals[Form] + 1) {
4356 switch (i) {
4357 case 0:
4358 // The first argument is always a pointer. It has a fixed type.
4359 // It is always dereferenced, a nullptr is undefined.
4360 CheckNonNullArgument(S&: *this, ArgExpr: APIOrderedArgs[i], CallSiteLoc: ExprRange.getBegin());
4361 // Nothing else to do: we already know all we want about this pointer.
4362 continue;
4363 case 1:
4364 // The second argument is the non-atomic operand. For arithmetic, this
4365 // is always passed by value, and for a compare_exchange it is always
4366 // passed by address. For the rest, GNU uses by-address and C11 uses
4367 // by-value.
4368 assert(Form != Load);
4369 if (Form == Arithmetic && ValType->isPointerType())
4370 Ty = Context.getPointerDiffType();
4371 else if (Form == Init || Form == Arithmetic)
4372 Ty = ValType;
4373 else if (Form == Copy || Form == Xchg) {
4374 if (IsPassedByAddress) {
4375 // The value pointer is always dereferenced, a nullptr is undefined.
4376 CheckNonNullArgument(S&: *this, ArgExpr: APIOrderedArgs[i],
4377 CallSiteLoc: ExprRange.getBegin());
4378 }
4379 Ty = ByValType;
4380 } else {
4381 Expr *ValArg = APIOrderedArgs[i];
4382 // The value pointer is always dereferenced, a nullptr is undefined.
4383 CheckNonNullArgument(S&: *this, ArgExpr: ValArg, CallSiteLoc: ExprRange.getBegin());
4384 LangAS AS = LangAS::Default;
4385 // Keep address space of non-atomic pointer type.
4386 if (const PointerType *PtrTy =
4387 ValArg->getType()->getAs<PointerType>()) {
4388 AS = PtrTy->getPointeeType().getAddressSpace();
4389 }
4390 Ty = Context.getPointerType(
4391 T: Context.getAddrSpaceQualType(T: ValType.getUnqualifiedType(), AddressSpace: AS));
4392 }
4393 break;
4394 case 2:
4395 // The third argument to compare_exchange / GNU exchange is the desired
4396 // value, either by-value (for the C11 and *_n variant) or as a pointer.
4397 if (IsPassedByAddress)
4398 CheckNonNullArgument(S&: *this, ArgExpr: APIOrderedArgs[i], CallSiteLoc: ExprRange.getBegin());
4399 Ty = ByValType;
4400 break;
4401 case 3:
4402 // The fourth argument to GNU compare_exchange is a 'weak' flag.
4403 Ty = Context.BoolTy;
4404 break;
4405 }
4406 } else {
4407 // The order(s) and scope are always converted to int.
4408 Ty = Context.IntTy;
4409 }
4410
4411 InitializedEntity Entity =
4412 InitializedEntity::InitializeParameter(Context, Type: Ty, Consumed: false);
4413 ExprResult Arg = APIOrderedArgs[i];
4414 Arg = PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: Arg);
4415 if (Arg.isInvalid())
4416 return true;
4417 APIOrderedArgs[i] = Arg.get();
4418 }
4419
4420 // Permute the arguments into a 'consistent' order.
4421 SmallVector<Expr*, 5> SubExprs;
4422 SubExprs.push_back(Elt: Ptr);
4423 switch (Form) {
4424 case Init:
4425 // Note, AtomicExpr::getVal1() has a special case for this atomic.
4426 SubExprs.push_back(Elt: APIOrderedArgs[1]); // Val1
4427 break;
4428 case Load:
4429 case TestAndSetByte:
4430 case ClearByte:
4431 SubExprs.push_back(Elt: APIOrderedArgs[1]); // Order
4432 break;
4433 case LoadCopy:
4434 case Copy:
4435 case Arithmetic:
4436 case Xchg:
4437 SubExprs.push_back(Elt: APIOrderedArgs[2]); // Order
4438 SubExprs.push_back(Elt: APIOrderedArgs[1]); // Val1
4439 break;
4440 case GNUXchg:
4441 // Note, AtomicExpr::getVal2() has a special case for this atomic.
4442 SubExprs.push_back(Elt: APIOrderedArgs[3]); // Order
4443 SubExprs.push_back(Elt: APIOrderedArgs[1]); // Val1
4444 SubExprs.push_back(Elt: APIOrderedArgs[2]); // Val2
4445 break;
4446 case C11CmpXchg:
4447 SubExprs.push_back(Elt: APIOrderedArgs[3]); // Order
4448 SubExprs.push_back(Elt: APIOrderedArgs[1]); // Val1
4449 SubExprs.push_back(Elt: APIOrderedArgs[4]); // OrderFail
4450 SubExprs.push_back(Elt: APIOrderedArgs[2]); // Val2
4451 break;
4452 case GNUCmpXchg:
4453 SubExprs.push_back(Elt: APIOrderedArgs[4]); // Order
4454 SubExprs.push_back(Elt: APIOrderedArgs[1]); // Val1
4455 SubExprs.push_back(Elt: APIOrderedArgs[5]); // OrderFail
4456 SubExprs.push_back(Elt: APIOrderedArgs[2]); // Val2
4457 SubExprs.push_back(Elt: APIOrderedArgs[3]); // Weak
4458 break;
4459 }
4460
4461 // If the memory orders are constants, check they are valid.
4462 if (SubExprs.size() >= 2 && Form != Init) {
4463 std::optional<llvm::APSInt> Success =
4464 SubExprs[1]->getIntegerConstantExpr(Ctx: Context);
4465 if (Success && !isValidOrderingForOp(Ordering: Success->getSExtValue(), Op)) {
4466 Diag(Loc: SubExprs[1]->getBeginLoc(),
4467 DiagID: diag::warn_atomic_op_has_invalid_memory_order)
4468 << /*success=*/(Form == C11CmpXchg || Form == GNUCmpXchg)
4469 << SubExprs[1]->getSourceRange();
4470 }
4471 if (SubExprs.size() >= 5) {
4472 if (std::optional<llvm::APSInt> Failure =
4473 SubExprs[3]->getIntegerConstantExpr(Ctx: Context)) {
4474 if (!llvm::is_contained(
4475 Set: {llvm::AtomicOrderingCABI::relaxed,
4476 llvm::AtomicOrderingCABI::consume,
4477 llvm::AtomicOrderingCABI::acquire,
4478 llvm::AtomicOrderingCABI::seq_cst},
4479 Element: (llvm::AtomicOrderingCABI)Failure->getSExtValue())) {
4480 Diag(Loc: SubExprs[3]->getBeginLoc(),
4481 DiagID: diag::warn_atomic_op_has_invalid_memory_order)
4482 << /*failure=*/2 << SubExprs[3]->getSourceRange();
4483 }
4484 }
4485 }
4486 }
4487
4488 if (auto ScopeModel = AtomicExpr::getScopeModel(Op)) {
4489 auto *Scope = Args[Args.size() - 1];
4490 if (std::optional<llvm::APSInt> Result =
4491 Scope->getIntegerConstantExpr(Ctx: Context)) {
4492 if (!ScopeModel->isValid(S: Result->getZExtValue()))
4493 Diag(Loc: Scope->getBeginLoc(), DiagID: diag::err_atomic_op_has_invalid_sync_scope)
4494 << Scope->getSourceRange();
4495 }
4496 SubExprs.push_back(Elt: Scope);
4497 }
4498
4499 AtomicExpr *AE = new (Context)
4500 AtomicExpr(ExprRange.getBegin(), SubExprs, ResultType, Op, RParenLoc);
4501
4502 if ((Op == AtomicExpr::AO__c11_atomic_load ||
4503 Op == AtomicExpr::AO__c11_atomic_store ||
4504 Op == AtomicExpr::AO__opencl_atomic_load ||
4505 Op == AtomicExpr::AO__hip_atomic_load ||
4506 Op == AtomicExpr::AO__opencl_atomic_store ||
4507 Op == AtomicExpr::AO__hip_atomic_store) &&
4508 Context.AtomicUsesUnsupportedLibcall(E: AE))
4509 Diag(Loc: AE->getBeginLoc(), DiagID: diag::err_atomic_load_store_uses_lib)
4510 << ((Op == AtomicExpr::AO__c11_atomic_load ||
4511 Op == AtomicExpr::AO__opencl_atomic_load ||
4512 Op == AtomicExpr::AO__hip_atomic_load)
4513 ? 0
4514 : 1);
4515
4516 if (ValType->isBitIntType()) {
4517 Diag(Loc: Ptr->getExprLoc(), DiagID: diag::err_atomic_builtin_bit_int_prohibit);
4518 return ExprError();
4519 }
4520
4521 return AE;
4522}
4523
4524/// checkBuiltinArgument - Given a call to a builtin function, perform
4525/// normal type-checking on the given argument, updating the call in
4526/// place. This is useful when a builtin function requires custom
4527/// type-checking for some of its arguments but not necessarily all of
4528/// them.
4529///
4530/// Returns true on error.
4531static bool checkBuiltinArgument(Sema &S, CallExpr *E, unsigned ArgIndex) {
4532 FunctionDecl *Fn = E->getDirectCallee();
4533 assert(Fn && "builtin call without direct callee!");
4534
4535 ParmVarDecl *Param = Fn->getParamDecl(i: ArgIndex);
4536 InitializedEntity Entity =
4537 InitializedEntity::InitializeParameter(Context&: S.Context, Parm: Param);
4538
4539 ExprResult Arg = E->getArg(Arg: ArgIndex);
4540 Arg = S.PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: Arg);
4541 if (Arg.isInvalid())
4542 return true;
4543
4544 E->setArg(Arg: ArgIndex, ArgExpr: Arg.get());
4545 return false;
4546}
4547
4548ExprResult Sema::BuiltinAtomicOverloaded(ExprResult TheCallResult) {
4549 CallExpr *TheCall = static_cast<CallExpr *>(TheCallResult.get());
4550 Expr *Callee = TheCall->getCallee();
4551 DeclRefExpr *DRE = cast<DeclRefExpr>(Val: Callee->IgnoreParenCasts());
4552 FunctionDecl *FDecl = cast<FunctionDecl>(Val: DRE->getDecl());
4553
4554 // Ensure that we have at least one argument to do type inference from.
4555 if (TheCall->getNumArgs() < 1) {
4556 Diag(Loc: TheCall->getEndLoc(), DiagID: diag::err_typecheck_call_too_few_args_at_least)
4557 << 0 << 1 << TheCall->getNumArgs() << /*is non object*/ 0
4558 << Callee->getSourceRange();
4559 return ExprError();
4560 }
4561
4562 // Inspect the first argument of the atomic builtin. This should always be
4563 // a pointer type, whose element is an integral scalar or pointer type.
4564 // Because it is a pointer type, we don't have to worry about any implicit
4565 // casts here.
4566 // FIXME: We don't allow floating point scalars as input.
4567 Expr *FirstArg = TheCall->getArg(Arg: 0);
4568 ExprResult FirstArgResult = DefaultFunctionArrayLvalueConversion(E: FirstArg);
4569 if (FirstArgResult.isInvalid())
4570 return ExprError();
4571 FirstArg = FirstArgResult.get();
4572 TheCall->setArg(Arg: 0, ArgExpr: FirstArg);
4573
4574 const PointerType *pointerType = FirstArg->getType()->getAs<PointerType>();
4575 if (!pointerType) {
4576 Diag(Loc: DRE->getBeginLoc(), DiagID: diag::err_atomic_builtin_must_be_pointer)
4577 << FirstArg->getType() << 0 << FirstArg->getSourceRange();
4578 return ExprError();
4579 }
4580
4581 QualType ValType = pointerType->getPointeeType();
4582 if (!ValType->isIntegerType() && !ValType->isAnyPointerType() &&
4583 !ValType->isBlockPointerType()) {
4584 Diag(Loc: DRE->getBeginLoc(), DiagID: diag::err_atomic_builtin_must_be_pointer_intptr)
4585 << FirstArg->getType() << 0 << FirstArg->getSourceRange();
4586 return ExprError();
4587 }
4588 PointerAuthQualifier PointerAuth = ValType.getPointerAuth();
4589 if (PointerAuth && PointerAuth.isAddressDiscriminated()) {
4590 Diag(Loc: FirstArg->getBeginLoc(),
4591 DiagID: diag::err_atomic_op_needs_non_address_discriminated_pointer)
4592 << 1 << ValType << FirstArg->getSourceRange();
4593 return ExprError();
4594 }
4595
4596 if (ValType.isConstQualified()) {
4597 Diag(Loc: DRE->getBeginLoc(), DiagID: diag::err_atomic_builtin_cannot_be_const)
4598 << FirstArg->getType() << FirstArg->getSourceRange();
4599 return ExprError();
4600 }
4601
4602 switch (ValType.getObjCLifetime()) {
4603 case Qualifiers::OCL_None:
4604 case Qualifiers::OCL_ExplicitNone:
4605 // okay
4606 break;
4607
4608 case Qualifiers::OCL_Weak:
4609 case Qualifiers::OCL_Strong:
4610 case Qualifiers::OCL_Autoreleasing:
4611 Diag(Loc: DRE->getBeginLoc(), DiagID: diag::err_arc_atomic_ownership)
4612 << ValType << FirstArg->getSourceRange();
4613 return ExprError();
4614 }
4615
4616 // Strip any qualifiers off ValType.
4617 ValType = ValType.getUnqualifiedType();
4618
4619 // The majority of builtins return a value, but a few have special return
4620 // types, so allow them to override appropriately below.
4621 QualType ResultType = ValType;
4622
4623 // We need to figure out which concrete builtin this maps onto. For example,
4624 // __sync_fetch_and_add with a 2 byte object turns into
4625 // __sync_fetch_and_add_2.
4626#define BUILTIN_ROW(x) \
4627 { Builtin::BI##x##_1, Builtin::BI##x##_2, Builtin::BI##x##_4, \
4628 Builtin::BI##x##_8, Builtin::BI##x##_16 }
4629
4630 static const unsigned BuiltinIndices[][5] = {
4631 BUILTIN_ROW(__sync_fetch_and_add),
4632 BUILTIN_ROW(__sync_fetch_and_sub),
4633 BUILTIN_ROW(__sync_fetch_and_or),
4634 BUILTIN_ROW(__sync_fetch_and_and),
4635 BUILTIN_ROW(__sync_fetch_and_xor),
4636 BUILTIN_ROW(__sync_fetch_and_nand),
4637
4638 BUILTIN_ROW(__sync_add_and_fetch),
4639 BUILTIN_ROW(__sync_sub_and_fetch),
4640 BUILTIN_ROW(__sync_and_and_fetch),
4641 BUILTIN_ROW(__sync_or_and_fetch),
4642 BUILTIN_ROW(__sync_xor_and_fetch),
4643 BUILTIN_ROW(__sync_nand_and_fetch),
4644
4645 BUILTIN_ROW(__sync_val_compare_and_swap),
4646 BUILTIN_ROW(__sync_bool_compare_and_swap),
4647 BUILTIN_ROW(__sync_lock_test_and_set),
4648 BUILTIN_ROW(__sync_lock_release),
4649 BUILTIN_ROW(__sync_swap)
4650 };
4651#undef BUILTIN_ROW
4652
4653 // Determine the index of the size.
4654 unsigned SizeIndex;
4655 switch (Context.getTypeSizeInChars(T: ValType).getQuantity()) {
4656 case 1: SizeIndex = 0; break;
4657 case 2: SizeIndex = 1; break;
4658 case 4: SizeIndex = 2; break;
4659 case 8: SizeIndex = 3; break;
4660 case 16: SizeIndex = 4; break;
4661 default:
4662 Diag(Loc: DRE->getBeginLoc(), DiagID: diag::err_atomic_builtin_pointer_size)
4663 << FirstArg->getType() << FirstArg->getSourceRange();
4664 return ExprError();
4665 }
4666
4667 // Each of these builtins has one pointer argument, followed by some number of
4668 // values (0, 1 or 2) followed by a potentially empty varags list of stuff
4669 // that we ignore. Find out which row of BuiltinIndices to read from as well
4670 // as the number of fixed args.
4671 unsigned BuiltinID = FDecl->getBuiltinID();
4672 unsigned BuiltinIndex, NumFixed = 1;
4673 bool WarnAboutSemanticsChange = false;
4674 switch (BuiltinID) {
4675 default: llvm_unreachable("Unknown overloaded atomic builtin!");
4676 case Builtin::BI__sync_fetch_and_add:
4677 case Builtin::BI__sync_fetch_and_add_1:
4678 case Builtin::BI__sync_fetch_and_add_2:
4679 case Builtin::BI__sync_fetch_and_add_4:
4680 case Builtin::BI__sync_fetch_and_add_8:
4681 case Builtin::BI__sync_fetch_and_add_16:
4682 BuiltinIndex = 0;
4683 break;
4684
4685 case Builtin::BI__sync_fetch_and_sub:
4686 case Builtin::BI__sync_fetch_and_sub_1:
4687 case Builtin::BI__sync_fetch_and_sub_2:
4688 case Builtin::BI__sync_fetch_and_sub_4:
4689 case Builtin::BI__sync_fetch_and_sub_8:
4690 case Builtin::BI__sync_fetch_and_sub_16:
4691 BuiltinIndex = 1;
4692 break;
4693
4694 case Builtin::BI__sync_fetch_and_or:
4695 case Builtin::BI__sync_fetch_and_or_1:
4696 case Builtin::BI__sync_fetch_and_or_2:
4697 case Builtin::BI__sync_fetch_and_or_4:
4698 case Builtin::BI__sync_fetch_and_or_8:
4699 case Builtin::BI__sync_fetch_and_or_16:
4700 BuiltinIndex = 2;
4701 break;
4702
4703 case Builtin::BI__sync_fetch_and_and:
4704 case Builtin::BI__sync_fetch_and_and_1:
4705 case Builtin::BI__sync_fetch_and_and_2:
4706 case Builtin::BI__sync_fetch_and_and_4:
4707 case Builtin::BI__sync_fetch_and_and_8:
4708 case Builtin::BI__sync_fetch_and_and_16:
4709 BuiltinIndex = 3;
4710 break;
4711
4712 case Builtin::BI__sync_fetch_and_xor:
4713 case Builtin::BI__sync_fetch_and_xor_1:
4714 case Builtin::BI__sync_fetch_and_xor_2:
4715 case Builtin::BI__sync_fetch_and_xor_4:
4716 case Builtin::BI__sync_fetch_and_xor_8:
4717 case Builtin::BI__sync_fetch_and_xor_16:
4718 BuiltinIndex = 4;
4719 break;
4720
4721 case Builtin::BI__sync_fetch_and_nand:
4722 case Builtin::BI__sync_fetch_and_nand_1:
4723 case Builtin::BI__sync_fetch_and_nand_2:
4724 case Builtin::BI__sync_fetch_and_nand_4:
4725 case Builtin::BI__sync_fetch_and_nand_8:
4726 case Builtin::BI__sync_fetch_and_nand_16:
4727 BuiltinIndex = 5;
4728 WarnAboutSemanticsChange = true;
4729 break;
4730
4731 case Builtin::BI__sync_add_and_fetch:
4732 case Builtin::BI__sync_add_and_fetch_1:
4733 case Builtin::BI__sync_add_and_fetch_2:
4734 case Builtin::BI__sync_add_and_fetch_4:
4735 case Builtin::BI__sync_add_and_fetch_8:
4736 case Builtin::BI__sync_add_and_fetch_16:
4737 BuiltinIndex = 6;
4738 break;
4739
4740 case Builtin::BI__sync_sub_and_fetch:
4741 case Builtin::BI__sync_sub_and_fetch_1:
4742 case Builtin::BI__sync_sub_and_fetch_2:
4743 case Builtin::BI__sync_sub_and_fetch_4:
4744 case Builtin::BI__sync_sub_and_fetch_8:
4745 case Builtin::BI__sync_sub_and_fetch_16:
4746 BuiltinIndex = 7;
4747 break;
4748
4749 case Builtin::BI__sync_and_and_fetch:
4750 case Builtin::BI__sync_and_and_fetch_1:
4751 case Builtin::BI__sync_and_and_fetch_2:
4752 case Builtin::BI__sync_and_and_fetch_4:
4753 case Builtin::BI__sync_and_and_fetch_8:
4754 case Builtin::BI__sync_and_and_fetch_16:
4755 BuiltinIndex = 8;
4756 break;
4757
4758 case Builtin::BI__sync_or_and_fetch:
4759 case Builtin::BI__sync_or_and_fetch_1:
4760 case Builtin::BI__sync_or_and_fetch_2:
4761 case Builtin::BI__sync_or_and_fetch_4:
4762 case Builtin::BI__sync_or_and_fetch_8:
4763 case Builtin::BI__sync_or_and_fetch_16:
4764 BuiltinIndex = 9;
4765 break;
4766
4767 case Builtin::BI__sync_xor_and_fetch:
4768 case Builtin::BI__sync_xor_and_fetch_1:
4769 case Builtin::BI__sync_xor_and_fetch_2:
4770 case Builtin::BI__sync_xor_and_fetch_4:
4771 case Builtin::BI__sync_xor_and_fetch_8:
4772 case Builtin::BI__sync_xor_and_fetch_16:
4773 BuiltinIndex = 10;
4774 break;
4775
4776 case Builtin::BI__sync_nand_and_fetch:
4777 case Builtin::BI__sync_nand_and_fetch_1:
4778 case Builtin::BI__sync_nand_and_fetch_2:
4779 case Builtin::BI__sync_nand_and_fetch_4:
4780 case Builtin::BI__sync_nand_and_fetch_8:
4781 case Builtin::BI__sync_nand_and_fetch_16:
4782 BuiltinIndex = 11;
4783 WarnAboutSemanticsChange = true;
4784 break;
4785
4786 case Builtin::BI__sync_val_compare_and_swap:
4787 case Builtin::BI__sync_val_compare_and_swap_1:
4788 case Builtin::BI__sync_val_compare_and_swap_2:
4789 case Builtin::BI__sync_val_compare_and_swap_4:
4790 case Builtin::BI__sync_val_compare_and_swap_8:
4791 case Builtin::BI__sync_val_compare_and_swap_16:
4792 BuiltinIndex = 12;
4793 NumFixed = 2;
4794 break;
4795
4796 case Builtin::BI__sync_bool_compare_and_swap:
4797 case Builtin::BI__sync_bool_compare_and_swap_1:
4798 case Builtin::BI__sync_bool_compare_and_swap_2:
4799 case Builtin::BI__sync_bool_compare_and_swap_4:
4800 case Builtin::BI__sync_bool_compare_and_swap_8:
4801 case Builtin::BI__sync_bool_compare_and_swap_16:
4802 BuiltinIndex = 13;
4803 NumFixed = 2;
4804 ResultType = Context.BoolTy;
4805 break;
4806
4807 case Builtin::BI__sync_lock_test_and_set:
4808 case Builtin::BI__sync_lock_test_and_set_1:
4809 case Builtin::BI__sync_lock_test_and_set_2:
4810 case Builtin::BI__sync_lock_test_and_set_4:
4811 case Builtin::BI__sync_lock_test_and_set_8:
4812 case Builtin::BI__sync_lock_test_and_set_16:
4813 BuiltinIndex = 14;
4814 break;
4815
4816 case Builtin::BI__sync_lock_release:
4817 case Builtin::BI__sync_lock_release_1:
4818 case Builtin::BI__sync_lock_release_2:
4819 case Builtin::BI__sync_lock_release_4:
4820 case Builtin::BI__sync_lock_release_8:
4821 case Builtin::BI__sync_lock_release_16:
4822 BuiltinIndex = 15;
4823 NumFixed = 0;
4824 ResultType = Context.VoidTy;
4825 break;
4826
4827 case Builtin::BI__sync_swap:
4828 case Builtin::BI__sync_swap_1:
4829 case Builtin::BI__sync_swap_2:
4830 case Builtin::BI__sync_swap_4:
4831 case Builtin::BI__sync_swap_8:
4832 case Builtin::BI__sync_swap_16:
4833 BuiltinIndex = 16;
4834 break;
4835 }
4836
4837 // Now that we know how many fixed arguments we expect, first check that we
4838 // have at least that many.
4839 if (TheCall->getNumArgs() < 1+NumFixed) {
4840 Diag(Loc: TheCall->getEndLoc(), DiagID: diag::err_typecheck_call_too_few_args_at_least)
4841 << 0 << 1 + NumFixed << TheCall->getNumArgs() << /*is non object*/ 0
4842 << Callee->getSourceRange();
4843 return ExprError();
4844 }
4845
4846 Diag(Loc: TheCall->getEndLoc(), DiagID: diag::warn_atomic_implicit_seq_cst)
4847 << Callee->getSourceRange();
4848
4849 if (WarnAboutSemanticsChange) {
4850 Diag(Loc: TheCall->getEndLoc(), DiagID: diag::warn_sync_fetch_and_nand_semantics_change)
4851 << Callee->getSourceRange();
4852 }
4853
4854 // Get the decl for the concrete builtin from this, we can tell what the
4855 // concrete integer type we should convert to is.
4856 unsigned NewBuiltinID = BuiltinIndices[BuiltinIndex][SizeIndex];
4857 std::string NewBuiltinName = Context.BuiltinInfo.getName(ID: NewBuiltinID);
4858 FunctionDecl *NewBuiltinDecl;
4859 if (NewBuiltinID == BuiltinID)
4860 NewBuiltinDecl = FDecl;
4861 else {
4862 // Perform builtin lookup to avoid redeclaring it.
4863 DeclarationName DN(&Context.Idents.get(Name: NewBuiltinName));
4864 LookupResult Res(*this, DN, DRE->getBeginLoc(), LookupOrdinaryName);
4865 LookupName(R&: Res, S: TUScope, /*AllowBuiltinCreation=*/true);
4866 assert(Res.getFoundDecl());
4867 NewBuiltinDecl = dyn_cast<FunctionDecl>(Val: Res.getFoundDecl());
4868 if (!NewBuiltinDecl)
4869 return ExprError();
4870 }
4871
4872 // The first argument --- the pointer --- has a fixed type; we
4873 // deduce the types of the rest of the arguments accordingly. Walk
4874 // the remaining arguments, converting them to the deduced value type.
4875 for (unsigned i = 0; i != NumFixed; ++i) {
4876 ExprResult Arg = TheCall->getArg(Arg: i+1);
4877
4878 // GCC does an implicit conversion to the pointer or integer ValType. This
4879 // can fail in some cases (1i -> int**), check for this error case now.
4880 // Initialize the argument.
4881 InitializedEntity Entity = InitializedEntity::InitializeParameter(Context,
4882 Type: ValType, /*consume*/ Consumed: false);
4883 Arg = PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: Arg);
4884 if (Arg.isInvalid())
4885 return ExprError();
4886
4887 // Okay, we have something that *can* be converted to the right type. Check
4888 // to see if there is a potentially weird extension going on here. This can
4889 // happen when you do an atomic operation on something like an char* and
4890 // pass in 42. The 42 gets converted to char. This is even more strange
4891 // for things like 45.123 -> char, etc.
4892 // FIXME: Do this check.
4893 TheCall->setArg(Arg: i+1, ArgExpr: Arg.get());
4894 }
4895
4896 // Create a new DeclRefExpr to refer to the new decl.
4897 DeclRefExpr *NewDRE = DeclRefExpr::Create(
4898 Context, QualifierLoc: DRE->getQualifierLoc(), TemplateKWLoc: SourceLocation(), D: NewBuiltinDecl,
4899 /*enclosing*/ RefersToEnclosingVariableOrCapture: false, NameLoc: DRE->getLocation(), T: Context.BuiltinFnTy,
4900 VK: DRE->getValueKind(), FoundD: nullptr, TemplateArgs: nullptr, NOUR: DRE->isNonOdrUse());
4901
4902 // Set the callee in the CallExpr.
4903 // FIXME: This loses syntactic information.
4904 QualType CalleePtrTy = Context.getPointerType(T: NewBuiltinDecl->getType());
4905 ExprResult PromotedCall = ImpCastExprToType(E: NewDRE, Type: CalleePtrTy,
4906 CK: CK_BuiltinFnToFnPtr);
4907 TheCall->setCallee(PromotedCall.get());
4908
4909 // Change the result type of the call to match the original value type. This
4910 // is arbitrary, but the codegen for these builtins ins design to handle it
4911 // gracefully.
4912 TheCall->setType(ResultType);
4913
4914 // Prohibit problematic uses of bit-precise integer types with atomic
4915 // builtins. The arguments would have already been converted to the first
4916 // argument's type, so only need to check the first argument.
4917 const auto *BitIntValType = ValType->getAs<BitIntType>();
4918 if (BitIntValType && !llvm::isPowerOf2_64(Value: BitIntValType->getNumBits())) {
4919 Diag(Loc: FirstArg->getExprLoc(), DiagID: diag::err_atomic_builtin_ext_int_size);
4920 return ExprError();
4921 }
4922
4923 return TheCallResult;
4924}
4925
4926ExprResult Sema::BuiltinNontemporalOverloaded(ExprResult TheCallResult) {
4927 CallExpr *TheCall = (CallExpr *)TheCallResult.get();
4928 DeclRefExpr *DRE =
4929 cast<DeclRefExpr>(Val: TheCall->getCallee()->IgnoreParenCasts());
4930 FunctionDecl *FDecl = cast<FunctionDecl>(Val: DRE->getDecl());
4931 unsigned BuiltinID = FDecl->getBuiltinID();
4932 assert((BuiltinID == Builtin::BI__builtin_nontemporal_store ||
4933 BuiltinID == Builtin::BI__builtin_nontemporal_load) &&
4934 "Unexpected nontemporal load/store builtin!");
4935 bool isStore = BuiltinID == Builtin::BI__builtin_nontemporal_store;
4936 unsigned numArgs = isStore ? 2 : 1;
4937
4938 // Ensure that we have the proper number of arguments.
4939 if (checkArgCount(Call: TheCall, DesiredArgCount: numArgs))
4940 return ExprError();
4941
4942 // Inspect the last argument of the nontemporal builtin. This should always
4943 // be a pointer type, from which we imply the type of the memory access.
4944 // Because it is a pointer type, we don't have to worry about any implicit
4945 // casts here.
4946 Expr *PointerArg = TheCall->getArg(Arg: numArgs - 1);
4947 ExprResult PointerArgResult =
4948 DefaultFunctionArrayLvalueConversion(E: PointerArg);
4949
4950 if (PointerArgResult.isInvalid())
4951 return ExprError();
4952 PointerArg = PointerArgResult.get();
4953 TheCall->setArg(Arg: numArgs - 1, ArgExpr: PointerArg);
4954
4955 const PointerType *pointerType = PointerArg->getType()->getAs<PointerType>();
4956 if (!pointerType) {
4957 Diag(Loc: DRE->getBeginLoc(), DiagID: diag::err_nontemporal_builtin_must_be_pointer)
4958 << PointerArg->getType() << PointerArg->getSourceRange();
4959 return ExprError();
4960 }
4961
4962 QualType ValType = pointerType->getPointeeType();
4963
4964 // Strip any qualifiers off ValType.
4965 ValType = ValType.getUnqualifiedType();
4966 if (!ValType->isIntegerType() && !ValType->isAnyPointerType() &&
4967 !ValType->isBlockPointerType() && !ValType->isFloatingType() &&
4968 !ValType->isVectorType()) {
4969 Diag(Loc: DRE->getBeginLoc(),
4970 DiagID: diag::err_nontemporal_builtin_must_be_pointer_intfltptr_or_vector)
4971 << PointerArg->getType() << PointerArg->getSourceRange();
4972 return ExprError();
4973 }
4974
4975 if (!isStore) {
4976 TheCall->setType(ValType);
4977 return TheCallResult;
4978 }
4979
4980 ExprResult ValArg = TheCall->getArg(Arg: 0);
4981 InitializedEntity Entity = InitializedEntity::InitializeParameter(
4982 Context, Type: ValType, /*consume*/ Consumed: false);
4983 ValArg = PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: ValArg);
4984 if (ValArg.isInvalid())
4985 return ExprError();
4986
4987 TheCall->setArg(Arg: 0, ArgExpr: ValArg.get());
4988 TheCall->setType(Context.VoidTy);
4989 return TheCallResult;
4990}
4991
4992/// CheckObjCString - Checks that the format string argument to the os_log()
4993/// and os_trace() functions is correct, and converts it to const char *.
4994ExprResult Sema::CheckOSLogFormatStringArg(Expr *Arg) {
4995 Arg = Arg->IgnoreParenCasts();
4996 auto *Literal = dyn_cast<StringLiteral>(Val: Arg);
4997 if (!Literal) {
4998 if (auto *ObjcLiteral = dyn_cast<ObjCStringLiteral>(Val: Arg)) {
4999 Literal = ObjcLiteral->getString();
5000 }
5001 }
5002
5003 if (!Literal || (!Literal->isOrdinary() && !Literal->isUTF8())) {
5004 return ExprError(
5005 Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_os_log_format_not_string_constant)
5006 << Arg->getSourceRange());
5007 }
5008
5009 ExprResult Result(Literal);
5010 QualType ResultTy = Context.getPointerType(T: Context.CharTy.withConst());
5011 InitializedEntity Entity =
5012 InitializedEntity::InitializeParameter(Context, Type: ResultTy, Consumed: false);
5013 Result = PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: Result);
5014 return Result;
5015}
5016
5017/// Check that the user is calling the appropriate va_start builtin for the
5018/// target and calling convention.
5019static bool checkVAStartABI(Sema &S, unsigned BuiltinID, Expr *Fn) {
5020 const llvm::Triple &TT = S.Context.getTargetInfo().getTriple();
5021 bool IsX64 = TT.getArch() == llvm::Triple::x86_64;
5022 bool IsAArch64 = (TT.getArch() == llvm::Triple::aarch64 ||
5023 TT.getArch() == llvm::Triple::aarch64_32);
5024 bool IsWindowsOrUEFI = TT.isOSWindows() || TT.isUEFI();
5025 bool IsMSVAStart = BuiltinID == Builtin::BI__builtin_ms_va_start;
5026 if (IsX64 || IsAArch64) {
5027 CallingConv CC = CC_C;
5028 if (const FunctionDecl *FD = S.getCurFunctionDecl())
5029 CC = FD->getType()->castAs<FunctionType>()->getCallConv();
5030 if (IsMSVAStart) {
5031 // Don't allow this in System V ABI functions.
5032 if (CC == CC_X86_64SysV || (!IsWindowsOrUEFI && CC != CC_Win64))
5033 return S.Diag(Loc: Fn->getBeginLoc(),
5034 DiagID: diag::err_ms_va_start_used_in_sysv_function);
5035 } else {
5036 // On x86-64/AArch64 Unix, don't allow this in Win64 ABI functions.
5037 // On x64 Windows, don't allow this in System V ABI functions.
5038 // (Yes, that means there's no corresponding way to support variadic
5039 // System V ABI functions on Windows.)
5040 if ((IsWindowsOrUEFI && CC == CC_X86_64SysV) ||
5041 (!IsWindowsOrUEFI && CC == CC_Win64))
5042 return S.Diag(Loc: Fn->getBeginLoc(),
5043 DiagID: diag::err_va_start_used_in_wrong_abi_function)
5044 << !IsWindowsOrUEFI;
5045 }
5046 return false;
5047 }
5048
5049 if (IsMSVAStart)
5050 return S.Diag(Loc: Fn->getBeginLoc(), DiagID: diag::err_builtin_x64_aarch64_only);
5051 return false;
5052}
5053
5054static bool checkVAStartIsInVariadicFunction(Sema &S, Expr *Fn,
5055 ParmVarDecl **LastParam = nullptr) {
5056 // Determine whether the current function, block, or obj-c method is variadic
5057 // and get its parameter list.
5058 bool IsVariadic = false;
5059 ArrayRef<ParmVarDecl *> Params;
5060 DeclContext *Caller = S.CurContext;
5061 if (auto *Block = dyn_cast<BlockDecl>(Val: Caller)) {
5062 IsVariadic = Block->isVariadic();
5063 Params = Block->parameters();
5064 } else if (auto *FD = dyn_cast<FunctionDecl>(Val: Caller)) {
5065 IsVariadic = FD->isVariadic();
5066 Params = FD->parameters();
5067 } else if (auto *MD = dyn_cast<ObjCMethodDecl>(Val: Caller)) {
5068 IsVariadic = MD->isVariadic();
5069 // FIXME: This isn't correct for methods (results in bogus warning).
5070 Params = MD->parameters();
5071 } else if (isa<CapturedDecl>(Val: Caller)) {
5072 // We don't support va_start in a CapturedDecl.
5073 S.Diag(Loc: Fn->getBeginLoc(), DiagID: diag::err_va_start_captured_stmt);
5074 return true;
5075 } else {
5076 // This must be some other declcontext that parses exprs.
5077 S.Diag(Loc: Fn->getBeginLoc(), DiagID: diag::err_va_start_outside_function);
5078 return true;
5079 }
5080
5081 if (!IsVariadic) {
5082 S.Diag(Loc: Fn->getBeginLoc(), DiagID: diag::err_va_start_fixed_function);
5083 return true;
5084 }
5085
5086 if (LastParam)
5087 *LastParam = Params.empty() ? nullptr : Params.back();
5088
5089 return false;
5090}
5091
5092bool Sema::BuiltinVAStart(unsigned BuiltinID, CallExpr *TheCall) {
5093 Expr *Fn = TheCall->getCallee();
5094 if (checkVAStartABI(S&: *this, BuiltinID, Fn))
5095 return true;
5096
5097 if (BuiltinID == Builtin::BI__builtin_c23_va_start) {
5098 // This builtin requires one argument (the va_list), allows two arguments,
5099 // but diagnoses more than two arguments. e.g.,
5100 // __builtin_c23_va_start(); // error
5101 // __builtin_c23_va_start(list); // ok
5102 // __builtin_c23_va_start(list, param); // ok
5103 // __builtin_c23_va_start(list, anything, anything); // error
5104 // This differs from the GCC behavior in that they accept the last case
5105 // with a warning, but it doesn't seem like a useful behavior to allow.
5106 if (checkArgCountRange(Call: TheCall, MinArgCount: 1, MaxArgCount: 2))
5107 return true;
5108 } else {
5109 // In C23 mode, va_start only needs one argument. However, the builtin still
5110 // requires two arguments (which matches the behavior of the GCC builtin),
5111 // <stdarg.h> passes `0` as the second argument in C23 mode.
5112 if (checkArgCount(Call: TheCall, DesiredArgCount: 2))
5113 return true;
5114 }
5115
5116 // Type-check the first argument normally.
5117 if (checkBuiltinArgument(S&: *this, E: TheCall, ArgIndex: 0))
5118 return true;
5119
5120 // Check that the current function is variadic, and get its last parameter.
5121 ParmVarDecl *LastParam;
5122 if (checkVAStartIsInVariadicFunction(S&: *this, Fn, LastParam: &LastParam))
5123 return true;
5124
5125 // Verify that the second argument to the builtin is the last non-variadic
5126 // argument of the current function or method. In C23 mode, if the call is
5127 // not to __builtin_c23_va_start, and the second argument is an integer
5128 // constant expression with value 0, then we don't bother with this check.
5129 // For __builtin_c23_va_start, we only perform the check for the second
5130 // argument being the last argument to the current function if there is a
5131 // second argument present.
5132 if (BuiltinID == Builtin::BI__builtin_c23_va_start &&
5133 TheCall->getNumArgs() < 2) {
5134 Diag(Loc: TheCall->getExprLoc(), DiagID: diag::warn_c17_compat_va_start_one_arg);
5135 return false;
5136 }
5137
5138 const Expr *Arg = TheCall->getArg(Arg: 1)->IgnoreParenCasts();
5139 if (std::optional<llvm::APSInt> Val =
5140 TheCall->getArg(Arg: 1)->getIntegerConstantExpr(Ctx: Context);
5141 Val && LangOpts.C23 && *Val == 0 &&
5142 BuiltinID != Builtin::BI__builtin_c23_va_start) {
5143 Diag(Loc: TheCall->getExprLoc(), DiagID: diag::warn_c17_compat_va_start_one_arg);
5144 return false;
5145 }
5146
5147 // These are valid if SecondArgIsLastNonVariadicArgument is false after the
5148 // next block.
5149 QualType Type;
5150 SourceLocation ParamLoc;
5151 bool IsCRegister = false;
5152 bool SecondArgIsLastNonVariadicArgument = false;
5153 if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Val: Arg)) {
5154 if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(Val: DR->getDecl())) {
5155 SecondArgIsLastNonVariadicArgument = PV == LastParam;
5156
5157 Type = PV->getType();
5158 ParamLoc = PV->getLocation();
5159 IsCRegister =
5160 PV->getStorageClass() == SC_Register && !getLangOpts().CPlusPlus;
5161 }
5162 }
5163
5164 if (!SecondArgIsLastNonVariadicArgument)
5165 Diag(Loc: TheCall->getArg(Arg: 1)->getBeginLoc(),
5166 DiagID: diag::warn_second_arg_of_va_start_not_last_non_variadic_param);
5167 else if (IsCRegister || Type->isReferenceType() ||
5168 Type->isSpecificBuiltinType(K: BuiltinType::Float) || [=] {
5169 // Promotable integers are UB, but enumerations need a bit of
5170 // extra checking to see what their promotable type actually is.
5171 if (!Context.isPromotableIntegerType(T: Type))
5172 return false;
5173 if (!Type->isEnumeralType())
5174 return true;
5175 const EnumDecl *ED = Type->castAs<EnumType>()->getDecl();
5176 return !(ED &&
5177 Context.typesAreCompatible(T1: ED->getPromotionType(), T2: Type));
5178 }()) {
5179 unsigned Reason = 0;
5180 if (Type->isReferenceType()) Reason = 1;
5181 else if (IsCRegister) Reason = 2;
5182 Diag(Loc: Arg->getBeginLoc(), DiagID: diag::warn_va_start_type_is_undefined) << Reason;
5183 Diag(Loc: ParamLoc, DiagID: diag::note_parameter_type) << Type;
5184 }
5185
5186 return false;
5187}
5188
5189bool Sema::BuiltinVAStartARMMicrosoft(CallExpr *Call) {
5190 auto IsSuitablyTypedFormatArgument = [this](const Expr *Arg) -> bool {
5191 const LangOptions &LO = getLangOpts();
5192
5193 if (LO.CPlusPlus)
5194 return Arg->getType()
5195 .getCanonicalType()
5196 .getTypePtr()
5197 ->getPointeeType()
5198 .withoutLocalFastQualifiers() == Context.CharTy;
5199
5200 // In C, allow aliasing through `char *`, this is required for AArch64 at
5201 // least.
5202 return true;
5203 };
5204
5205 // void __va_start(va_list *ap, const char *named_addr, size_t slot_size,
5206 // const char *named_addr);
5207
5208 Expr *Func = Call->getCallee();
5209
5210 if (Call->getNumArgs() < 3)
5211 return Diag(Loc: Call->getEndLoc(),
5212 DiagID: diag::err_typecheck_call_too_few_args_at_least)
5213 << 0 /*function call*/ << 3 << Call->getNumArgs()
5214 << /*is non object*/ 0;
5215
5216 // Type-check the first argument normally.
5217 if (checkBuiltinArgument(S&: *this, E: Call, ArgIndex: 0))
5218 return true;
5219
5220 // Check that the current function is variadic.
5221 if (checkVAStartIsInVariadicFunction(S&: *this, Fn: Func))
5222 return true;
5223
5224 // __va_start on Windows does not validate the parameter qualifiers
5225
5226 const Expr *Arg1 = Call->getArg(Arg: 1)->IgnoreParens();
5227 const Type *Arg1Ty = Arg1->getType().getCanonicalType().getTypePtr();
5228
5229 const Expr *Arg2 = Call->getArg(Arg: 2)->IgnoreParens();
5230 const Type *Arg2Ty = Arg2->getType().getCanonicalType().getTypePtr();
5231
5232 const QualType &ConstCharPtrTy =
5233 Context.getPointerType(T: Context.CharTy.withConst());
5234 if (!Arg1Ty->isPointerType() || !IsSuitablyTypedFormatArgument(Arg1))
5235 Diag(Loc: Arg1->getBeginLoc(), DiagID: diag::err_typecheck_convert_incompatible)
5236 << Arg1->getType() << ConstCharPtrTy << 1 /* different class */
5237 << 0 /* qualifier difference */
5238 << 3 /* parameter mismatch */
5239 << 2 << Arg1->getType() << ConstCharPtrTy;
5240
5241 const QualType SizeTy = Context.getSizeType();
5242 if (Arg2Ty->getCanonicalTypeInternal().withoutLocalFastQualifiers() != SizeTy)
5243 Diag(Loc: Arg2->getBeginLoc(), DiagID: diag::err_typecheck_convert_incompatible)
5244 << Arg2->getType() << SizeTy << 1 /* different class */
5245 << 0 /* qualifier difference */
5246 << 3 /* parameter mismatch */
5247 << 3 << Arg2->getType() << SizeTy;
5248
5249 return false;
5250}
5251
5252bool Sema::BuiltinUnorderedCompare(CallExpr *TheCall, unsigned BuiltinID) {
5253 if (checkArgCount(Call: TheCall, DesiredArgCount: 2))
5254 return true;
5255
5256 if (BuiltinID == Builtin::BI__builtin_isunordered &&
5257 TheCall->getFPFeaturesInEffect(LO: getLangOpts()).getNoHonorNaNs())
5258 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_fp_nan_inf_when_disabled)
5259 << 1 << 0 << TheCall->getSourceRange();
5260
5261 ExprResult OrigArg0 = TheCall->getArg(Arg: 0);
5262 ExprResult OrigArg1 = TheCall->getArg(Arg: 1);
5263
5264 // Do standard promotions between the two arguments, returning their common
5265 // type.
5266 QualType Res = UsualArithmeticConversions(
5267 LHS&: OrigArg0, RHS&: OrigArg1, Loc: TheCall->getExprLoc(), ACK: ArithConvKind::Comparison);
5268 if (OrigArg0.isInvalid() || OrigArg1.isInvalid())
5269 return true;
5270
5271 // Make sure any conversions are pushed back into the call; this is
5272 // type safe since unordered compare builtins are declared as "_Bool
5273 // foo(...)".
5274 TheCall->setArg(Arg: 0, ArgExpr: OrigArg0.get());
5275 TheCall->setArg(Arg: 1, ArgExpr: OrigArg1.get());
5276
5277 if (OrigArg0.get()->isTypeDependent() || OrigArg1.get()->isTypeDependent())
5278 return false;
5279
5280 // If the common type isn't a real floating type, then the arguments were
5281 // invalid for this operation.
5282 if (Res.isNull() || !Res->isRealFloatingType())
5283 return Diag(Loc: OrigArg0.get()->getBeginLoc(),
5284 DiagID: diag::err_typecheck_call_invalid_ordered_compare)
5285 << OrigArg0.get()->getType() << OrigArg1.get()->getType()
5286 << SourceRange(OrigArg0.get()->getBeginLoc(),
5287 OrigArg1.get()->getEndLoc());
5288
5289 return false;
5290}
5291
5292bool Sema::BuiltinFPClassification(CallExpr *TheCall, unsigned NumArgs,
5293 unsigned BuiltinID) {
5294 if (checkArgCount(Call: TheCall, DesiredArgCount: NumArgs))
5295 return true;
5296
5297 FPOptions FPO = TheCall->getFPFeaturesInEffect(LO: getLangOpts());
5298 if (FPO.getNoHonorInfs() && (BuiltinID == Builtin::BI__builtin_isfinite ||
5299 BuiltinID == Builtin::BI__builtin_isinf ||
5300 BuiltinID == Builtin::BI__builtin_isinf_sign))
5301 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_fp_nan_inf_when_disabled)
5302 << 0 << 0 << TheCall->getSourceRange();
5303
5304 if (FPO.getNoHonorNaNs() && (BuiltinID == Builtin::BI__builtin_isnan ||
5305 BuiltinID == Builtin::BI__builtin_isunordered))
5306 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_fp_nan_inf_when_disabled)
5307 << 1 << 0 << TheCall->getSourceRange();
5308
5309 bool IsFPClass = NumArgs == 2;
5310
5311 // Find out position of floating-point argument.
5312 unsigned FPArgNo = IsFPClass ? 0 : NumArgs - 1;
5313
5314 // We can count on all parameters preceding the floating-point just being int.
5315 // Try all of those.
5316 for (unsigned i = 0; i < FPArgNo; ++i) {
5317 Expr *Arg = TheCall->getArg(Arg: i);
5318
5319 if (Arg->isTypeDependent())
5320 return false;
5321
5322 ExprResult Res = PerformImplicitConversion(From: Arg, ToType: Context.IntTy,
5323 Action: AssignmentAction::Passing);
5324
5325 if (Res.isInvalid())
5326 return true;
5327 TheCall->setArg(Arg: i, ArgExpr: Res.get());
5328 }
5329
5330 Expr *OrigArg = TheCall->getArg(Arg: FPArgNo);
5331
5332 if (OrigArg->isTypeDependent())
5333 return false;
5334
5335 // Usual Unary Conversions will convert half to float, which we want for
5336 // machines that use fp16 conversion intrinsics. Else, we wnat to leave the
5337 // type how it is, but do normal L->Rvalue conversions.
5338 if (Context.getTargetInfo().useFP16ConversionIntrinsics()) {
5339 ExprResult Res = UsualUnaryConversions(E: OrigArg);
5340
5341 if (!Res.isUsable())
5342 return true;
5343 OrigArg = Res.get();
5344 } else {
5345 ExprResult Res = DefaultFunctionArrayLvalueConversion(E: OrigArg);
5346
5347 if (!Res.isUsable())
5348 return true;
5349 OrigArg = Res.get();
5350 }
5351 TheCall->setArg(Arg: FPArgNo, ArgExpr: OrigArg);
5352
5353 QualType VectorResultTy;
5354 QualType ElementTy = OrigArg->getType();
5355 // TODO: When all classification function are implemented with is_fpclass,
5356 // vector argument can be supported in all of them.
5357 if (ElementTy->isVectorType() && IsFPClass) {
5358 VectorResultTy = GetSignedVectorType(V: ElementTy);
5359 ElementTy = ElementTy->castAs<VectorType>()->getElementType();
5360 }
5361
5362 // This operation requires a non-_Complex floating-point number.
5363 if (!ElementTy->isRealFloatingType())
5364 return Diag(Loc: OrigArg->getBeginLoc(),
5365 DiagID: diag::err_typecheck_call_invalid_unary_fp)
5366 << OrigArg->getType() << OrigArg->getSourceRange();
5367
5368 // __builtin_isfpclass has integer parameter that specify test mask. It is
5369 // passed in (...), so it should be analyzed completely here.
5370 if (IsFPClass)
5371 if (BuiltinConstantArgRange(TheCall, ArgNum: 1, Low: 0, High: llvm::fcAllFlags))
5372 return true;
5373
5374 // TODO: enable this code to all classification functions.
5375 if (IsFPClass) {
5376 QualType ResultTy;
5377 if (!VectorResultTy.isNull())
5378 ResultTy = VectorResultTy;
5379 else
5380 ResultTy = Context.IntTy;
5381 TheCall->setType(ResultTy);
5382 }
5383
5384 return false;
5385}
5386
5387bool Sema::BuiltinComplex(CallExpr *TheCall) {
5388 if (checkArgCount(Call: TheCall, DesiredArgCount: 2))
5389 return true;
5390
5391 bool Dependent = false;
5392 for (unsigned I = 0; I != 2; ++I) {
5393 Expr *Arg = TheCall->getArg(Arg: I);
5394 QualType T = Arg->getType();
5395 if (T->isDependentType()) {
5396 Dependent = true;
5397 continue;
5398 }
5399
5400 // Despite supporting _Complex int, GCC requires a real floating point type
5401 // for the operands of __builtin_complex.
5402 if (!T->isRealFloatingType()) {
5403 return Diag(Loc: Arg->getBeginLoc(), DiagID: diag::err_typecheck_call_requires_real_fp)
5404 << Arg->getType() << Arg->getSourceRange();
5405 }
5406
5407 ExprResult Converted = DefaultLvalueConversion(E: Arg);
5408 if (Converted.isInvalid())
5409 return true;
5410 TheCall->setArg(Arg: I, ArgExpr: Converted.get());
5411 }
5412
5413 if (Dependent) {
5414 TheCall->setType(Context.DependentTy);
5415 return false;
5416 }
5417
5418 Expr *Real = TheCall->getArg(Arg: 0);
5419 Expr *Imag = TheCall->getArg(Arg: 1);
5420 if (!Context.hasSameType(T1: Real->getType(), T2: Imag->getType())) {
5421 return Diag(Loc: Real->getBeginLoc(),
5422 DiagID: diag::err_typecheck_call_different_arg_types)
5423 << Real->getType() << Imag->getType()
5424 << Real->getSourceRange() << Imag->getSourceRange();
5425 }
5426
5427 // We don't allow _Complex _Float16 nor _Complex __fp16 as type specifiers;
5428 // don't allow this builtin to form those types either.
5429 // FIXME: Should we allow these types?
5430 if (Real->getType()->isFloat16Type())
5431 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_invalid_complex_spec)
5432 << "_Float16";
5433 if (Real->getType()->isHalfType())
5434 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_invalid_complex_spec)
5435 << "half";
5436
5437 TheCall->setType(Context.getComplexType(T: Real->getType()));
5438 return false;
5439}
5440
5441/// BuiltinShuffleVector - Handle __builtin_shufflevector.
5442// This is declared to take (...), so we have to check everything.
5443ExprResult Sema::BuiltinShuffleVector(CallExpr *TheCall) {
5444 if (TheCall->getNumArgs() < 2)
5445 return ExprError(Diag(Loc: TheCall->getEndLoc(),
5446 DiagID: diag::err_typecheck_call_too_few_args_at_least)
5447 << 0 /*function call*/ << 2 << TheCall->getNumArgs()
5448 << /*is non object*/ 0 << TheCall->getSourceRange());
5449
5450 // Determine which of the following types of shufflevector we're checking:
5451 // 1) unary, vector mask: (lhs, mask)
5452 // 2) binary, scalar mask: (lhs, rhs, index, ..., index)
5453 QualType resType = TheCall->getArg(Arg: 0)->getType();
5454 unsigned numElements = 0;
5455
5456 if (!TheCall->getArg(Arg: 0)->isTypeDependent() &&
5457 !TheCall->getArg(Arg: 1)->isTypeDependent()) {
5458 QualType LHSType = TheCall->getArg(Arg: 0)->getType();
5459 QualType RHSType = TheCall->getArg(Arg: 1)->getType();
5460
5461 if (!LHSType->isVectorType() || !RHSType->isVectorType())
5462 return ExprError(
5463 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_vec_builtin_non_vector)
5464 << TheCall->getDirectCallee() << /*isMorethantwoArgs*/ false
5465 << SourceRange(TheCall->getArg(Arg: 0)->getBeginLoc(),
5466 TheCall->getArg(Arg: 1)->getEndLoc()));
5467
5468 numElements = LHSType->castAs<VectorType>()->getNumElements();
5469 unsigned numResElements = TheCall->getNumArgs() - 2;
5470
5471 // Check to see if we have a call with 2 vector arguments, the unary shuffle
5472 // with mask. If so, verify that RHS is an integer vector type with the
5473 // same number of elts as lhs.
5474 if (TheCall->getNumArgs() == 2) {
5475 if (!RHSType->hasIntegerRepresentation() ||
5476 RHSType->castAs<VectorType>()->getNumElements() != numElements)
5477 return ExprError(Diag(Loc: TheCall->getBeginLoc(),
5478 DiagID: diag::err_vec_builtin_incompatible_vector)
5479 << TheCall->getDirectCallee()
5480 << /*isMorethantwoArgs*/ false
5481 << SourceRange(TheCall->getArg(Arg: 1)->getBeginLoc(),
5482 TheCall->getArg(Arg: 1)->getEndLoc()));
5483 } else if (!Context.hasSameUnqualifiedType(T1: LHSType, T2: RHSType)) {
5484 return ExprError(Diag(Loc: TheCall->getBeginLoc(),
5485 DiagID: diag::err_vec_builtin_incompatible_vector)
5486 << TheCall->getDirectCallee()
5487 << /*isMorethantwoArgs*/ false
5488 << SourceRange(TheCall->getArg(Arg: 0)->getBeginLoc(),
5489 TheCall->getArg(Arg: 1)->getEndLoc()));
5490 } else if (numElements != numResElements) {
5491 QualType eltType = LHSType->castAs<VectorType>()->getElementType();
5492 resType =
5493 Context.getVectorType(VectorType: eltType, NumElts: numResElements, VecKind: VectorKind::Generic);
5494 }
5495 }
5496
5497 for (unsigned i = 2; i < TheCall->getNumArgs(); i++) {
5498 Expr *Arg = TheCall->getArg(Arg: i);
5499 if (Arg->isTypeDependent() || Arg->isValueDependent())
5500 continue;
5501
5502 std::optional<llvm::APSInt> Result;
5503 if (!(Result = Arg->getIntegerConstantExpr(Ctx: Context)))
5504 return ExprError(Diag(Loc: TheCall->getBeginLoc(),
5505 DiagID: diag::err_shufflevector_nonconstant_argument)
5506 << Arg->getSourceRange());
5507
5508 // Allow -1 which will be translated to undef in the IR.
5509 if (Result->isSigned() && Result->isAllOnes())
5510 ;
5511 else if (Result->getActiveBits() > 64 ||
5512 Result->getZExtValue() >= numElements * 2)
5513 return ExprError(Diag(Loc: TheCall->getBeginLoc(),
5514 DiagID: diag::err_shufflevector_argument_too_large)
5515 << Arg->getSourceRange());
5516
5517 TheCall->setArg(Arg: i, ArgExpr: ConstantExpr::Create(Context, E: Arg, Result: APValue(*Result)));
5518 }
5519
5520 SmallVector<Expr *> exprs;
5521 for (unsigned i = 0, e = TheCall->getNumArgs(); i != e; i++) {
5522 exprs.push_back(Elt: TheCall->getArg(Arg: i));
5523 TheCall->setArg(Arg: i, ArgExpr: nullptr);
5524 }
5525
5526 return new (Context) ShuffleVectorExpr(Context, exprs, resType,
5527 TheCall->getCallee()->getBeginLoc(),
5528 TheCall->getRParenLoc());
5529}
5530
5531ExprResult Sema::ConvertVectorExpr(Expr *E, TypeSourceInfo *TInfo,
5532 SourceLocation BuiltinLoc,
5533 SourceLocation RParenLoc) {
5534 ExprValueKind VK = VK_PRValue;
5535 ExprObjectKind OK = OK_Ordinary;
5536 QualType DstTy = TInfo->getType();
5537 QualType SrcTy = E->getType();
5538
5539 if (!SrcTy->isVectorType() && !SrcTy->isDependentType())
5540 return ExprError(Diag(Loc: BuiltinLoc,
5541 DiagID: diag::err_convertvector_non_vector)
5542 << E->getSourceRange());
5543 if (!DstTy->isVectorType() && !DstTy->isDependentType())
5544 return ExprError(Diag(Loc: BuiltinLoc, DiagID: diag::err_builtin_non_vector_type)
5545 << "second"
5546 << "__builtin_convertvector");
5547
5548 if (!SrcTy->isDependentType() && !DstTy->isDependentType()) {
5549 unsigned SrcElts = SrcTy->castAs<VectorType>()->getNumElements();
5550 unsigned DstElts = DstTy->castAs<VectorType>()->getNumElements();
5551 if (SrcElts != DstElts)
5552 return ExprError(Diag(Loc: BuiltinLoc,
5553 DiagID: diag::err_convertvector_incompatible_vector)
5554 << E->getSourceRange());
5555 }
5556
5557 return ConvertVectorExpr::Create(C: Context, SrcExpr: E, TI: TInfo, DstType: DstTy, VK, OK, BuiltinLoc,
5558 RParenLoc, FPFeatures: CurFPFeatureOverrides());
5559}
5560
5561bool Sema::BuiltinPrefetch(CallExpr *TheCall) {
5562 unsigned NumArgs = TheCall->getNumArgs();
5563
5564 if (NumArgs > 3)
5565 return Diag(Loc: TheCall->getEndLoc(),
5566 DiagID: diag::err_typecheck_call_too_many_args_at_most)
5567 << 0 /*function call*/ << 3 << NumArgs << /*is non object*/ 0
5568 << TheCall->getSourceRange();
5569
5570 // Argument 0 is checked for us and the remaining arguments must be
5571 // constant integers.
5572 for (unsigned i = 1; i != NumArgs; ++i)
5573 if (BuiltinConstantArgRange(TheCall, ArgNum: i, Low: 0, High: i == 1 ? 1 : 3))
5574 return true;
5575
5576 return false;
5577}
5578
5579bool Sema::BuiltinArithmeticFence(CallExpr *TheCall) {
5580 if (!Context.getTargetInfo().checkArithmeticFenceSupported())
5581 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_target_unsupported)
5582 << SourceRange(TheCall->getBeginLoc(), TheCall->getEndLoc());
5583 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
5584 return true;
5585 Expr *Arg = TheCall->getArg(Arg: 0);
5586 if (Arg->isInstantiationDependent())
5587 return false;
5588
5589 QualType ArgTy = Arg->getType();
5590 if (!ArgTy->hasFloatingRepresentation())
5591 return Diag(Loc: TheCall->getEndLoc(), DiagID: diag::err_typecheck_expect_flt_or_vector)
5592 << ArgTy;
5593 if (Arg->isLValue()) {
5594 ExprResult FirstArg = DefaultLvalueConversion(E: Arg);
5595 TheCall->setArg(Arg: 0, ArgExpr: FirstArg.get());
5596 }
5597 TheCall->setType(TheCall->getArg(Arg: 0)->getType());
5598 return false;
5599}
5600
5601bool Sema::BuiltinAssume(CallExpr *TheCall) {
5602 Expr *Arg = TheCall->getArg(Arg: 0);
5603 if (Arg->isInstantiationDependent()) return false;
5604
5605 if (Arg->HasSideEffects(Ctx: Context))
5606 Diag(Loc: Arg->getBeginLoc(), DiagID: diag::warn_assume_side_effects)
5607 << Arg->getSourceRange()
5608 << cast<FunctionDecl>(Val: TheCall->getCalleeDecl())->getIdentifier();
5609
5610 return false;
5611}
5612
5613bool Sema::BuiltinAllocaWithAlign(CallExpr *TheCall) {
5614 // The alignment must be a constant integer.
5615 Expr *Arg = TheCall->getArg(Arg: 1);
5616
5617 // We can't check the value of a dependent argument.
5618 if (!Arg->isTypeDependent() && !Arg->isValueDependent()) {
5619 if (const auto *UE =
5620 dyn_cast<UnaryExprOrTypeTraitExpr>(Val: Arg->IgnoreParenImpCasts()))
5621 if (UE->getKind() == UETT_AlignOf ||
5622 UE->getKind() == UETT_PreferredAlignOf)
5623 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_alloca_align_alignof)
5624 << Arg->getSourceRange();
5625
5626 llvm::APSInt Result = Arg->EvaluateKnownConstInt(Ctx: Context);
5627
5628 if (!Result.isPowerOf2())
5629 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_alignment_not_power_of_two)
5630 << Arg->getSourceRange();
5631
5632 if (Result < Context.getCharWidth())
5633 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_alignment_too_small)
5634 << (unsigned)Context.getCharWidth() << Arg->getSourceRange();
5635
5636 if (Result > std::numeric_limits<int32_t>::max())
5637 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_alignment_too_big)
5638 << std::numeric_limits<int32_t>::max() << Arg->getSourceRange();
5639 }
5640
5641 return false;
5642}
5643
5644bool Sema::BuiltinAssumeAligned(CallExpr *TheCall) {
5645 if (checkArgCountRange(Call: TheCall, MinArgCount: 2, MaxArgCount: 3))
5646 return true;
5647
5648 unsigned NumArgs = TheCall->getNumArgs();
5649 Expr *FirstArg = TheCall->getArg(Arg: 0);
5650
5651 {
5652 ExprResult FirstArgResult =
5653 DefaultFunctionArrayLvalueConversion(E: FirstArg);
5654 if (!FirstArgResult.get()->getType()->isPointerType()) {
5655 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_assume_aligned_invalid_arg)
5656 << TheCall->getSourceRange();
5657 return true;
5658 }
5659 TheCall->setArg(Arg: 0, ArgExpr: FirstArgResult.get());
5660 }
5661
5662 // The alignment must be a constant integer.
5663 Expr *SecondArg = TheCall->getArg(Arg: 1);
5664
5665 // We can't check the value of a dependent argument.
5666 if (!SecondArg->isValueDependent()) {
5667 llvm::APSInt Result;
5668 if (BuiltinConstantArg(TheCall, ArgNum: 1, Result))
5669 return true;
5670
5671 if (!Result.isPowerOf2())
5672 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_alignment_not_power_of_two)
5673 << SecondArg->getSourceRange();
5674
5675 if (Result > Sema::MaximumAlignment)
5676 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::warn_assume_aligned_too_great)
5677 << SecondArg->getSourceRange() << Sema::MaximumAlignment;
5678 }
5679
5680 if (NumArgs > 2) {
5681 Expr *ThirdArg = TheCall->getArg(Arg: 2);
5682 if (convertArgumentToType(S&: *this, Value&: ThirdArg, Ty: Context.getSizeType()))
5683 return true;
5684 TheCall->setArg(Arg: 2, ArgExpr: ThirdArg);
5685 }
5686
5687 return false;
5688}
5689
5690bool Sema::BuiltinOSLogFormat(CallExpr *TheCall) {
5691 unsigned BuiltinID =
5692 cast<FunctionDecl>(Val: TheCall->getCalleeDecl())->getBuiltinID();
5693 bool IsSizeCall = BuiltinID == Builtin::BI__builtin_os_log_format_buffer_size;
5694
5695 unsigned NumArgs = TheCall->getNumArgs();
5696 unsigned NumRequiredArgs = IsSizeCall ? 1 : 2;
5697 if (NumArgs < NumRequiredArgs) {
5698 return Diag(Loc: TheCall->getEndLoc(), DiagID: diag::err_typecheck_call_too_few_args)
5699 << 0 /* function call */ << NumRequiredArgs << NumArgs
5700 << /*is non object*/ 0 << TheCall->getSourceRange();
5701 }
5702 if (NumArgs >= NumRequiredArgs + 0x100) {
5703 return Diag(Loc: TheCall->getEndLoc(),
5704 DiagID: diag::err_typecheck_call_too_many_args_at_most)
5705 << 0 /* function call */ << (NumRequiredArgs + 0xff) << NumArgs
5706 << /*is non object*/ 0 << TheCall->getSourceRange();
5707 }
5708 unsigned i = 0;
5709
5710 // For formatting call, check buffer arg.
5711 if (!IsSizeCall) {
5712 ExprResult Arg(TheCall->getArg(Arg: i));
5713 InitializedEntity Entity = InitializedEntity::InitializeParameter(
5714 Context, Type: Context.VoidPtrTy, Consumed: false);
5715 Arg = PerformCopyInitialization(Entity, EqualLoc: SourceLocation(), Init: Arg);
5716 if (Arg.isInvalid())
5717 return true;
5718 TheCall->setArg(Arg: i, ArgExpr: Arg.get());
5719 i++;
5720 }
5721
5722 // Check string literal arg.
5723 unsigned FormatIdx = i;
5724 {
5725 ExprResult Arg = CheckOSLogFormatStringArg(Arg: TheCall->getArg(Arg: i));
5726 if (Arg.isInvalid())
5727 return true;
5728 TheCall->setArg(Arg: i, ArgExpr: Arg.get());
5729 i++;
5730 }
5731
5732 // Make sure variadic args are scalar.
5733 unsigned FirstDataArg = i;
5734 while (i < NumArgs) {
5735 ExprResult Arg = DefaultVariadicArgumentPromotion(
5736 E: TheCall->getArg(Arg: i), CT: VariadicCallType::Function, FDecl: nullptr);
5737 if (Arg.isInvalid())
5738 return true;
5739 CharUnits ArgSize = Context.getTypeSizeInChars(T: Arg.get()->getType());
5740 if (ArgSize.getQuantity() >= 0x100) {
5741 return Diag(Loc: Arg.get()->getEndLoc(), DiagID: diag::err_os_log_argument_too_big)
5742 << i << (int)ArgSize.getQuantity() << 0xff
5743 << TheCall->getSourceRange();
5744 }
5745 TheCall->setArg(Arg: i, ArgExpr: Arg.get());
5746 i++;
5747 }
5748
5749 // Check formatting specifiers. NOTE: We're only doing this for the non-size
5750 // call to avoid duplicate diagnostics.
5751 if (!IsSizeCall) {
5752 llvm::SmallBitVector CheckedVarArgs(NumArgs, false);
5753 ArrayRef<const Expr *> Args(TheCall->getArgs(), TheCall->getNumArgs());
5754 bool Success = CheckFormatArguments(
5755 Args, FAPK: FAPK_Variadic, ReferenceFormatString: nullptr, format_idx: FormatIdx, firstDataArg: FirstDataArg,
5756 Type: FormatStringType::OSLog, CallType: VariadicCallType::Function,
5757 Loc: TheCall->getBeginLoc(), range: SourceRange(), CheckedVarArgs);
5758 if (!Success)
5759 return true;
5760 }
5761
5762 if (IsSizeCall) {
5763 TheCall->setType(Context.getSizeType());
5764 } else {
5765 TheCall->setType(Context.VoidPtrTy);
5766 }
5767 return false;
5768}
5769
5770bool Sema::BuiltinConstantArg(CallExpr *TheCall, int ArgNum,
5771 llvm::APSInt &Result) {
5772 Expr *Arg = TheCall->getArg(Arg: ArgNum);
5773 DeclRefExpr *DRE =cast<DeclRefExpr>(Val: TheCall->getCallee()->IgnoreParenCasts());
5774 FunctionDecl *FDecl = cast<FunctionDecl>(Val: DRE->getDecl());
5775
5776 if (Arg->isTypeDependent() || Arg->isValueDependent()) return false;
5777
5778 std::optional<llvm::APSInt> R;
5779 if (!(R = Arg->getIntegerConstantExpr(Ctx: Context)))
5780 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_constant_integer_arg_type)
5781 << FDecl->getDeclName() << Arg->getSourceRange();
5782 Result = *R;
5783 return false;
5784}
5785
5786bool Sema::BuiltinConstantArgRange(CallExpr *TheCall, int ArgNum, int Low,
5787 int High, bool RangeIsError) {
5788 if (isConstantEvaluatedContext())
5789 return false;
5790 llvm::APSInt Result;
5791
5792 // We can't check the value of a dependent argument.
5793 Expr *Arg = TheCall->getArg(Arg: ArgNum);
5794 if (Arg->isTypeDependent() || Arg->isValueDependent())
5795 return false;
5796
5797 // Check constant-ness first.
5798 if (BuiltinConstantArg(TheCall, ArgNum, Result))
5799 return true;
5800
5801 if (Result.getSExtValue() < Low || Result.getSExtValue() > High) {
5802 if (RangeIsError)
5803 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_argument_invalid_range)
5804 << toString(I: Result, Radix: 10) << Low << High << Arg->getSourceRange();
5805 else
5806 // Defer the warning until we know if the code will be emitted so that
5807 // dead code can ignore this.
5808 DiagRuntimeBehavior(Loc: TheCall->getBeginLoc(), Statement: TheCall,
5809 PD: PDiag(DiagID: diag::warn_argument_invalid_range)
5810 << toString(I: Result, Radix: 10) << Low << High
5811 << Arg->getSourceRange());
5812 }
5813
5814 return false;
5815}
5816
5817bool Sema::BuiltinConstantArgMultiple(CallExpr *TheCall, int ArgNum,
5818 unsigned Num) {
5819 llvm::APSInt Result;
5820
5821 // We can't check the value of a dependent argument.
5822 Expr *Arg = TheCall->getArg(Arg: ArgNum);
5823 if (Arg->isTypeDependent() || Arg->isValueDependent())
5824 return false;
5825
5826 // Check constant-ness first.
5827 if (BuiltinConstantArg(TheCall, ArgNum, Result))
5828 return true;
5829
5830 if (Result.getSExtValue() % Num != 0)
5831 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_argument_not_multiple)
5832 << Num << Arg->getSourceRange();
5833
5834 return false;
5835}
5836
5837bool Sema::BuiltinConstantArgPower2(CallExpr *TheCall, int ArgNum) {
5838 llvm::APSInt Result;
5839
5840 // We can't check the value of a dependent argument.
5841 Expr *Arg = TheCall->getArg(Arg: ArgNum);
5842 if (Arg->isTypeDependent() || Arg->isValueDependent())
5843 return false;
5844
5845 // Check constant-ness first.
5846 if (BuiltinConstantArg(TheCall, ArgNum, Result))
5847 return true;
5848
5849 // Bit-twiddling to test for a power of 2: for x > 0, x & (x-1) is zero if
5850 // and only if x is a power of 2.
5851 if (Result.isStrictlyPositive() && (Result & (Result - 1)) == 0)
5852 return false;
5853
5854 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_argument_not_power_of_2)
5855 << Arg->getSourceRange();
5856}
5857
5858static bool IsShiftedByte(llvm::APSInt Value) {
5859 if (Value.isNegative())
5860 return false;
5861
5862 // Check if it's a shifted byte, by shifting it down
5863 while (true) {
5864 // If the value fits in the bottom byte, the check passes.
5865 if (Value < 0x100)
5866 return true;
5867
5868 // Otherwise, if the value has _any_ bits in the bottom byte, the check
5869 // fails.
5870 if ((Value & 0xFF) != 0)
5871 return false;
5872
5873 // If the bottom 8 bits are all 0, but something above that is nonzero,
5874 // then shifting the value right by 8 bits won't affect whether it's a
5875 // shifted byte or not. So do that, and go round again.
5876 Value >>= 8;
5877 }
5878}
5879
5880bool Sema::BuiltinConstantArgShiftedByte(CallExpr *TheCall, int ArgNum,
5881 unsigned ArgBits) {
5882 llvm::APSInt Result;
5883
5884 // We can't check the value of a dependent argument.
5885 Expr *Arg = TheCall->getArg(Arg: ArgNum);
5886 if (Arg->isTypeDependent() || Arg->isValueDependent())
5887 return false;
5888
5889 // Check constant-ness first.
5890 if (BuiltinConstantArg(TheCall, ArgNum, Result))
5891 return true;
5892
5893 // Truncate to the given size.
5894 Result = Result.getLoBits(numBits: ArgBits);
5895 Result.setIsUnsigned(true);
5896
5897 if (IsShiftedByte(Value: Result))
5898 return false;
5899
5900 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_argument_not_shifted_byte)
5901 << Arg->getSourceRange();
5902}
5903
5904bool Sema::BuiltinConstantArgShiftedByteOrXXFF(CallExpr *TheCall, int ArgNum,
5905 unsigned ArgBits) {
5906 llvm::APSInt Result;
5907
5908 // We can't check the value of a dependent argument.
5909 Expr *Arg = TheCall->getArg(Arg: ArgNum);
5910 if (Arg->isTypeDependent() || Arg->isValueDependent())
5911 return false;
5912
5913 // Check constant-ness first.
5914 if (BuiltinConstantArg(TheCall, ArgNum, Result))
5915 return true;
5916
5917 // Truncate to the given size.
5918 Result = Result.getLoBits(numBits: ArgBits);
5919 Result.setIsUnsigned(true);
5920
5921 // Check to see if it's in either of the required forms.
5922 if (IsShiftedByte(Value: Result) ||
5923 (Result > 0 && Result < 0x10000 && (Result & 0xFF) == 0xFF))
5924 return false;
5925
5926 return Diag(Loc: TheCall->getBeginLoc(),
5927 DiagID: diag::err_argument_not_shifted_byte_or_xxff)
5928 << Arg->getSourceRange();
5929}
5930
5931bool Sema::BuiltinLongjmp(CallExpr *TheCall) {
5932 if (!Context.getTargetInfo().hasSjLjLowering())
5933 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_longjmp_unsupported)
5934 << SourceRange(TheCall->getBeginLoc(), TheCall->getEndLoc());
5935
5936 Expr *Arg = TheCall->getArg(Arg: 1);
5937 llvm::APSInt Result;
5938
5939 // TODO: This is less than ideal. Overload this to take a value.
5940 if (BuiltinConstantArg(TheCall, ArgNum: 1, Result))
5941 return true;
5942
5943 if (Result != 1)
5944 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_longjmp_invalid_val)
5945 << SourceRange(Arg->getBeginLoc(), Arg->getEndLoc());
5946
5947 return false;
5948}
5949
5950bool Sema::BuiltinSetjmp(CallExpr *TheCall) {
5951 if (!Context.getTargetInfo().hasSjLjLowering())
5952 return Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_setjmp_unsupported)
5953 << SourceRange(TheCall->getBeginLoc(), TheCall->getEndLoc());
5954 return false;
5955}
5956
5957bool Sema::BuiltinCountedByRef(CallExpr *TheCall) {
5958 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
5959 return true;
5960
5961 ExprResult ArgRes = UsualUnaryConversions(E: TheCall->getArg(Arg: 0));
5962 if (ArgRes.isInvalid())
5963 return true;
5964
5965 // For simplicity, we support only limited expressions for the argument.
5966 // Specifically a pointer to a flexible array member:'ptr->array'. This
5967 // allows us to reject arguments with complex casting, which really shouldn't
5968 // be a huge problem.
5969 const Expr *Arg = ArgRes.get()->IgnoreParenImpCasts();
5970 if (!isa<PointerType>(Val: Arg->getType()) && !Arg->getType()->isArrayType())
5971 return Diag(Loc: Arg->getBeginLoc(),
5972 DiagID: diag::err_builtin_counted_by_ref_must_be_flex_array_member)
5973 << Arg->getSourceRange();
5974
5975 if (Arg->HasSideEffects(Ctx: Context))
5976 return Diag(Loc: Arg->getBeginLoc(),
5977 DiagID: diag::err_builtin_counted_by_ref_has_side_effects)
5978 << Arg->getSourceRange();
5979
5980 if (const auto *ME = dyn_cast<MemberExpr>(Val: Arg)) {
5981 if (!ME->isFlexibleArrayMemberLike(
5982 Context, StrictFlexArraysLevel: getLangOpts().getStrictFlexArraysLevel()))
5983 return Diag(Loc: Arg->getBeginLoc(),
5984 DiagID: diag::err_builtin_counted_by_ref_must_be_flex_array_member)
5985 << Arg->getSourceRange();
5986
5987 if (auto *CATy =
5988 ME->getMemberDecl()->getType()->getAs<CountAttributedType>();
5989 CATy && CATy->getKind() == CountAttributedType::CountedBy) {
5990 const auto *FAMDecl = cast<FieldDecl>(Val: ME->getMemberDecl());
5991 if (const FieldDecl *CountFD = FAMDecl->findCountedByField()) {
5992 TheCall->setType(Context.getPointerType(T: CountFD->getType()));
5993 return false;
5994 }
5995 }
5996 } else {
5997 return Diag(Loc: Arg->getBeginLoc(),
5998 DiagID: diag::err_builtin_counted_by_ref_must_be_flex_array_member)
5999 << Arg->getSourceRange();
6000 }
6001
6002 TheCall->setType(Context.getPointerType(T: Context.VoidTy));
6003 return false;
6004}
6005
6006/// The result of __builtin_counted_by_ref cannot be assigned to a variable.
6007/// It allows leaking and modification of bounds safety information.
6008bool Sema::CheckInvalidBuiltinCountedByRef(const Expr *E,
6009 BuiltinCountedByRefKind K) {
6010 const CallExpr *CE =
6011 E ? dyn_cast<CallExpr>(Val: E->IgnoreParenImpCasts()) : nullptr;
6012 if (!CE || CE->getBuiltinCallee() != Builtin::BI__builtin_counted_by_ref)
6013 return false;
6014
6015 switch (K) {
6016 case BuiltinCountedByRefKind::Assignment:
6017 case BuiltinCountedByRefKind::Initializer:
6018 Diag(Loc: E->getExprLoc(),
6019 DiagID: diag::err_builtin_counted_by_ref_cannot_leak_reference)
6020 << 0 << E->getSourceRange();
6021 break;
6022 case BuiltinCountedByRefKind::FunctionArg:
6023 Diag(Loc: E->getExprLoc(),
6024 DiagID: diag::err_builtin_counted_by_ref_cannot_leak_reference)
6025 << 1 << E->getSourceRange();
6026 break;
6027 case BuiltinCountedByRefKind::ReturnArg:
6028 Diag(Loc: E->getExprLoc(),
6029 DiagID: diag::err_builtin_counted_by_ref_cannot_leak_reference)
6030 << 2 << E->getSourceRange();
6031 break;
6032 case BuiltinCountedByRefKind::ArraySubscript:
6033 Diag(Loc: E->getExprLoc(), DiagID: diag::err_builtin_counted_by_ref_invalid_use)
6034 << 0 << E->getSourceRange();
6035 break;
6036 case BuiltinCountedByRefKind::BinaryExpr:
6037 Diag(Loc: E->getExprLoc(), DiagID: diag::err_builtin_counted_by_ref_invalid_use)
6038 << 1 << E->getSourceRange();
6039 break;
6040 }
6041
6042 return true;
6043}
6044
6045namespace {
6046
6047class UncoveredArgHandler {
6048 enum { Unknown = -1, AllCovered = -2 };
6049
6050 signed FirstUncoveredArg = Unknown;
6051 SmallVector<const Expr *, 4> DiagnosticExprs;
6052
6053public:
6054 UncoveredArgHandler() = default;
6055
6056 bool hasUncoveredArg() const {
6057 return (FirstUncoveredArg >= 0);
6058 }
6059
6060 unsigned getUncoveredArg() const {
6061 assert(hasUncoveredArg() && "no uncovered argument");
6062 return FirstUncoveredArg;
6063 }
6064
6065 void setAllCovered() {
6066 // A string has been found with all arguments covered, so clear out
6067 // the diagnostics.
6068 DiagnosticExprs.clear();
6069 FirstUncoveredArg = AllCovered;
6070 }
6071
6072 void Update(signed NewFirstUncoveredArg, const Expr *StrExpr) {
6073 assert(NewFirstUncoveredArg >= 0 && "Outside range");
6074
6075 // Don't update if a previous string covers all arguments.
6076 if (FirstUncoveredArg == AllCovered)
6077 return;
6078
6079 // UncoveredArgHandler tracks the highest uncovered argument index
6080 // and with it all the strings that match this index.
6081 if (NewFirstUncoveredArg == FirstUncoveredArg)
6082 DiagnosticExprs.push_back(Elt: StrExpr);
6083 else if (NewFirstUncoveredArg > FirstUncoveredArg) {
6084 DiagnosticExprs.clear();
6085 DiagnosticExprs.push_back(Elt: StrExpr);
6086 FirstUncoveredArg = NewFirstUncoveredArg;
6087 }
6088 }
6089
6090 void Diagnose(Sema &S, bool IsFunctionCall, const Expr *ArgExpr);
6091};
6092
6093enum StringLiteralCheckType {
6094 SLCT_NotALiteral,
6095 SLCT_UncheckedLiteral,
6096 SLCT_CheckedLiteral
6097};
6098
6099} // namespace
6100
6101static void sumOffsets(llvm::APSInt &Offset, llvm::APSInt Addend,
6102 BinaryOperatorKind BinOpKind,
6103 bool AddendIsRight) {
6104 unsigned BitWidth = Offset.getBitWidth();
6105 unsigned AddendBitWidth = Addend.getBitWidth();
6106 // There might be negative interim results.
6107 if (Addend.isUnsigned()) {
6108 Addend = Addend.zext(width: ++AddendBitWidth);
6109 Addend.setIsSigned(true);
6110 }
6111 // Adjust the bit width of the APSInts.
6112 if (AddendBitWidth > BitWidth) {
6113 Offset = Offset.sext(width: AddendBitWidth);
6114 BitWidth = AddendBitWidth;
6115 } else if (BitWidth > AddendBitWidth) {
6116 Addend = Addend.sext(width: BitWidth);
6117 }
6118
6119 bool Ov = false;
6120 llvm::APSInt ResOffset = Offset;
6121 if (BinOpKind == BO_Add)
6122 ResOffset = Offset.sadd_ov(RHS: Addend, Overflow&: Ov);
6123 else {
6124 assert(AddendIsRight && BinOpKind == BO_Sub &&
6125 "operator must be add or sub with addend on the right");
6126 ResOffset = Offset.ssub_ov(RHS: Addend, Overflow&: Ov);
6127 }
6128
6129 // We add an offset to a pointer here so we should support an offset as big as
6130 // possible.
6131 if (Ov) {
6132 assert(BitWidth <= std::numeric_limits<unsigned>::max() / 2 &&
6133 "index (intermediate) result too big");
6134 Offset = Offset.sext(width: 2 * BitWidth);
6135 sumOffsets(Offset, Addend, BinOpKind, AddendIsRight);
6136 return;
6137 }
6138
6139 Offset = ResOffset;
6140}
6141
6142namespace {
6143
6144// This is a wrapper class around StringLiteral to support offsetted string
6145// literals as format strings. It takes the offset into account when returning
6146// the string and its length or the source locations to display notes correctly.
6147class FormatStringLiteral {
6148 const StringLiteral *FExpr;
6149 int64_t Offset;
6150
6151public:
6152 FormatStringLiteral(const StringLiteral *fexpr, int64_t Offset = 0)
6153 : FExpr(fexpr), Offset(Offset) {}
6154
6155 const StringLiteral *getFormatString() const { return FExpr; }
6156
6157 StringRef getString() const { return FExpr->getString().drop_front(N: Offset); }
6158
6159 unsigned getByteLength() const {
6160 return FExpr->getByteLength() - getCharByteWidth() * Offset;
6161 }
6162
6163 unsigned getLength() const { return FExpr->getLength() - Offset; }
6164 unsigned getCharByteWidth() const { return FExpr->getCharByteWidth(); }
6165
6166 StringLiteralKind getKind() const { return FExpr->getKind(); }
6167
6168 QualType getType() const { return FExpr->getType(); }
6169
6170 bool isAscii() const { return FExpr->isOrdinary(); }
6171 bool isWide() const { return FExpr->isWide(); }
6172 bool isUTF8() const { return FExpr->isUTF8(); }
6173 bool isUTF16() const { return FExpr->isUTF16(); }
6174 bool isUTF32() const { return FExpr->isUTF32(); }
6175 bool isPascal() const { return FExpr->isPascal(); }
6176
6177 SourceLocation getLocationOfByte(
6178 unsigned ByteNo, const SourceManager &SM, const LangOptions &Features,
6179 const TargetInfo &Target, unsigned *StartToken = nullptr,
6180 unsigned *StartTokenByteOffset = nullptr) const {
6181 return FExpr->getLocationOfByte(ByteNo: ByteNo + Offset, SM, Features, Target,
6182 StartToken, StartTokenByteOffset);
6183 }
6184
6185 SourceLocation getBeginLoc() const LLVM_READONLY {
6186 return FExpr->getBeginLoc().getLocWithOffset(Offset);
6187 }
6188
6189 SourceLocation getEndLoc() const LLVM_READONLY { return FExpr->getEndLoc(); }
6190};
6191
6192} // namespace
6193
6194static void CheckFormatString(
6195 Sema &S, const FormatStringLiteral *FExpr,
6196 const StringLiteral *ReferenceFormatString, const Expr *OrigFormatExpr,
6197 ArrayRef<const Expr *> Args, Sema::FormatArgumentPassingKind APK,
6198 unsigned format_idx, unsigned firstDataArg, FormatStringType Type,
6199 bool inFunctionCall, VariadicCallType CallType,
6200 llvm::SmallBitVector &CheckedVarArgs, UncoveredArgHandler &UncoveredArg,
6201 bool IgnoreStringsWithoutSpecifiers);
6202
6203static const Expr *maybeConstEvalStringLiteral(ASTContext &Context,
6204 const Expr *E);
6205
6206// Determine if an expression is a string literal or constant string.
6207// If this function returns false on the arguments to a function expecting a
6208// format string, we will usually need to emit a warning.
6209// True string literals are then checked by CheckFormatString.
6210static StringLiteralCheckType checkFormatStringExpr(
6211 Sema &S, const StringLiteral *ReferenceFormatString, const Expr *E,
6212 ArrayRef<const Expr *> Args, Sema::FormatArgumentPassingKind APK,
6213 unsigned format_idx, unsigned firstDataArg, FormatStringType Type,
6214 VariadicCallType CallType, bool InFunctionCall,
6215 llvm::SmallBitVector &CheckedVarArgs, UncoveredArgHandler &UncoveredArg,
6216 llvm::APSInt Offset, bool IgnoreStringsWithoutSpecifiers = false) {
6217 if (S.isConstantEvaluatedContext())
6218 return SLCT_NotALiteral;
6219tryAgain:
6220 assert(Offset.isSigned() && "invalid offset");
6221
6222 if (E->isTypeDependent() || E->isValueDependent())
6223 return SLCT_NotALiteral;
6224
6225 E = E->IgnoreParenCasts();
6226
6227 if (E->isNullPointerConstant(Ctx&: S.Context, NPC: Expr::NPC_ValueDependentIsNotNull))
6228 // Technically -Wformat-nonliteral does not warn about this case.
6229 // The behavior of printf and friends in this case is implementation
6230 // dependent. Ideally if the format string cannot be null then
6231 // it should have a 'nonnull' attribute in the function prototype.
6232 return SLCT_UncheckedLiteral;
6233
6234 switch (E->getStmtClass()) {
6235 case Stmt::InitListExprClass:
6236 // Handle expressions like {"foobar"}.
6237 if (const clang::Expr *SLE = maybeConstEvalStringLiteral(Context&: S.Context, E)) {
6238 return checkFormatStringExpr(
6239 S, ReferenceFormatString, E: SLE, Args, APK, format_idx, firstDataArg,
6240 Type, CallType, /*InFunctionCall*/ false, CheckedVarArgs,
6241 UncoveredArg, Offset, IgnoreStringsWithoutSpecifiers);
6242 }
6243 return SLCT_NotALiteral;
6244 case Stmt::BinaryConditionalOperatorClass:
6245 case Stmt::ConditionalOperatorClass: {
6246 // The expression is a literal if both sub-expressions were, and it was
6247 // completely checked only if both sub-expressions were checked.
6248 const AbstractConditionalOperator *C =
6249 cast<AbstractConditionalOperator>(Val: E);
6250
6251 // Determine whether it is necessary to check both sub-expressions, for
6252 // example, because the condition expression is a constant that can be
6253 // evaluated at compile time.
6254 bool CheckLeft = true, CheckRight = true;
6255
6256 bool Cond;
6257 if (C->getCond()->EvaluateAsBooleanCondition(
6258 Result&: Cond, Ctx: S.getASTContext(), InConstantContext: S.isConstantEvaluatedContext())) {
6259 if (Cond)
6260 CheckRight = false;
6261 else
6262 CheckLeft = false;
6263 }
6264
6265 // We need to maintain the offsets for the right and the left hand side
6266 // separately to check if every possible indexed expression is a valid
6267 // string literal. They might have different offsets for different string
6268 // literals in the end.
6269 StringLiteralCheckType Left;
6270 if (!CheckLeft)
6271 Left = SLCT_UncheckedLiteral;
6272 else {
6273 Left = checkFormatStringExpr(
6274 S, ReferenceFormatString, E: C->getTrueExpr(), Args, APK, format_idx,
6275 firstDataArg, Type, CallType, InFunctionCall, CheckedVarArgs,
6276 UncoveredArg, Offset, IgnoreStringsWithoutSpecifiers);
6277 if (Left == SLCT_NotALiteral || !CheckRight) {
6278 return Left;
6279 }
6280 }
6281
6282 StringLiteralCheckType Right = checkFormatStringExpr(
6283 S, ReferenceFormatString, E: C->getFalseExpr(), Args, APK, format_idx,
6284 firstDataArg, Type, CallType, InFunctionCall, CheckedVarArgs,
6285 UncoveredArg, Offset, IgnoreStringsWithoutSpecifiers);
6286
6287 return (CheckLeft && Left < Right) ? Left : Right;
6288 }
6289
6290 case Stmt::ImplicitCastExprClass:
6291 E = cast<ImplicitCastExpr>(Val: E)->getSubExpr();
6292 goto tryAgain;
6293
6294 case Stmt::OpaqueValueExprClass:
6295 if (const Expr *src = cast<OpaqueValueExpr>(Val: E)->getSourceExpr()) {
6296 E = src;
6297 goto tryAgain;
6298 }
6299 return SLCT_NotALiteral;
6300
6301 case Stmt::PredefinedExprClass:
6302 // While __func__, etc., are technically not string literals, they
6303 // cannot contain format specifiers and thus are not a security
6304 // liability.
6305 return SLCT_UncheckedLiteral;
6306
6307 case Stmt::DeclRefExprClass: {
6308 const DeclRefExpr *DR = cast<DeclRefExpr>(Val: E);
6309
6310 // As an exception, do not flag errors for variables binding to
6311 // const string literals.
6312 if (const VarDecl *VD = dyn_cast<VarDecl>(Val: DR->getDecl())) {
6313 bool isConstant = false;
6314 QualType T = DR->getType();
6315
6316 if (const ArrayType *AT = S.Context.getAsArrayType(T)) {
6317 isConstant = AT->getElementType().isConstant(Ctx: S.Context);
6318 } else if (const PointerType *PT = T->getAs<PointerType>()) {
6319 isConstant = T.isConstant(Ctx: S.Context) &&
6320 PT->getPointeeType().isConstant(Ctx: S.Context);
6321 } else if (T->isObjCObjectPointerType()) {
6322 // In ObjC, there is usually no "const ObjectPointer" type,
6323 // so don't check if the pointee type is constant.
6324 isConstant = T.isConstant(Ctx: S.Context);
6325 }
6326
6327 if (isConstant) {
6328 if (const Expr *Init = VD->getAnyInitializer()) {
6329 // Look through initializers like const char c[] = { "foo" }
6330 if (const InitListExpr *InitList = dyn_cast<InitListExpr>(Val: Init)) {
6331 if (InitList->isStringLiteralInit())
6332 Init = InitList->getInit(Init: 0)->IgnoreParenImpCasts();
6333 }
6334 return checkFormatStringExpr(
6335 S, ReferenceFormatString, E: Init, Args, APK, format_idx,
6336 firstDataArg, Type, CallType,
6337 /*InFunctionCall*/ false, CheckedVarArgs, UncoveredArg, Offset);
6338 }
6339 }
6340
6341 // When the format argument is an argument of this function, and this
6342 // function also has the format attribute, there are several interactions
6343 // for which there shouldn't be a warning. For instance, when calling
6344 // v*printf from a function that has the printf format attribute, we
6345 // should not emit a warning about using `fmt`, even though it's not
6346 // constant, because the arguments have already been checked for the
6347 // caller of `logmessage`:
6348 //
6349 // __attribute__((format(printf, 1, 2)))
6350 // void logmessage(char const *fmt, ...) {
6351 // va_list ap;
6352 // va_start(ap, fmt);
6353 // vprintf(fmt, ap); /* do not emit a warning about "fmt" */
6354 // ...
6355 // }
6356 //
6357 // Another interaction that we need to support is using a format string
6358 // specified by the format_matches attribute:
6359 //
6360 // __attribute__((format_matches(printf, 1, "%s %d")))
6361 // void logmessage(char const *fmt, const char *a, int b) {
6362 // printf(fmt, a, b); /* do not emit a warning about "fmt" */
6363 // printf(fmt, 123.4); /* emit warnings that "%s %d" is incompatible */
6364 // ...
6365 // }
6366 //
6367 // Yet another interaction that we need to support is calling a variadic
6368 // format function from a format function that has fixed arguments. For
6369 // instance:
6370 //
6371 // __attribute__((format(printf, 1, 2)))
6372 // void logstring(char const *fmt, char const *str) {
6373 // printf(fmt, str); /* do not emit a warning about "fmt" */
6374 // }
6375 //
6376 // Same (and perhaps more relatably) for the variadic template case:
6377 //
6378 // template<typename... Args>
6379 // __attribute__((format(printf, 1, 2)))
6380 // void log(const char *fmt, Args&&... args) {
6381 // printf(fmt, forward<Args>(args)...);
6382 // /* do not emit a warning about "fmt" */
6383 // }
6384 //
6385 // Due to implementation difficulty, we only check the format, not the
6386 // format arguments, in all cases.
6387 //
6388 if (const auto *PV = dyn_cast<ParmVarDecl>(Val: VD)) {
6389 if (const auto *D = dyn_cast<Decl>(Val: PV->getDeclContext())) {
6390 for (const auto *PVFormatMatches :
6391 D->specific_attrs<FormatMatchesAttr>()) {
6392 Sema::FormatStringInfo CalleeFSI;
6393 if (!Sema::getFormatStringInfo(D, FormatIdx: PVFormatMatches->getFormatIdx(),
6394 FirstArg: 0, FSI: &CalleeFSI))
6395 continue;
6396 if (PV->getFunctionScopeIndex() == CalleeFSI.FormatIdx) {
6397 // If using the wrong type of format string, emit a diagnostic
6398 // here and stop checking to avoid irrelevant diagnostics.
6399 if (Type != S.GetFormatStringType(Format: PVFormatMatches)) {
6400 S.Diag(Loc: Args[format_idx]->getBeginLoc(),
6401 DiagID: diag::warn_format_string_type_incompatible)
6402 << PVFormatMatches->getType()->getName()
6403 << S.GetFormatStringTypeName(FST: Type);
6404 if (!InFunctionCall) {
6405 S.Diag(Loc: PVFormatMatches->getFormatString()->getBeginLoc(),
6406 DiagID: diag::note_format_string_defined);
6407 }
6408 return SLCT_UncheckedLiteral;
6409 }
6410 return checkFormatStringExpr(
6411 S, ReferenceFormatString, E: PVFormatMatches->getFormatString(),
6412 Args, APK, format_idx, firstDataArg, Type, CallType,
6413 /*InFunctionCall*/ false, CheckedVarArgs, UncoveredArg,
6414 Offset, IgnoreStringsWithoutSpecifiers);
6415 }
6416 }
6417
6418 for (const auto *PVFormat : D->specific_attrs<FormatAttr>()) {
6419 Sema::FormatStringInfo CallerFSI;
6420 if (!Sema::getFormatStringInfo(D, FormatIdx: PVFormat->getFormatIdx(),
6421 FirstArg: PVFormat->getFirstArg(), FSI: &CallerFSI))
6422 continue;
6423 if (PV->getFunctionScopeIndex() == CallerFSI.FormatIdx) {
6424 // We also check if the formats are compatible.
6425 // We can't pass a 'scanf' string to a 'printf' function.
6426 if (Type != S.GetFormatStringType(Format: PVFormat)) {
6427 S.Diag(Loc: Args[format_idx]->getBeginLoc(),
6428 DiagID: diag::warn_format_string_type_incompatible)
6429 << PVFormat->getType()->getName()
6430 << S.GetFormatStringTypeName(FST: Type);
6431 if (!InFunctionCall) {
6432 S.Diag(Loc: E->getBeginLoc(), DiagID: diag::note_format_string_defined);
6433 }
6434 return SLCT_UncheckedLiteral;
6435 }
6436 // Lastly, check that argument passing kinds transition in a
6437 // way that makes sense:
6438 // from a caller with FAPK_VAList, allow FAPK_VAList
6439 // from a caller with FAPK_Fixed, allow FAPK_Fixed
6440 // from a caller with FAPK_Fixed, allow FAPK_Variadic
6441 // from a caller with FAPK_Variadic, allow FAPK_VAList
6442 switch (combineFAPK(A: CallerFSI.ArgPassingKind, B: APK)) {
6443 case combineFAPK(A: Sema::FAPK_VAList, B: Sema::FAPK_VAList):
6444 case combineFAPK(A: Sema::FAPK_Fixed, B: Sema::FAPK_Fixed):
6445 case combineFAPK(A: Sema::FAPK_Fixed, B: Sema::FAPK_Variadic):
6446 case combineFAPK(A: Sema::FAPK_Variadic, B: Sema::FAPK_VAList):
6447 return SLCT_UncheckedLiteral;
6448 }
6449 }
6450 }
6451 }
6452 }
6453 }
6454
6455 return SLCT_NotALiteral;
6456 }
6457
6458 case Stmt::CallExprClass:
6459 case Stmt::CXXMemberCallExprClass: {
6460 const CallExpr *CE = cast<CallExpr>(Val: E);
6461 if (const NamedDecl *ND = dyn_cast_or_null<NamedDecl>(Val: CE->getCalleeDecl())) {
6462 bool IsFirst = true;
6463 StringLiteralCheckType CommonResult;
6464 for (const auto *FA : ND->specific_attrs<FormatArgAttr>()) {
6465 const Expr *Arg = CE->getArg(Arg: FA->getFormatIdx().getASTIndex());
6466 StringLiteralCheckType Result = checkFormatStringExpr(
6467 S, ReferenceFormatString, E: Arg, Args, APK, format_idx, firstDataArg,
6468 Type, CallType, InFunctionCall, CheckedVarArgs, UncoveredArg,
6469 Offset, IgnoreStringsWithoutSpecifiers);
6470 if (IsFirst) {
6471 CommonResult = Result;
6472 IsFirst = false;
6473 }
6474 }
6475 if (!IsFirst)
6476 return CommonResult;
6477
6478 if (const auto *FD = dyn_cast<FunctionDecl>(Val: ND)) {
6479 unsigned BuiltinID = FD->getBuiltinID();
6480 if (BuiltinID == Builtin::BI__builtin___CFStringMakeConstantString ||
6481 BuiltinID == Builtin::BI__builtin___NSStringMakeConstantString) {
6482 const Expr *Arg = CE->getArg(Arg: 0);
6483 return checkFormatStringExpr(
6484 S, ReferenceFormatString, E: Arg, Args, APK, format_idx,
6485 firstDataArg, Type, CallType, InFunctionCall, CheckedVarArgs,
6486 UncoveredArg, Offset, IgnoreStringsWithoutSpecifiers);
6487 }
6488 }
6489 }
6490 if (const Expr *SLE = maybeConstEvalStringLiteral(Context&: S.Context, E))
6491 return checkFormatStringExpr(
6492 S, ReferenceFormatString, E: SLE, Args, APK, format_idx, firstDataArg,
6493 Type, CallType, /*InFunctionCall*/ false, CheckedVarArgs,
6494 UncoveredArg, Offset, IgnoreStringsWithoutSpecifiers);
6495 return SLCT_NotALiteral;
6496 }
6497 case Stmt::ObjCMessageExprClass: {
6498 const auto *ME = cast<ObjCMessageExpr>(Val: E);
6499 if (const auto *MD = ME->getMethodDecl()) {
6500 if (const auto *FA = MD->getAttr<FormatArgAttr>()) {
6501 // As a special case heuristic, if we're using the method -[NSBundle
6502 // localizedStringForKey:value:table:], ignore any key strings that lack
6503 // format specifiers. The idea is that if the key doesn't have any
6504 // format specifiers then its probably just a key to map to the
6505 // localized strings. If it does have format specifiers though, then its
6506 // likely that the text of the key is the format string in the
6507 // programmer's language, and should be checked.
6508 const ObjCInterfaceDecl *IFace;
6509 if (MD->isInstanceMethod() && (IFace = MD->getClassInterface()) &&
6510 IFace->getIdentifier()->isStr(Str: "NSBundle") &&
6511 MD->getSelector().isKeywordSelector(
6512 Names: {"localizedStringForKey", "value", "table"})) {
6513 IgnoreStringsWithoutSpecifiers = true;
6514 }
6515
6516 const Expr *Arg = ME->getArg(Arg: FA->getFormatIdx().getASTIndex());
6517 return checkFormatStringExpr(
6518 S, ReferenceFormatString, E: Arg, Args, APK, format_idx, firstDataArg,
6519 Type, CallType, InFunctionCall, CheckedVarArgs, UncoveredArg,
6520 Offset, IgnoreStringsWithoutSpecifiers);
6521 }
6522 }
6523
6524 return SLCT_NotALiteral;
6525 }
6526 case Stmt::ObjCStringLiteralClass:
6527 case Stmt::StringLiteralClass: {
6528 const StringLiteral *StrE = nullptr;
6529
6530 if (const ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(Val: E))
6531 StrE = ObjCFExpr->getString();
6532 else
6533 StrE = cast<StringLiteral>(Val: E);
6534
6535 if (StrE) {
6536 if (Offset.isNegative() || Offset > StrE->getLength()) {
6537 // TODO: It would be better to have an explicit warning for out of
6538 // bounds literals.
6539 return SLCT_NotALiteral;
6540 }
6541 FormatStringLiteral FStr(StrE, Offset.sextOrTrunc(width: 64).getSExtValue());
6542 CheckFormatString(S, FExpr: &FStr, ReferenceFormatString, OrigFormatExpr: E, Args, APK,
6543 format_idx, firstDataArg, Type, inFunctionCall: InFunctionCall,
6544 CallType, CheckedVarArgs, UncoveredArg,
6545 IgnoreStringsWithoutSpecifiers);
6546 return SLCT_CheckedLiteral;
6547 }
6548
6549 return SLCT_NotALiteral;
6550 }
6551 case Stmt::BinaryOperatorClass: {
6552 const BinaryOperator *BinOp = cast<BinaryOperator>(Val: E);
6553
6554 // A string literal + an int offset is still a string literal.
6555 if (BinOp->isAdditiveOp()) {
6556 Expr::EvalResult LResult, RResult;
6557
6558 bool LIsInt = BinOp->getLHS()->EvaluateAsInt(
6559 Result&: LResult, Ctx: S.Context, AllowSideEffects: Expr::SE_NoSideEffects,
6560 InConstantContext: S.isConstantEvaluatedContext());
6561 bool RIsInt = BinOp->getRHS()->EvaluateAsInt(
6562 Result&: RResult, Ctx: S.Context, AllowSideEffects: Expr::SE_NoSideEffects,
6563 InConstantContext: S.isConstantEvaluatedContext());
6564
6565 if (LIsInt != RIsInt) {
6566 BinaryOperatorKind BinOpKind = BinOp->getOpcode();
6567
6568 if (LIsInt) {
6569 if (BinOpKind == BO_Add) {
6570 sumOffsets(Offset, Addend: LResult.Val.getInt(), BinOpKind, AddendIsRight: RIsInt);
6571 E = BinOp->getRHS();
6572 goto tryAgain;
6573 }
6574 } else {
6575 sumOffsets(Offset, Addend: RResult.Val.getInt(), BinOpKind, AddendIsRight: RIsInt);
6576 E = BinOp->getLHS();
6577 goto tryAgain;
6578 }
6579 }
6580 }
6581
6582 return SLCT_NotALiteral;
6583 }
6584 case Stmt::UnaryOperatorClass: {
6585 const UnaryOperator *UnaOp = cast<UnaryOperator>(Val: E);
6586 auto ASE = dyn_cast<ArraySubscriptExpr>(Val: UnaOp->getSubExpr());
6587 if (UnaOp->getOpcode() == UO_AddrOf && ASE) {
6588 Expr::EvalResult IndexResult;
6589 if (ASE->getRHS()->EvaluateAsInt(Result&: IndexResult, Ctx: S.Context,
6590 AllowSideEffects: Expr::SE_NoSideEffects,
6591 InConstantContext: S.isConstantEvaluatedContext())) {
6592 sumOffsets(Offset, Addend: IndexResult.Val.getInt(), BinOpKind: BO_Add,
6593 /*RHS is int*/ AddendIsRight: true);
6594 E = ASE->getBase();
6595 goto tryAgain;
6596 }
6597 }
6598
6599 return SLCT_NotALiteral;
6600 }
6601
6602 default:
6603 return SLCT_NotALiteral;
6604 }
6605}
6606
6607// If this expression can be evaluated at compile-time,
6608// check if the result is a StringLiteral and return it
6609// otherwise return nullptr
6610static const Expr *maybeConstEvalStringLiteral(ASTContext &Context,
6611 const Expr *E) {
6612 Expr::EvalResult Result;
6613 if (E->EvaluateAsRValue(Result, Ctx: Context) && Result.Val.isLValue()) {
6614 const auto *LVE = Result.Val.getLValueBase().dyn_cast<const Expr *>();
6615 if (isa_and_nonnull<StringLiteral>(Val: LVE))
6616 return LVE;
6617 }
6618 return nullptr;
6619}
6620
6621StringRef Sema::GetFormatStringTypeName(FormatStringType FST) {
6622 switch (FST) {
6623 case FormatStringType::Scanf:
6624 return "scanf";
6625 case FormatStringType::Printf:
6626 return "printf";
6627 case FormatStringType::NSString:
6628 return "NSString";
6629 case FormatStringType::Strftime:
6630 return "strftime";
6631 case FormatStringType::Strfmon:
6632 return "strfmon";
6633 case FormatStringType::Kprintf:
6634 return "kprintf";
6635 case FormatStringType::FreeBSDKPrintf:
6636 return "freebsd_kprintf";
6637 case FormatStringType::OSLog:
6638 return "os_log";
6639 default:
6640 return "<unknown>";
6641 }
6642}
6643
6644FormatStringType Sema::GetFormatStringType(StringRef Flavor) {
6645 return llvm::StringSwitch<FormatStringType>(Flavor)
6646 .Case(S: "scanf", Value: FormatStringType::Scanf)
6647 .Cases(S0: "printf", S1: "printf0", S2: "syslog", Value: FormatStringType::Printf)
6648 .Cases(S0: "NSString", S1: "CFString", Value: FormatStringType::NSString)
6649 .Case(S: "strftime", Value: FormatStringType::Strftime)
6650 .Case(S: "strfmon", Value: FormatStringType::Strfmon)
6651 .Cases(S0: "kprintf", S1: "cmn_err", S2: "vcmn_err", S3: "zcmn_err",
6652 Value: FormatStringType::Kprintf)
6653 .Case(S: "freebsd_kprintf", Value: FormatStringType::FreeBSDKPrintf)
6654 .Case(S: "os_trace", Value: FormatStringType::OSLog)
6655 .Case(S: "os_log", Value: FormatStringType::OSLog)
6656 .Default(Value: FormatStringType::Unknown);
6657}
6658
6659FormatStringType Sema::GetFormatStringType(const FormatAttr *Format) {
6660 return GetFormatStringType(Flavor: Format->getType()->getName());
6661}
6662
6663FormatStringType Sema::GetFormatStringType(const FormatMatchesAttr *Format) {
6664 return GetFormatStringType(Flavor: Format->getType()->getName());
6665}
6666
6667bool Sema::CheckFormatArguments(const FormatAttr *Format,
6668 ArrayRef<const Expr *> Args, bool IsCXXMember,
6669 VariadicCallType CallType, SourceLocation Loc,
6670 SourceRange Range,
6671 llvm::SmallBitVector &CheckedVarArgs) {
6672 FormatStringInfo FSI;
6673 if (getFormatStringInfo(FormatIdx: Format->getFormatIdx(), FirstArg: Format->getFirstArg(),
6674 IsCXXMember,
6675 IsVariadic: CallType != VariadicCallType::DoesNotApply, FSI: &FSI))
6676 return CheckFormatArguments(
6677 Args, FAPK: FSI.ArgPassingKind, ReferenceFormatString: nullptr, format_idx: FSI.FormatIdx, firstDataArg: FSI.FirstDataArg,
6678 Type: GetFormatStringType(Format), CallType, Loc, range: Range, CheckedVarArgs);
6679 return false;
6680}
6681
6682bool Sema::CheckFormatString(const FormatMatchesAttr *Format,
6683 ArrayRef<const Expr *> Args, bool IsCXXMember,
6684 VariadicCallType CallType, SourceLocation Loc,
6685 SourceRange Range,
6686 llvm::SmallBitVector &CheckedVarArgs) {
6687 FormatStringInfo FSI;
6688 if (getFormatStringInfo(FormatIdx: Format->getFormatIdx(), FirstArg: 0, IsCXXMember, IsVariadic: false,
6689 FSI: &FSI)) {
6690 FSI.ArgPassingKind = Sema::FAPK_Elsewhere;
6691 return CheckFormatArguments(Args, FAPK: FSI.ArgPassingKind,
6692 ReferenceFormatString: Format->getFormatString(), format_idx: FSI.FormatIdx,
6693 firstDataArg: FSI.FirstDataArg, Type: GetFormatStringType(Format),
6694 CallType, Loc, range: Range, CheckedVarArgs);
6695 }
6696 return false;
6697}
6698
6699bool Sema::CheckFormatArguments(ArrayRef<const Expr *> Args,
6700 Sema::FormatArgumentPassingKind APK,
6701 const StringLiteral *ReferenceFormatString,
6702 unsigned format_idx, unsigned firstDataArg,
6703 FormatStringType Type,
6704 VariadicCallType CallType, SourceLocation Loc,
6705 SourceRange Range,
6706 llvm::SmallBitVector &CheckedVarArgs) {
6707 // CHECK: printf/scanf-like function is called with no format string.
6708 if (format_idx >= Args.size()) {
6709 Diag(Loc, DiagID: diag::warn_missing_format_string) << Range;
6710 return false;
6711 }
6712
6713 const Expr *OrigFormatExpr = Args[format_idx]->IgnoreParenCasts();
6714
6715 // CHECK: format string is not a string literal.
6716 //
6717 // Dynamically generated format strings are difficult to
6718 // automatically vet at compile time. Requiring that format strings
6719 // are string literals: (1) permits the checking of format strings by
6720 // the compiler and thereby (2) can practically remove the source of
6721 // many format string exploits.
6722
6723 // Format string can be either ObjC string (e.g. @"%d") or
6724 // C string (e.g. "%d")
6725 // ObjC string uses the same format specifiers as C string, so we can use
6726 // the same format string checking logic for both ObjC and C strings.
6727 UncoveredArgHandler UncoveredArg;
6728 StringLiteralCheckType CT = checkFormatStringExpr(
6729 S&: *this, ReferenceFormatString, E: OrigFormatExpr, Args, APK, format_idx,
6730 firstDataArg, Type, CallType,
6731 /*IsFunctionCall*/ InFunctionCall: true, CheckedVarArgs, UncoveredArg,
6732 /*no string offset*/ Offset: llvm::APSInt(64, false) = 0);
6733
6734 // Generate a diagnostic where an uncovered argument is detected.
6735 if (UncoveredArg.hasUncoveredArg()) {
6736 unsigned ArgIdx = UncoveredArg.getUncoveredArg() + firstDataArg;
6737 assert(ArgIdx < Args.size() && "ArgIdx outside bounds");
6738 UncoveredArg.Diagnose(S&: *this, /*IsFunctionCall*/true, ArgExpr: Args[ArgIdx]);
6739 }
6740
6741 if (CT != SLCT_NotALiteral)
6742 // Literal format string found, check done!
6743 return CT == SLCT_CheckedLiteral;
6744
6745 // Strftime is particular as it always uses a single 'time' argument,
6746 // so it is safe to pass a non-literal string.
6747 if (Type == FormatStringType::Strftime)
6748 return false;
6749
6750 // Do not emit diag when the string param is a macro expansion and the
6751 // format is either NSString or CFString. This is a hack to prevent
6752 // diag when using the NSLocalizedString and CFCopyLocalizedString macros
6753 // which are usually used in place of NS and CF string literals.
6754 SourceLocation FormatLoc = Args[format_idx]->getBeginLoc();
6755 if (Type == FormatStringType::NSString &&
6756 SourceMgr.isInSystemMacro(loc: FormatLoc))
6757 return false;
6758
6759 // If there are no arguments specified, warn with -Wformat-security, otherwise
6760 // warn only with -Wformat-nonliteral.
6761 if (Args.size() == firstDataArg) {
6762 Diag(Loc: FormatLoc, DiagID: diag::warn_format_nonliteral_noargs)
6763 << OrigFormatExpr->getSourceRange();
6764 switch (Type) {
6765 default:
6766 break;
6767 case FormatStringType::Kprintf:
6768 case FormatStringType::FreeBSDKPrintf:
6769 case FormatStringType::Printf:
6770 case FormatStringType::Syslog:
6771 Diag(Loc: FormatLoc, DiagID: diag::note_format_security_fixit)
6772 << FixItHint::CreateInsertion(InsertionLoc: FormatLoc, Code: "\"%s\", ");
6773 break;
6774 case FormatStringType::NSString:
6775 Diag(Loc: FormatLoc, DiagID: diag::note_format_security_fixit)
6776 << FixItHint::CreateInsertion(InsertionLoc: FormatLoc, Code: "@\"%@\", ");
6777 break;
6778 }
6779 } else {
6780 Diag(Loc: FormatLoc, DiagID: diag::warn_format_nonliteral)
6781 << OrigFormatExpr->getSourceRange();
6782 }
6783 return false;
6784}
6785
6786namespace {
6787
6788class CheckFormatHandler : public analyze_format_string::FormatStringHandler {
6789protected:
6790 Sema &S;
6791 const FormatStringLiteral *FExpr;
6792 const Expr *OrigFormatExpr;
6793 const FormatStringType FSType;
6794 const unsigned FirstDataArg;
6795 const unsigned NumDataArgs;
6796 const char *Beg; // Start of format string.
6797 const Sema::FormatArgumentPassingKind ArgPassingKind;
6798 ArrayRef<const Expr *> Args;
6799 unsigned FormatIdx;
6800 llvm::SmallBitVector CoveredArgs;
6801 bool usesPositionalArgs = false;
6802 bool atFirstArg = true;
6803 bool inFunctionCall;
6804 VariadicCallType CallType;
6805 llvm::SmallBitVector &CheckedVarArgs;
6806 UncoveredArgHandler &UncoveredArg;
6807
6808public:
6809 CheckFormatHandler(Sema &s, const FormatStringLiteral *fexpr,
6810 const Expr *origFormatExpr, const FormatStringType type,
6811 unsigned firstDataArg, unsigned numDataArgs,
6812 const char *beg, Sema::FormatArgumentPassingKind APK,
6813 ArrayRef<const Expr *> Args, unsigned formatIdx,
6814 bool inFunctionCall, VariadicCallType callType,
6815 llvm::SmallBitVector &CheckedVarArgs,
6816 UncoveredArgHandler &UncoveredArg)
6817 : S(s), FExpr(fexpr), OrigFormatExpr(origFormatExpr), FSType(type),
6818 FirstDataArg(firstDataArg), NumDataArgs(numDataArgs), Beg(beg),
6819 ArgPassingKind(APK), Args(Args), FormatIdx(formatIdx),
6820 inFunctionCall(inFunctionCall), CallType(callType),
6821 CheckedVarArgs(CheckedVarArgs), UncoveredArg(UncoveredArg) {
6822 CoveredArgs.resize(N: numDataArgs);
6823 CoveredArgs.reset();
6824 }
6825
6826 bool HasFormatArguments() const {
6827 return ArgPassingKind == Sema::FAPK_Fixed ||
6828 ArgPassingKind == Sema::FAPK_Variadic;
6829 }
6830
6831 void DoneProcessing();
6832
6833 void HandleIncompleteSpecifier(const char *startSpecifier,
6834 unsigned specifierLen) override;
6835
6836 void HandleInvalidLengthModifier(
6837 const analyze_format_string::FormatSpecifier &FS,
6838 const analyze_format_string::ConversionSpecifier &CS,
6839 const char *startSpecifier, unsigned specifierLen,
6840 unsigned DiagID);
6841
6842 void HandleNonStandardLengthModifier(
6843 const analyze_format_string::FormatSpecifier &FS,
6844 const char *startSpecifier, unsigned specifierLen);
6845
6846 void HandleNonStandardConversionSpecifier(
6847 const analyze_format_string::ConversionSpecifier &CS,
6848 const char *startSpecifier, unsigned specifierLen);
6849
6850 void HandlePosition(const char *startPos, unsigned posLen) override;
6851
6852 void HandleInvalidPosition(const char *startSpecifier,
6853 unsigned specifierLen,
6854 analyze_format_string::PositionContext p) override;
6855
6856 void HandleZeroPosition(const char *startPos, unsigned posLen) override;
6857
6858 void HandleNullChar(const char *nullCharacter) override;
6859
6860 template <typename Range>
6861 static void
6862 EmitFormatDiagnostic(Sema &S, bool inFunctionCall, const Expr *ArgumentExpr,
6863 const PartialDiagnostic &PDiag, SourceLocation StringLoc,
6864 bool IsStringLocation, Range StringRange,
6865 ArrayRef<FixItHint> Fixit = {});
6866
6867protected:
6868 bool HandleInvalidConversionSpecifier(unsigned argIndex, SourceLocation Loc,
6869 const char *startSpec,
6870 unsigned specifierLen,
6871 const char *csStart, unsigned csLen);
6872
6873 void HandlePositionalNonpositionalArgs(SourceLocation Loc,
6874 const char *startSpec,
6875 unsigned specifierLen);
6876
6877 SourceRange getFormatStringRange();
6878 CharSourceRange getSpecifierRange(const char *startSpecifier,
6879 unsigned specifierLen);
6880 SourceLocation getLocationOfByte(const char *x);
6881
6882 const Expr *getDataArg(unsigned i) const;
6883
6884 bool CheckNumArgs(const analyze_format_string::FormatSpecifier &FS,
6885 const analyze_format_string::ConversionSpecifier &CS,
6886 const char *startSpecifier, unsigned specifierLen,
6887 unsigned argIndex);
6888
6889 template <typename Range>
6890 void EmitFormatDiagnostic(PartialDiagnostic PDiag, SourceLocation StringLoc,
6891 bool IsStringLocation, Range StringRange,
6892 ArrayRef<FixItHint> Fixit = {});
6893};
6894
6895} // namespace
6896
6897SourceRange CheckFormatHandler::getFormatStringRange() {
6898 return OrigFormatExpr->getSourceRange();
6899}
6900
6901CharSourceRange CheckFormatHandler::
6902getSpecifierRange(const char *startSpecifier, unsigned specifierLen) {
6903 SourceLocation Start = getLocationOfByte(x: startSpecifier);
6904 SourceLocation End = getLocationOfByte(x: startSpecifier + specifierLen - 1);
6905
6906 // Advance the end SourceLocation by one due to half-open ranges.
6907 End = End.getLocWithOffset(Offset: 1);
6908
6909 return CharSourceRange::getCharRange(B: Start, E: End);
6910}
6911
6912SourceLocation CheckFormatHandler::getLocationOfByte(const char *x) {
6913 return FExpr->getLocationOfByte(ByteNo: x - Beg, SM: S.getSourceManager(),
6914 Features: S.getLangOpts(), Target: S.Context.getTargetInfo());
6915}
6916
6917void CheckFormatHandler::HandleIncompleteSpecifier(const char *startSpecifier,
6918 unsigned specifierLen){
6919 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_incomplete_specifier),
6920 Loc: getLocationOfByte(x: startSpecifier),
6921 /*IsStringLocation*/true,
6922 StringRange: getSpecifierRange(startSpecifier, specifierLen));
6923}
6924
6925void CheckFormatHandler::HandleInvalidLengthModifier(
6926 const analyze_format_string::FormatSpecifier &FS,
6927 const analyze_format_string::ConversionSpecifier &CS,
6928 const char *startSpecifier, unsigned specifierLen, unsigned DiagID) {
6929 using namespace analyze_format_string;
6930
6931 const LengthModifier &LM = FS.getLengthModifier();
6932 CharSourceRange LMRange = getSpecifierRange(startSpecifier: LM.getStart(), specifierLen: LM.getLength());
6933
6934 // See if we know how to fix this length modifier.
6935 std::optional<LengthModifier> FixedLM = FS.getCorrectedLengthModifier();
6936 if (FixedLM) {
6937 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID) << LM.toString() << CS.toString(),
6938 Loc: getLocationOfByte(x: LM.getStart()),
6939 /*IsStringLocation*/true,
6940 StringRange: getSpecifierRange(startSpecifier, specifierLen));
6941
6942 S.Diag(Loc: getLocationOfByte(x: LM.getStart()), DiagID: diag::note_format_fix_specifier)
6943 << FixedLM->toString()
6944 << FixItHint::CreateReplacement(RemoveRange: LMRange, Code: FixedLM->toString());
6945
6946 } else {
6947 FixItHint Hint;
6948 if (DiagID == diag::warn_format_nonsensical_length)
6949 Hint = FixItHint::CreateRemoval(RemoveRange: LMRange);
6950
6951 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID) << LM.toString() << CS.toString(),
6952 Loc: getLocationOfByte(x: LM.getStart()),
6953 /*IsStringLocation*/true,
6954 StringRange: getSpecifierRange(startSpecifier, specifierLen),
6955 FixIt: Hint);
6956 }
6957}
6958
6959void CheckFormatHandler::HandleNonStandardLengthModifier(
6960 const analyze_format_string::FormatSpecifier &FS,
6961 const char *startSpecifier, unsigned specifierLen) {
6962 using namespace analyze_format_string;
6963
6964 const LengthModifier &LM = FS.getLengthModifier();
6965 CharSourceRange LMRange = getSpecifierRange(startSpecifier: LM.getStart(), specifierLen: LM.getLength());
6966
6967 // See if we know how to fix this length modifier.
6968 std::optional<LengthModifier> FixedLM = FS.getCorrectedLengthModifier();
6969 if (FixedLM) {
6970 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_non_standard)
6971 << LM.toString() << 0,
6972 Loc: getLocationOfByte(x: LM.getStart()),
6973 /*IsStringLocation*/true,
6974 StringRange: getSpecifierRange(startSpecifier, specifierLen));
6975
6976 S.Diag(Loc: getLocationOfByte(x: LM.getStart()), DiagID: diag::note_format_fix_specifier)
6977 << FixedLM->toString()
6978 << FixItHint::CreateReplacement(RemoveRange: LMRange, Code: FixedLM->toString());
6979
6980 } else {
6981 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_non_standard)
6982 << LM.toString() << 0,
6983 Loc: getLocationOfByte(x: LM.getStart()),
6984 /*IsStringLocation*/true,
6985 StringRange: getSpecifierRange(startSpecifier, specifierLen));
6986 }
6987}
6988
6989void CheckFormatHandler::HandleNonStandardConversionSpecifier(
6990 const analyze_format_string::ConversionSpecifier &CS,
6991 const char *startSpecifier, unsigned specifierLen) {
6992 using namespace analyze_format_string;
6993
6994 // See if we know how to fix this conversion specifier.
6995 std::optional<ConversionSpecifier> FixedCS = CS.getStandardSpecifier();
6996 if (FixedCS) {
6997 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_non_standard)
6998 << CS.toString() << /*conversion specifier*/1,
6999 Loc: getLocationOfByte(x: CS.getStart()),
7000 /*IsStringLocation*/true,
7001 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7002
7003 CharSourceRange CSRange = getSpecifierRange(startSpecifier: CS.getStart(), specifierLen: CS.getLength());
7004 S.Diag(Loc: getLocationOfByte(x: CS.getStart()), DiagID: diag::note_format_fix_specifier)
7005 << FixedCS->toString()
7006 << FixItHint::CreateReplacement(RemoveRange: CSRange, Code: FixedCS->toString());
7007 } else {
7008 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_non_standard)
7009 << CS.toString() << /*conversion specifier*/1,
7010 Loc: getLocationOfByte(x: CS.getStart()),
7011 /*IsStringLocation*/true,
7012 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7013 }
7014}
7015
7016void CheckFormatHandler::HandlePosition(const char *startPos,
7017 unsigned posLen) {
7018 if (!S.getDiagnostics().isIgnored(
7019 DiagID: diag::warn_format_non_standard_positional_arg, Loc: SourceLocation()))
7020 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_non_standard_positional_arg),
7021 Loc: getLocationOfByte(x: startPos),
7022 /*IsStringLocation*/ true,
7023 StringRange: getSpecifierRange(startSpecifier: startPos, specifierLen: posLen));
7024}
7025
7026void CheckFormatHandler::HandleInvalidPosition(
7027 const char *startSpecifier, unsigned specifierLen,
7028 analyze_format_string::PositionContext p) {
7029 if (!S.getDiagnostics().isIgnored(
7030 DiagID: diag::warn_format_invalid_positional_specifier, Loc: SourceLocation()))
7031 EmitFormatDiagnostic(
7032 PDiag: S.PDiag(DiagID: diag::warn_format_invalid_positional_specifier) << (unsigned)p,
7033 Loc: getLocationOfByte(x: startSpecifier), /*IsStringLocation*/ true,
7034 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7035}
7036
7037void CheckFormatHandler::HandleZeroPosition(const char *startPos,
7038 unsigned posLen) {
7039 if (!S.getDiagnostics().isIgnored(DiagID: diag::warn_format_zero_positional_specifier,
7040 Loc: SourceLocation()))
7041 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_zero_positional_specifier),
7042 Loc: getLocationOfByte(x: startPos),
7043 /*IsStringLocation*/ true,
7044 StringRange: getSpecifierRange(startSpecifier: startPos, specifierLen: posLen));
7045}
7046
7047void CheckFormatHandler::HandleNullChar(const char *nullCharacter) {
7048 if (!isa<ObjCStringLiteral>(Val: OrigFormatExpr)) {
7049 // The presence of a null character is likely an error.
7050 EmitFormatDiagnostic(
7051 PDiag: S.PDiag(DiagID: diag::warn_printf_format_string_contains_null_char),
7052 Loc: getLocationOfByte(x: nullCharacter), /*IsStringLocation*/true,
7053 StringRange: getFormatStringRange());
7054 }
7055}
7056
7057// Note that this may return NULL if there was an error parsing or building
7058// one of the argument expressions.
7059const Expr *CheckFormatHandler::getDataArg(unsigned i) const {
7060 return Args[FirstDataArg + i];
7061}
7062
7063void CheckFormatHandler::DoneProcessing() {
7064 // Does the number of data arguments exceed the number of
7065 // format conversions in the format string?
7066 if (HasFormatArguments()) {
7067 // Find any arguments that weren't covered.
7068 CoveredArgs.flip();
7069 signed notCoveredArg = CoveredArgs.find_first();
7070 if (notCoveredArg >= 0) {
7071 assert((unsigned)notCoveredArg < NumDataArgs);
7072 UncoveredArg.Update(NewFirstUncoveredArg: notCoveredArg, StrExpr: OrigFormatExpr);
7073 } else {
7074 UncoveredArg.setAllCovered();
7075 }
7076 }
7077}
7078
7079void UncoveredArgHandler::Diagnose(Sema &S, bool IsFunctionCall,
7080 const Expr *ArgExpr) {
7081 assert(hasUncoveredArg() && !DiagnosticExprs.empty() &&
7082 "Invalid state");
7083
7084 if (!ArgExpr)
7085 return;
7086
7087 SourceLocation Loc = ArgExpr->getBeginLoc();
7088
7089 if (S.getSourceManager().isInSystemMacro(loc: Loc))
7090 return;
7091
7092 PartialDiagnostic PDiag = S.PDiag(DiagID: diag::warn_printf_data_arg_not_used);
7093 for (auto E : DiagnosticExprs)
7094 PDiag << E->getSourceRange();
7095
7096 CheckFormatHandler::EmitFormatDiagnostic(
7097 S, InFunctionCall: IsFunctionCall, ArgumentExpr: DiagnosticExprs[0],
7098 PDiag, Loc, /*IsStringLocation*/false,
7099 StringRange: DiagnosticExprs[0]->getSourceRange());
7100}
7101
7102bool
7103CheckFormatHandler::HandleInvalidConversionSpecifier(unsigned argIndex,
7104 SourceLocation Loc,
7105 const char *startSpec,
7106 unsigned specifierLen,
7107 const char *csStart,
7108 unsigned csLen) {
7109 bool keepGoing = true;
7110 if (argIndex < NumDataArgs) {
7111 // Consider the argument coverered, even though the specifier doesn't
7112 // make sense.
7113 CoveredArgs.set(argIndex);
7114 }
7115 else {
7116 // If argIndex exceeds the number of data arguments we
7117 // don't issue a warning because that is just a cascade of warnings (and
7118 // they may have intended '%%' anyway). We don't want to continue processing
7119 // the format string after this point, however, as we will like just get
7120 // gibberish when trying to match arguments.
7121 keepGoing = false;
7122 }
7123
7124 StringRef Specifier(csStart, csLen);
7125
7126 // If the specifier in non-printable, it could be the first byte of a UTF-8
7127 // sequence. In that case, print the UTF-8 code point. If not, print the byte
7128 // hex value.
7129 std::string CodePointStr;
7130 if (!llvm::sys::locale::isPrint(c: *csStart)) {
7131 llvm::UTF32 CodePoint;
7132 const llvm::UTF8 **B = reinterpret_cast<const llvm::UTF8 **>(&csStart);
7133 const llvm::UTF8 *E =
7134 reinterpret_cast<const llvm::UTF8 *>(csStart + csLen);
7135 llvm::ConversionResult Result =
7136 llvm::convertUTF8Sequence(source: B, sourceEnd: E, target: &CodePoint, flags: llvm::strictConversion);
7137
7138 if (Result != llvm::conversionOK) {
7139 unsigned char FirstChar = *csStart;
7140 CodePoint = (llvm::UTF32)FirstChar;
7141 }
7142
7143 llvm::raw_string_ostream OS(CodePointStr);
7144 if (CodePoint < 256)
7145 OS << "\\x" << llvm::format(Fmt: "%02x", Vals: CodePoint);
7146 else if (CodePoint <= 0xFFFF)
7147 OS << "\\u" << llvm::format(Fmt: "%04x", Vals: CodePoint);
7148 else
7149 OS << "\\U" << llvm::format(Fmt: "%08x", Vals: CodePoint);
7150 Specifier = CodePointStr;
7151 }
7152
7153 EmitFormatDiagnostic(
7154 PDiag: S.PDiag(DiagID: diag::warn_format_invalid_conversion) << Specifier, Loc,
7155 /*IsStringLocation*/ true, StringRange: getSpecifierRange(startSpecifier: startSpec, specifierLen));
7156
7157 return keepGoing;
7158}
7159
7160void
7161CheckFormatHandler::HandlePositionalNonpositionalArgs(SourceLocation Loc,
7162 const char *startSpec,
7163 unsigned specifierLen) {
7164 EmitFormatDiagnostic(
7165 PDiag: S.PDiag(DiagID: diag::warn_format_mix_positional_nonpositional_args),
7166 Loc, /*isStringLoc*/IsStringLocation: true, StringRange: getSpecifierRange(startSpecifier: startSpec, specifierLen));
7167}
7168
7169bool
7170CheckFormatHandler::CheckNumArgs(
7171 const analyze_format_string::FormatSpecifier &FS,
7172 const analyze_format_string::ConversionSpecifier &CS,
7173 const char *startSpecifier, unsigned specifierLen, unsigned argIndex) {
7174
7175 if (HasFormatArguments() && argIndex >= NumDataArgs) {
7176 PartialDiagnostic PDiag = FS.usesPositionalArg()
7177 ? (S.PDiag(DiagID: diag::warn_printf_positional_arg_exceeds_data_args)
7178 << (argIndex+1) << NumDataArgs)
7179 : S.PDiag(DiagID: diag::warn_printf_insufficient_data_args);
7180 EmitFormatDiagnostic(
7181 PDiag, Loc: getLocationOfByte(x: CS.getStart()), /*IsStringLocation*/true,
7182 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7183
7184 // Since more arguments than conversion tokens are given, by extension
7185 // all arguments are covered, so mark this as so.
7186 UncoveredArg.setAllCovered();
7187 return false;
7188 }
7189 return true;
7190}
7191
7192template<typename Range>
7193void CheckFormatHandler::EmitFormatDiagnostic(PartialDiagnostic PDiag,
7194 SourceLocation Loc,
7195 bool IsStringLocation,
7196 Range StringRange,
7197 ArrayRef<FixItHint> FixIt) {
7198 EmitFormatDiagnostic(S, inFunctionCall, Args[FormatIdx], PDiag,
7199 Loc, IsStringLocation, StringRange, FixIt);
7200}
7201
7202/// If the format string is not within the function call, emit a note
7203/// so that the function call and string are in diagnostic messages.
7204///
7205/// \param InFunctionCall if true, the format string is within the function
7206/// call and only one diagnostic message will be produced. Otherwise, an
7207/// extra note will be emitted pointing to location of the format string.
7208///
7209/// \param ArgumentExpr the expression that is passed as the format string
7210/// argument in the function call. Used for getting locations when two
7211/// diagnostics are emitted.
7212///
7213/// \param PDiag the callee should already have provided any strings for the
7214/// diagnostic message. This function only adds locations and fixits
7215/// to diagnostics.
7216///
7217/// \param Loc primary location for diagnostic. If two diagnostics are
7218/// required, one will be at Loc and a new SourceLocation will be created for
7219/// the other one.
7220///
7221/// \param IsStringLocation if true, Loc points to the format string should be
7222/// used for the note. Otherwise, Loc points to the argument list and will
7223/// be used with PDiag.
7224///
7225/// \param StringRange some or all of the string to highlight. This is
7226/// templated so it can accept either a CharSourceRange or a SourceRange.
7227///
7228/// \param FixIt optional fix it hint for the format string.
7229template <typename Range>
7230void CheckFormatHandler::EmitFormatDiagnostic(
7231 Sema &S, bool InFunctionCall, const Expr *ArgumentExpr,
7232 const PartialDiagnostic &PDiag, SourceLocation Loc, bool IsStringLocation,
7233 Range StringRange, ArrayRef<FixItHint> FixIt) {
7234 if (InFunctionCall) {
7235 const Sema::SemaDiagnosticBuilder &D = S.Diag(Loc, PD: PDiag);
7236 D << StringRange;
7237 D << FixIt;
7238 } else {
7239 S.Diag(Loc: IsStringLocation ? ArgumentExpr->getExprLoc() : Loc, PD: PDiag)
7240 << ArgumentExpr->getSourceRange();
7241
7242 const Sema::SemaDiagnosticBuilder &Note =
7243 S.Diag(IsStringLocation ? Loc : StringRange.getBegin(),
7244 diag::note_format_string_defined);
7245
7246 Note << StringRange;
7247 Note << FixIt;
7248 }
7249}
7250
7251//===--- CHECK: Printf format string checking -----------------------------===//
7252
7253namespace {
7254
7255class CheckPrintfHandler : public CheckFormatHandler {
7256public:
7257 CheckPrintfHandler(Sema &s, const FormatStringLiteral *fexpr,
7258 const Expr *origFormatExpr, const FormatStringType type,
7259 unsigned firstDataArg, unsigned numDataArgs, bool isObjC,
7260 const char *beg, Sema::FormatArgumentPassingKind APK,
7261 ArrayRef<const Expr *> Args, unsigned formatIdx,
7262 bool inFunctionCall, VariadicCallType CallType,
7263 llvm::SmallBitVector &CheckedVarArgs,
7264 UncoveredArgHandler &UncoveredArg)
7265 : CheckFormatHandler(s, fexpr, origFormatExpr, type, firstDataArg,
7266 numDataArgs, beg, APK, Args, formatIdx,
7267 inFunctionCall, CallType, CheckedVarArgs,
7268 UncoveredArg) {}
7269
7270 bool isObjCContext() const { return FSType == FormatStringType::NSString; }
7271
7272 /// Returns true if '%@' specifiers are allowed in the format string.
7273 bool allowsObjCArg() const {
7274 return FSType == FormatStringType::NSString ||
7275 FSType == FormatStringType::OSLog ||
7276 FSType == FormatStringType::OSTrace;
7277 }
7278
7279 bool HandleInvalidPrintfConversionSpecifier(
7280 const analyze_printf::PrintfSpecifier &FS,
7281 const char *startSpecifier,
7282 unsigned specifierLen) override;
7283
7284 void handleInvalidMaskType(StringRef MaskType) override;
7285
7286 bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,
7287 const char *startSpecifier, unsigned specifierLen,
7288 const TargetInfo &Target) override;
7289 bool checkFormatExpr(const analyze_printf::PrintfSpecifier &FS,
7290 const char *StartSpecifier,
7291 unsigned SpecifierLen,
7292 const Expr *E);
7293
7294 bool HandleAmount(const analyze_format_string::OptionalAmount &Amt, unsigned k,
7295 const char *startSpecifier, unsigned specifierLen);
7296 void HandleInvalidAmount(const analyze_printf::PrintfSpecifier &FS,
7297 const analyze_printf::OptionalAmount &Amt,
7298 unsigned type,
7299 const char *startSpecifier, unsigned specifierLen);
7300 void HandleFlag(const analyze_printf::PrintfSpecifier &FS,
7301 const analyze_printf::OptionalFlag &flag,
7302 const char *startSpecifier, unsigned specifierLen);
7303 void HandleIgnoredFlag(const analyze_printf::PrintfSpecifier &FS,
7304 const analyze_printf::OptionalFlag &ignoredFlag,
7305 const analyze_printf::OptionalFlag &flag,
7306 const char *startSpecifier, unsigned specifierLen);
7307 bool checkForCStrMembers(const analyze_printf::ArgType &AT,
7308 const Expr *E);
7309
7310 void HandleEmptyObjCModifierFlag(const char *startFlag,
7311 unsigned flagLen) override;
7312
7313 void HandleInvalidObjCModifierFlag(const char *startFlag,
7314 unsigned flagLen) override;
7315
7316 void
7317 HandleObjCFlagsWithNonObjCConversion(const char *flagsStart,
7318 const char *flagsEnd,
7319 const char *conversionPosition) override;
7320};
7321
7322/// Keeps around the information needed to verify that two specifiers are
7323/// compatible.
7324class EquatableFormatArgument {
7325public:
7326 enum SpecifierSensitivity : unsigned {
7327 SS_None,
7328 SS_Private,
7329 SS_Public,
7330 SS_Sensitive
7331 };
7332
7333 enum FormatArgumentRole : unsigned {
7334 FAR_Data,
7335 FAR_FieldWidth,
7336 FAR_Precision,
7337 FAR_Auxiliary, // FreeBSD kernel %b and %D
7338 };
7339
7340private:
7341 analyze_format_string::ArgType ArgType;
7342 analyze_format_string::LengthModifier::Kind LengthMod;
7343 StringRef SpecifierLetter;
7344 CharSourceRange Range;
7345 SourceLocation ElementLoc;
7346 FormatArgumentRole Role : 2;
7347 SpecifierSensitivity Sensitivity : 2; // only set for FAR_Data
7348 unsigned Position : 14;
7349 unsigned ModifierFor : 14; // not set for FAR_Data
7350
7351 void EmitDiagnostic(Sema &S, PartialDiagnostic PDiag, const Expr *FmtExpr,
7352 bool InFunctionCall) const;
7353
7354public:
7355 EquatableFormatArgument(CharSourceRange Range, SourceLocation ElementLoc,
7356 analyze_format_string::LengthModifier::Kind LengthMod,
7357 StringRef SpecifierLetter,
7358 analyze_format_string::ArgType ArgType,
7359 FormatArgumentRole Role,
7360 SpecifierSensitivity Sensitivity, unsigned Position,
7361 unsigned ModifierFor)
7362 : ArgType(ArgType), LengthMod(LengthMod),
7363 SpecifierLetter(SpecifierLetter), Range(Range), ElementLoc(ElementLoc),
7364 Role(Role), Sensitivity(Sensitivity), Position(Position),
7365 ModifierFor(ModifierFor) {}
7366
7367 unsigned getPosition() const { return Position; }
7368 SourceLocation getSourceLocation() const { return ElementLoc; }
7369 CharSourceRange getSourceRange() const { return Range; }
7370 analyze_format_string::LengthModifier getLengthModifier() const {
7371 return analyze_format_string::LengthModifier(nullptr, LengthMod);
7372 }
7373 void setModifierFor(unsigned V) { ModifierFor = V; }
7374
7375 std::string buildFormatSpecifier() const {
7376 std::string result;
7377 llvm::raw_string_ostream(result)
7378 << getLengthModifier().toString() << SpecifierLetter;
7379 return result;
7380 }
7381
7382 bool VerifyCompatible(Sema &S, const EquatableFormatArgument &Other,
7383 const Expr *FmtExpr, bool InFunctionCall) const;
7384};
7385
7386/// Turns format strings into lists of EquatableSpecifier objects.
7387class DecomposePrintfHandler : public CheckPrintfHandler {
7388 llvm::SmallVectorImpl<EquatableFormatArgument> &Specs;
7389 bool HadError;
7390
7391 DecomposePrintfHandler(Sema &s, const FormatStringLiteral *fexpr,
7392 const Expr *origFormatExpr,
7393 const FormatStringType type, unsigned firstDataArg,
7394 unsigned numDataArgs, bool isObjC, const char *beg,
7395 Sema::FormatArgumentPassingKind APK,
7396 ArrayRef<const Expr *> Args, unsigned formatIdx,
7397 bool inFunctionCall, VariadicCallType CallType,
7398 llvm::SmallBitVector &CheckedVarArgs,
7399 UncoveredArgHandler &UncoveredArg,
7400 llvm::SmallVectorImpl<EquatableFormatArgument> &Specs)
7401 : CheckPrintfHandler(s, fexpr, origFormatExpr, type, firstDataArg,
7402 numDataArgs, isObjC, beg, APK, Args, formatIdx,
7403 inFunctionCall, CallType, CheckedVarArgs,
7404 UncoveredArg),
7405 Specs(Specs), HadError(false) {}
7406
7407public:
7408 static bool
7409 GetSpecifiers(Sema &S, const FormatStringLiteral *FSL, const Expr *FmtExpr,
7410 FormatStringType type, bool IsObjC, bool InFunctionCall,
7411 llvm::SmallVectorImpl<EquatableFormatArgument> &Args);
7412
7413 virtual bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,
7414 const char *startSpecifier,
7415 unsigned specifierLen,
7416 const TargetInfo &Target) override;
7417};
7418
7419} // namespace
7420
7421bool CheckPrintfHandler::HandleInvalidPrintfConversionSpecifier(
7422 const analyze_printf::PrintfSpecifier &FS, const char *startSpecifier,
7423 unsigned specifierLen) {
7424 const analyze_printf::PrintfConversionSpecifier &CS =
7425 FS.getConversionSpecifier();
7426
7427 return HandleInvalidConversionSpecifier(argIndex: FS.getArgIndex(),
7428 Loc: getLocationOfByte(x: CS.getStart()),
7429 startSpec: startSpecifier, specifierLen,
7430 csStart: CS.getStart(), csLen: CS.getLength());
7431}
7432
7433void CheckPrintfHandler::handleInvalidMaskType(StringRef MaskType) {
7434 S.Diag(Loc: getLocationOfByte(x: MaskType.data()), DiagID: diag::err_invalid_mask_type_size);
7435}
7436
7437bool CheckPrintfHandler::HandleAmount(
7438 const analyze_format_string::OptionalAmount &Amt, unsigned k,
7439 const char *startSpecifier, unsigned specifierLen) {
7440 if (Amt.hasDataArgument()) {
7441 if (HasFormatArguments()) {
7442 unsigned argIndex = Amt.getArgIndex();
7443 if (argIndex >= NumDataArgs) {
7444 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_asterisk_missing_arg)
7445 << k,
7446 Loc: getLocationOfByte(x: Amt.getStart()),
7447 /*IsStringLocation*/ true,
7448 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7449 // Don't do any more checking. We will just emit
7450 // spurious errors.
7451 return false;
7452 }
7453
7454 // Type check the data argument. It should be an 'int'.
7455 // Although not in conformance with C99, we also allow the argument to be
7456 // an 'unsigned int' as that is a reasonably safe case. GCC also
7457 // doesn't emit a warning for that case.
7458 CoveredArgs.set(argIndex);
7459 const Expr *Arg = getDataArg(i: argIndex);
7460 if (!Arg)
7461 return false;
7462
7463 QualType T = Arg->getType();
7464
7465 const analyze_printf::ArgType &AT = Amt.getArgType(Ctx&: S.Context);
7466 assert(AT.isValid());
7467
7468 if (!AT.matchesType(C&: S.Context, argTy: T)) {
7469 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_asterisk_wrong_type)
7470 << k << AT.getRepresentativeTypeName(C&: S.Context)
7471 << T << Arg->getSourceRange(),
7472 Loc: getLocationOfByte(x: Amt.getStart()),
7473 /*IsStringLocation*/true,
7474 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7475 // Don't do any more checking. We will just emit
7476 // spurious errors.
7477 return false;
7478 }
7479 }
7480 }
7481 return true;
7482}
7483
7484void CheckPrintfHandler::HandleInvalidAmount(
7485 const analyze_printf::PrintfSpecifier &FS,
7486 const analyze_printf::OptionalAmount &Amt,
7487 unsigned type,
7488 const char *startSpecifier,
7489 unsigned specifierLen) {
7490 const analyze_printf::PrintfConversionSpecifier &CS =
7491 FS.getConversionSpecifier();
7492
7493 FixItHint fixit =
7494 Amt.getHowSpecified() == analyze_printf::OptionalAmount::Constant
7495 ? FixItHint::CreateRemoval(RemoveRange: getSpecifierRange(startSpecifier: Amt.getStart(),
7496 specifierLen: Amt.getConstantLength()))
7497 : FixItHint();
7498
7499 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_nonsensical_optional_amount)
7500 << type << CS.toString(),
7501 Loc: getLocationOfByte(x: Amt.getStart()),
7502 /*IsStringLocation*/true,
7503 StringRange: getSpecifierRange(startSpecifier, specifierLen),
7504 FixIt: fixit);
7505}
7506
7507void CheckPrintfHandler::HandleFlag(const analyze_printf::PrintfSpecifier &FS,
7508 const analyze_printf::OptionalFlag &flag,
7509 const char *startSpecifier,
7510 unsigned specifierLen) {
7511 // Warn about pointless flag with a fixit removal.
7512 const analyze_printf::PrintfConversionSpecifier &CS =
7513 FS.getConversionSpecifier();
7514 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_nonsensical_flag)
7515 << flag.toString() << CS.toString(),
7516 Loc: getLocationOfByte(x: flag.getPosition()),
7517 /*IsStringLocation*/true,
7518 StringRange: getSpecifierRange(startSpecifier, specifierLen),
7519 FixIt: FixItHint::CreateRemoval(
7520 RemoveRange: getSpecifierRange(startSpecifier: flag.getPosition(), specifierLen: 1)));
7521}
7522
7523void CheckPrintfHandler::HandleIgnoredFlag(
7524 const analyze_printf::PrintfSpecifier &FS,
7525 const analyze_printf::OptionalFlag &ignoredFlag,
7526 const analyze_printf::OptionalFlag &flag,
7527 const char *startSpecifier,
7528 unsigned specifierLen) {
7529 // Warn about ignored flag with a fixit removal.
7530 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_ignored_flag)
7531 << ignoredFlag.toString() << flag.toString(),
7532 Loc: getLocationOfByte(x: ignoredFlag.getPosition()),
7533 /*IsStringLocation*/true,
7534 StringRange: getSpecifierRange(startSpecifier, specifierLen),
7535 FixIt: FixItHint::CreateRemoval(
7536 RemoveRange: getSpecifierRange(startSpecifier: ignoredFlag.getPosition(), specifierLen: 1)));
7537}
7538
7539void CheckPrintfHandler::HandleEmptyObjCModifierFlag(const char *startFlag,
7540 unsigned flagLen) {
7541 // Warn about an empty flag.
7542 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_empty_objc_flag),
7543 Loc: getLocationOfByte(x: startFlag),
7544 /*IsStringLocation*/true,
7545 StringRange: getSpecifierRange(startSpecifier: startFlag, specifierLen: flagLen));
7546}
7547
7548void CheckPrintfHandler::HandleInvalidObjCModifierFlag(const char *startFlag,
7549 unsigned flagLen) {
7550 // Warn about an invalid flag.
7551 auto Range = getSpecifierRange(startSpecifier: startFlag, specifierLen: flagLen);
7552 StringRef flag(startFlag, flagLen);
7553 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_invalid_objc_flag) << flag,
7554 Loc: getLocationOfByte(x: startFlag),
7555 /*IsStringLocation*/true,
7556 StringRange: Range, FixIt: FixItHint::CreateRemoval(RemoveRange: Range));
7557}
7558
7559void CheckPrintfHandler::HandleObjCFlagsWithNonObjCConversion(
7560 const char *flagsStart, const char *flagsEnd, const char *conversionPosition) {
7561 // Warn about using '[...]' without a '@' conversion.
7562 auto Range = getSpecifierRange(startSpecifier: flagsStart, specifierLen: flagsEnd - flagsStart + 1);
7563 auto diag = diag::warn_printf_ObjCflags_without_ObjCConversion;
7564 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag) << StringRef(conversionPosition, 1),
7565 Loc: getLocationOfByte(x: conversionPosition),
7566 /*IsStringLocation*/ true, StringRange: Range,
7567 FixIt: FixItHint::CreateRemoval(RemoveRange: Range));
7568}
7569
7570void EquatableFormatArgument::EmitDiagnostic(Sema &S, PartialDiagnostic PDiag,
7571 const Expr *FmtExpr,
7572 bool InFunctionCall) const {
7573 CheckFormatHandler::EmitFormatDiagnostic(S, InFunctionCall, ArgumentExpr: FmtExpr, PDiag,
7574 Loc: ElementLoc, IsStringLocation: true, StringRange: Range);
7575}
7576
7577bool EquatableFormatArgument::VerifyCompatible(
7578 Sema &S, const EquatableFormatArgument &Other, const Expr *FmtExpr,
7579 bool InFunctionCall) const {
7580 using MK = analyze_format_string::ArgType::MatchKind;
7581 if (Role != Other.Role) {
7582 // diagnose and stop
7583 EmitDiagnostic(
7584 S, PDiag: S.PDiag(DiagID: diag::warn_format_cmp_role_mismatch) << Role << Other.Role,
7585 FmtExpr, InFunctionCall);
7586 S.Diag(Loc: Other.ElementLoc, DiagID: diag::note_format_cmp_with) << 0 << Other.Range;
7587 return false;
7588 }
7589
7590 if (Role != FAR_Data) {
7591 if (ModifierFor != Other.ModifierFor) {
7592 // diagnose and stop
7593 EmitDiagnostic(S,
7594 PDiag: S.PDiag(DiagID: diag::warn_format_cmp_modifierfor_mismatch)
7595 << (ModifierFor + 1) << (Other.ModifierFor + 1),
7596 FmtExpr, InFunctionCall);
7597 S.Diag(Loc: Other.ElementLoc, DiagID: diag::note_format_cmp_with) << 0 << Other.Range;
7598 return false;
7599 }
7600 return true;
7601 }
7602
7603 bool HadError = false;
7604 if (Sensitivity != Other.Sensitivity) {
7605 // diagnose and continue
7606 EmitDiagnostic(S,
7607 PDiag: S.PDiag(DiagID: diag::warn_format_cmp_sensitivity_mismatch)
7608 << Sensitivity << Other.Sensitivity,
7609 FmtExpr, InFunctionCall);
7610 HadError = S.Diag(Loc: Other.ElementLoc, DiagID: diag::note_format_cmp_with)
7611 << 0 << Other.Range;
7612 }
7613
7614 switch (ArgType.matchesArgType(C&: S.Context, other: Other.ArgType)) {
7615 case MK::Match:
7616 break;
7617
7618 case MK::MatchPromotion:
7619 // Per consensus reached at https://discourse.llvm.org/t/-/83076/12,
7620 // MatchPromotion is treated as a failure by format_matches.
7621 case MK::NoMatch:
7622 case MK::NoMatchTypeConfusion:
7623 case MK::NoMatchPromotionTypeConfusion:
7624 EmitDiagnostic(S,
7625 PDiag: S.PDiag(DiagID: diag::warn_format_cmp_specifier_mismatch)
7626 << buildFormatSpecifier()
7627 << Other.buildFormatSpecifier(),
7628 FmtExpr, InFunctionCall);
7629 HadError = S.Diag(Loc: Other.ElementLoc, DiagID: diag::note_format_cmp_with)
7630 << 0 << Other.Range;
7631 break;
7632
7633 case MK::NoMatchPedantic:
7634 EmitDiagnostic(S,
7635 PDiag: S.PDiag(DiagID: diag::warn_format_cmp_specifier_mismatch_pedantic)
7636 << buildFormatSpecifier()
7637 << Other.buildFormatSpecifier(),
7638 FmtExpr, InFunctionCall);
7639 HadError = S.Diag(Loc: Other.ElementLoc, DiagID: diag::note_format_cmp_with)
7640 << 0 << Other.Range;
7641 break;
7642
7643 case MK::NoMatchSignedness:
7644 if (!S.getDiagnostics().isIgnored(
7645 DiagID: diag::warn_format_conversion_argument_type_mismatch_signedness,
7646 Loc: ElementLoc)) {
7647 EmitDiagnostic(S,
7648 PDiag: S.PDiag(DiagID: diag::warn_format_cmp_specifier_sign_mismatch)
7649 << buildFormatSpecifier()
7650 << Other.buildFormatSpecifier(),
7651 FmtExpr, InFunctionCall);
7652 HadError = S.Diag(Loc: Other.ElementLoc, DiagID: diag::note_format_cmp_with)
7653 << 0 << Other.Range;
7654 }
7655 break;
7656 }
7657 return !HadError;
7658}
7659
7660bool DecomposePrintfHandler::GetSpecifiers(
7661 Sema &S, const FormatStringLiteral *FSL, const Expr *FmtExpr,
7662 FormatStringType Type, bool IsObjC, bool InFunctionCall,
7663 llvm::SmallVectorImpl<EquatableFormatArgument> &Args) {
7664 StringRef Data = FSL->getString();
7665 const char *Str = Data.data();
7666 llvm::SmallBitVector BV;
7667 UncoveredArgHandler UA;
7668 const Expr *PrintfArgs[] = {FSL->getFormatString()};
7669 DecomposePrintfHandler H(S, FSL, FSL->getFormatString(), Type, 0, 0, IsObjC,
7670 Str, Sema::FAPK_Elsewhere, PrintfArgs, 0,
7671 InFunctionCall, VariadicCallType::DoesNotApply, BV,
7672 UA, Args);
7673
7674 if (!analyze_format_string::ParsePrintfString(
7675 H, beg: Str, end: Str + Data.size(), LO: S.getLangOpts(), Target: S.Context.getTargetInfo(),
7676 isFreeBSDKPrintf: Type == FormatStringType::FreeBSDKPrintf))
7677 H.DoneProcessing();
7678 if (H.HadError)
7679 return false;
7680
7681 llvm::stable_sort(Range&: Args, C: [](const EquatableFormatArgument &A,
7682 const EquatableFormatArgument &B) {
7683 return A.getPosition() < B.getPosition();
7684 });
7685 return true;
7686}
7687
7688bool DecomposePrintfHandler::HandlePrintfSpecifier(
7689 const analyze_printf::PrintfSpecifier &FS, const char *startSpecifier,
7690 unsigned specifierLen, const TargetInfo &Target) {
7691 if (!CheckPrintfHandler::HandlePrintfSpecifier(FS, startSpecifier,
7692 specifierLen, Target)) {
7693 HadError = true;
7694 return false;
7695 }
7696
7697 // Do not add any specifiers to the list for %%. This is possibly incorrect
7698 // if using a precision/width with a data argument, but that combination is
7699 // meaningless and we wouldn't know which format to attach the
7700 // precision/width to.
7701 const auto &CS = FS.getConversionSpecifier();
7702 if (CS.getKind() == analyze_format_string::ConversionSpecifier::PercentArg)
7703 return true;
7704
7705 // have to patch these to have the right ModifierFor if they are used
7706 const unsigned Unset = ~0;
7707 unsigned FieldWidthIndex = Unset;
7708 unsigned PrecisionIndex = Unset;
7709
7710 // field width?
7711 const auto &FieldWidth = FS.getFieldWidth();
7712 if (!FieldWidth.isInvalid() && FieldWidth.hasDataArgument()) {
7713 FieldWidthIndex = Specs.size();
7714 Specs.emplace_back(Args: getSpecifierRange(startSpecifier, specifierLen),
7715 Args: getLocationOfByte(x: FieldWidth.getStart()),
7716 Args: analyze_format_string::LengthModifier::None, Args: "*",
7717 Args: FieldWidth.getArgType(Ctx&: S.Context),
7718 Args: EquatableFormatArgument::FAR_FieldWidth,
7719 Args: EquatableFormatArgument::SS_None,
7720 Args: FieldWidth.usesPositionalArg()
7721 ? FieldWidth.getPositionalArgIndex() - 1
7722 : FieldWidthIndex,
7723 Args: 0);
7724 }
7725 // precision?
7726 const auto &Precision = FS.getPrecision();
7727 if (!Precision.isInvalid() && Precision.hasDataArgument()) {
7728 PrecisionIndex = Specs.size();
7729 Specs.emplace_back(
7730 Args: getSpecifierRange(startSpecifier, specifierLen),
7731 Args: getLocationOfByte(x: Precision.getStart()),
7732 Args: analyze_format_string::LengthModifier::None, Args: ".*",
7733 Args: Precision.getArgType(Ctx&: S.Context), Args: EquatableFormatArgument::FAR_Precision,
7734 Args: EquatableFormatArgument::SS_None,
7735 Args: Precision.usesPositionalArg() ? Precision.getPositionalArgIndex() - 1
7736 : PrecisionIndex,
7737 Args: 0);
7738 }
7739
7740 // this specifier
7741 unsigned SpecIndex =
7742 FS.usesPositionalArg() ? FS.getPositionalArgIndex() - 1 : Specs.size();
7743 if (FieldWidthIndex != Unset)
7744 Specs[FieldWidthIndex].setModifierFor(SpecIndex);
7745 if (PrecisionIndex != Unset)
7746 Specs[PrecisionIndex].setModifierFor(SpecIndex);
7747
7748 EquatableFormatArgument::SpecifierSensitivity Sensitivity;
7749 if (FS.isPrivate())
7750 Sensitivity = EquatableFormatArgument::SS_Private;
7751 else if (FS.isPublic())
7752 Sensitivity = EquatableFormatArgument::SS_Public;
7753 else if (FS.isSensitive())
7754 Sensitivity = EquatableFormatArgument::SS_Sensitive;
7755 else
7756 Sensitivity = EquatableFormatArgument::SS_None;
7757
7758 Specs.emplace_back(
7759 Args: getSpecifierRange(startSpecifier, specifierLen),
7760 Args: getLocationOfByte(x: CS.getStart()), Args: FS.getLengthModifier().getKind(),
7761 Args: CS.getCharacters(), Args: FS.getArgType(Ctx&: S.Context, IsObjCLiteral: isObjCContext()),
7762 Args: EquatableFormatArgument::FAR_Data, Args&: Sensitivity, Args&: SpecIndex, Args: 0);
7763
7764 // auxiliary argument?
7765 if (CS.getKind() == analyze_format_string::ConversionSpecifier::FreeBSDbArg ||
7766 CS.getKind() == analyze_format_string::ConversionSpecifier::FreeBSDDArg) {
7767 Specs.emplace_back(Args: getSpecifierRange(startSpecifier, specifierLen),
7768 Args: getLocationOfByte(x: CS.getStart()),
7769 Args: analyze_format_string::LengthModifier::None,
7770 Args: CS.getCharacters(),
7771 Args: analyze_format_string::ArgType::CStrTy,
7772 Args: EquatableFormatArgument::FAR_Auxiliary, Args&: Sensitivity,
7773 Args: SpecIndex + 1, Args&: SpecIndex);
7774 }
7775 return true;
7776}
7777
7778// Determines if the specified is a C++ class or struct containing
7779// a member with the specified name and kind (e.g. a CXXMethodDecl named
7780// "c_str()").
7781template<typename MemberKind>
7782static llvm::SmallPtrSet<MemberKind*, 1>
7783CXXRecordMembersNamed(StringRef Name, Sema &S, QualType Ty) {
7784 const RecordType *RT = Ty->getAs<RecordType>();
7785 llvm::SmallPtrSet<MemberKind*, 1> Results;
7786
7787 if (!RT)
7788 return Results;
7789 const CXXRecordDecl *RD = dyn_cast<CXXRecordDecl>(Val: RT->getDecl());
7790 if (!RD || !RD->getDefinition())
7791 return Results;
7792
7793 LookupResult R(S, &S.Context.Idents.get(Name), SourceLocation(),
7794 Sema::LookupMemberName);
7795 R.suppressDiagnostics();
7796
7797 // We just need to include all members of the right kind turned up by the
7798 // filter, at this point.
7799 if (S.LookupQualifiedName(R, LookupCtx: RT->getDecl()))
7800 for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) {
7801 NamedDecl *decl = (*I)->getUnderlyingDecl();
7802 if (MemberKind *FK = dyn_cast<MemberKind>(decl))
7803 Results.insert(FK);
7804 }
7805 return Results;
7806}
7807
7808/// Check if we could call '.c_str()' on an object.
7809///
7810/// FIXME: This returns the wrong results in some cases (if cv-qualifiers don't
7811/// allow the call, or if it would be ambiguous).
7812bool Sema::hasCStrMethod(const Expr *E) {
7813 using MethodSet = llvm::SmallPtrSet<CXXMethodDecl *, 1>;
7814
7815 MethodSet Results =
7816 CXXRecordMembersNamed<CXXMethodDecl>(Name: "c_str", S&: *this, Ty: E->getType());
7817 for (MethodSet::iterator MI = Results.begin(), ME = Results.end();
7818 MI != ME; ++MI)
7819 if ((*MI)->getMinRequiredArguments() == 0)
7820 return true;
7821 return false;
7822}
7823
7824// Check if a (w)string was passed when a (w)char* was needed, and offer a
7825// better diagnostic if so. AT is assumed to be valid.
7826// Returns true when a c_str() conversion method is found.
7827bool CheckPrintfHandler::checkForCStrMembers(
7828 const analyze_printf::ArgType &AT, const Expr *E) {
7829 using MethodSet = llvm::SmallPtrSet<CXXMethodDecl *, 1>;
7830
7831 MethodSet Results =
7832 CXXRecordMembersNamed<CXXMethodDecl>(Name: "c_str", S, Ty: E->getType());
7833
7834 for (MethodSet::iterator MI = Results.begin(), ME = Results.end();
7835 MI != ME; ++MI) {
7836 const CXXMethodDecl *Method = *MI;
7837 if (Method->getMinRequiredArguments() == 0 &&
7838 AT.matchesType(C&: S.Context, argTy: Method->getReturnType())) {
7839 // FIXME: Suggest parens if the expression needs them.
7840 SourceLocation EndLoc = S.getLocForEndOfToken(Loc: E->getEndLoc());
7841 S.Diag(Loc: E->getBeginLoc(), DiagID: diag::note_printf_c_str)
7842 << "c_str()" << FixItHint::CreateInsertion(InsertionLoc: EndLoc, Code: ".c_str()");
7843 return true;
7844 }
7845 }
7846
7847 return false;
7848}
7849
7850bool CheckPrintfHandler::HandlePrintfSpecifier(
7851 const analyze_printf::PrintfSpecifier &FS, const char *startSpecifier,
7852 unsigned specifierLen, const TargetInfo &Target) {
7853 using namespace analyze_format_string;
7854 using namespace analyze_printf;
7855
7856 const PrintfConversionSpecifier &CS = FS.getConversionSpecifier();
7857
7858 if (FS.consumesDataArgument()) {
7859 if (atFirstArg) {
7860 atFirstArg = false;
7861 usesPositionalArgs = FS.usesPositionalArg();
7862 }
7863 else if (usesPositionalArgs != FS.usesPositionalArg()) {
7864 HandlePositionalNonpositionalArgs(Loc: getLocationOfByte(x: CS.getStart()),
7865 startSpec: startSpecifier, specifierLen);
7866 return false;
7867 }
7868 }
7869
7870 // First check if the field width, precision, and conversion specifier
7871 // have matching data arguments.
7872 if (!HandleAmount(Amt: FS.getFieldWidth(), /* field width */ k: 0,
7873 startSpecifier, specifierLen)) {
7874 return false;
7875 }
7876
7877 if (!HandleAmount(Amt: FS.getPrecision(), /* precision */ k: 1,
7878 startSpecifier, specifierLen)) {
7879 return false;
7880 }
7881
7882 if (!CS.consumesDataArgument()) {
7883 // FIXME: Technically specifying a precision or field width here
7884 // makes no sense. Worth issuing a warning at some point.
7885 return true;
7886 }
7887
7888 // Consume the argument.
7889 unsigned argIndex = FS.getArgIndex();
7890 if (argIndex < NumDataArgs) {
7891 // The check to see if the argIndex is valid will come later.
7892 // We set the bit here because we may exit early from this
7893 // function if we encounter some other error.
7894 CoveredArgs.set(argIndex);
7895 }
7896
7897 // FreeBSD kernel extensions.
7898 if (CS.getKind() == ConversionSpecifier::FreeBSDbArg ||
7899 CS.getKind() == ConversionSpecifier::FreeBSDDArg) {
7900 // We need at least two arguments.
7901 if (!CheckNumArgs(FS, CS, startSpecifier, specifierLen, argIndex: argIndex + 1))
7902 return false;
7903
7904 if (HasFormatArguments()) {
7905 // Claim the second argument.
7906 CoveredArgs.set(argIndex + 1);
7907
7908 // Type check the first argument (int for %b, pointer for %D)
7909 const Expr *Ex = getDataArg(i: argIndex);
7910 const analyze_printf::ArgType &AT =
7911 (CS.getKind() == ConversionSpecifier::FreeBSDbArg)
7912 ? ArgType(S.Context.IntTy)
7913 : ArgType::CPointerTy;
7914 if (AT.isValid() && !AT.matchesType(C&: S.Context, argTy: Ex->getType()))
7915 EmitFormatDiagnostic(
7916 PDiag: S.PDiag(DiagID: diag::warn_format_conversion_argument_type_mismatch)
7917 << AT.getRepresentativeTypeName(C&: S.Context) << Ex->getType()
7918 << false << Ex->getSourceRange(),
7919 Loc: Ex->getBeginLoc(), /*IsStringLocation*/ false,
7920 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7921
7922 // Type check the second argument (char * for both %b and %D)
7923 Ex = getDataArg(i: argIndex + 1);
7924 const analyze_printf::ArgType &AT2 = ArgType::CStrTy;
7925 if (AT2.isValid() && !AT2.matchesType(C&: S.Context, argTy: Ex->getType()))
7926 EmitFormatDiagnostic(
7927 PDiag: S.PDiag(DiagID: diag::warn_format_conversion_argument_type_mismatch)
7928 << AT2.getRepresentativeTypeName(C&: S.Context) << Ex->getType()
7929 << false << Ex->getSourceRange(),
7930 Loc: Ex->getBeginLoc(), /*IsStringLocation*/ false,
7931 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7932 }
7933 return true;
7934 }
7935
7936 // Check for using an Objective-C specific conversion specifier
7937 // in a non-ObjC literal.
7938 if (!allowsObjCArg() && CS.isObjCArg()) {
7939 return HandleInvalidPrintfConversionSpecifier(FS, startSpecifier,
7940 specifierLen);
7941 }
7942
7943 // %P can only be used with os_log.
7944 if (FSType != FormatStringType::OSLog &&
7945 CS.getKind() == ConversionSpecifier::PArg) {
7946 return HandleInvalidPrintfConversionSpecifier(FS, startSpecifier,
7947 specifierLen);
7948 }
7949
7950 // %n is not allowed with os_log.
7951 if (FSType == FormatStringType::OSLog &&
7952 CS.getKind() == ConversionSpecifier::nArg) {
7953 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_os_log_format_narg),
7954 Loc: getLocationOfByte(x: CS.getStart()),
7955 /*IsStringLocation*/ false,
7956 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7957
7958 return true;
7959 }
7960
7961 // Only scalars are allowed for os_trace.
7962 if (FSType == FormatStringType::OSTrace &&
7963 (CS.getKind() == ConversionSpecifier::PArg ||
7964 CS.getKind() == ConversionSpecifier::sArg ||
7965 CS.getKind() == ConversionSpecifier::ObjCObjArg)) {
7966 return HandleInvalidPrintfConversionSpecifier(FS, startSpecifier,
7967 specifierLen);
7968 }
7969
7970 // Check for use of public/private annotation outside of os_log().
7971 if (FSType != FormatStringType::OSLog) {
7972 if (FS.isPublic().isSet()) {
7973 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_invalid_annotation)
7974 << "public",
7975 Loc: getLocationOfByte(x: FS.isPublic().getPosition()),
7976 /*IsStringLocation*/ false,
7977 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7978 }
7979 if (FS.isPrivate().isSet()) {
7980 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_invalid_annotation)
7981 << "private",
7982 Loc: getLocationOfByte(x: FS.isPrivate().getPosition()),
7983 /*IsStringLocation*/ false,
7984 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7985 }
7986 }
7987
7988 const llvm::Triple &Triple = Target.getTriple();
7989 if (CS.getKind() == ConversionSpecifier::nArg &&
7990 (Triple.isAndroid() || Triple.isOSFuchsia())) {
7991 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_printf_narg_not_supported),
7992 Loc: getLocationOfByte(x: CS.getStart()),
7993 /*IsStringLocation*/ false,
7994 StringRange: getSpecifierRange(startSpecifier, specifierLen));
7995 }
7996
7997 // Check for invalid use of field width
7998 if (!FS.hasValidFieldWidth()) {
7999 HandleInvalidAmount(FS, Amt: FS.getFieldWidth(), /* field width */ type: 0,
8000 startSpecifier, specifierLen);
8001 }
8002
8003 // Check for invalid use of precision
8004 if (!FS.hasValidPrecision()) {
8005 HandleInvalidAmount(FS, Amt: FS.getPrecision(), /* precision */ type: 1,
8006 startSpecifier, specifierLen);
8007 }
8008
8009 // Precision is mandatory for %P specifier.
8010 if (CS.getKind() == ConversionSpecifier::PArg &&
8011 FS.getPrecision().getHowSpecified() == OptionalAmount::NotSpecified) {
8012 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_P_no_precision),
8013 Loc: getLocationOfByte(x: startSpecifier),
8014 /*IsStringLocation*/ false,
8015 StringRange: getSpecifierRange(startSpecifier, specifierLen));
8016 }
8017
8018 // Check each flag does not conflict with any other component.
8019 if (!FS.hasValidThousandsGroupingPrefix())
8020 HandleFlag(FS, flag: FS.hasThousandsGrouping(), startSpecifier, specifierLen);
8021 if (!FS.hasValidLeadingZeros())
8022 HandleFlag(FS, flag: FS.hasLeadingZeros(), startSpecifier, specifierLen);
8023 if (!FS.hasValidPlusPrefix())
8024 HandleFlag(FS, flag: FS.hasPlusPrefix(), startSpecifier, specifierLen);
8025 if (!FS.hasValidSpacePrefix())
8026 HandleFlag(FS, flag: FS.hasSpacePrefix(), startSpecifier, specifierLen);
8027 if (!FS.hasValidAlternativeForm())
8028 HandleFlag(FS, flag: FS.hasAlternativeForm(), startSpecifier, specifierLen);
8029 if (!FS.hasValidLeftJustified())
8030 HandleFlag(FS, flag: FS.isLeftJustified(), startSpecifier, specifierLen);
8031
8032 // Check that flags are not ignored by another flag
8033 if (FS.hasSpacePrefix() && FS.hasPlusPrefix()) // ' ' ignored by '+'
8034 HandleIgnoredFlag(FS, ignoredFlag: FS.hasSpacePrefix(), flag: FS.hasPlusPrefix(),
8035 startSpecifier, specifierLen);
8036 if (FS.hasLeadingZeros() && FS.isLeftJustified()) // '0' ignored by '-'
8037 HandleIgnoredFlag(FS, ignoredFlag: FS.hasLeadingZeros(), flag: FS.isLeftJustified(),
8038 startSpecifier, specifierLen);
8039
8040 // Check the length modifier is valid with the given conversion specifier.
8041 if (!FS.hasValidLengthModifier(Target: S.getASTContext().getTargetInfo(),
8042 LO: S.getLangOpts()))
8043 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen,
8044 DiagID: diag::warn_format_nonsensical_length);
8045 else if (!FS.hasStandardLengthModifier())
8046 HandleNonStandardLengthModifier(FS, startSpecifier, specifierLen);
8047 else if (!FS.hasStandardLengthConversionCombination())
8048 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen,
8049 DiagID: diag::warn_format_non_standard_conversion_spec);
8050
8051 if (!FS.hasStandardConversionSpecifier(LangOpt: S.getLangOpts()))
8052 HandleNonStandardConversionSpecifier(CS, startSpecifier, specifierLen);
8053
8054 // The remaining checks depend on the data arguments.
8055 if (!HasFormatArguments())
8056 return true;
8057
8058 if (!CheckNumArgs(FS, CS, startSpecifier, specifierLen, argIndex))
8059 return false;
8060
8061 const Expr *Arg = getDataArg(i: argIndex);
8062 if (!Arg)
8063 return true;
8064
8065 return checkFormatExpr(FS, StartSpecifier: startSpecifier, SpecifierLen: specifierLen, E: Arg);
8066}
8067
8068static bool requiresParensToAddCast(const Expr *E) {
8069 // FIXME: We should have a general way to reason about operator
8070 // precedence and whether parens are actually needed here.
8071 // Take care of a few common cases where they aren't.
8072 const Expr *Inside = E->IgnoreImpCasts();
8073 if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(Val: Inside))
8074 Inside = POE->getSyntacticForm()->IgnoreImpCasts();
8075
8076 switch (Inside->getStmtClass()) {
8077 case Stmt::ArraySubscriptExprClass:
8078 case Stmt::CallExprClass:
8079 case Stmt::CharacterLiteralClass:
8080 case Stmt::CXXBoolLiteralExprClass:
8081 case Stmt::DeclRefExprClass:
8082 case Stmt::FloatingLiteralClass:
8083 case Stmt::IntegerLiteralClass:
8084 case Stmt::MemberExprClass:
8085 case Stmt::ObjCArrayLiteralClass:
8086 case Stmt::ObjCBoolLiteralExprClass:
8087 case Stmt::ObjCBoxedExprClass:
8088 case Stmt::ObjCDictionaryLiteralClass:
8089 case Stmt::ObjCEncodeExprClass:
8090 case Stmt::ObjCIvarRefExprClass:
8091 case Stmt::ObjCMessageExprClass:
8092 case Stmt::ObjCPropertyRefExprClass:
8093 case Stmt::ObjCStringLiteralClass:
8094 case Stmt::ObjCSubscriptRefExprClass:
8095 case Stmt::ParenExprClass:
8096 case Stmt::StringLiteralClass:
8097 case Stmt::UnaryOperatorClass:
8098 return false;
8099 default:
8100 return true;
8101 }
8102}
8103
8104static std::pair<QualType, StringRef>
8105shouldNotPrintDirectly(const ASTContext &Context,
8106 QualType IntendedTy,
8107 const Expr *E) {
8108 // Use a 'while' to peel off layers of typedefs.
8109 QualType TyTy = IntendedTy;
8110 while (const TypedefType *UserTy = TyTy->getAs<TypedefType>()) {
8111 StringRef Name = UserTy->getDecl()->getName();
8112 QualType CastTy = llvm::StringSwitch<QualType>(Name)
8113 .Case(S: "CFIndex", Value: Context.getNSIntegerType())
8114 .Case(S: "NSInteger", Value: Context.getNSIntegerType())
8115 .Case(S: "NSUInteger", Value: Context.getNSUIntegerType())
8116 .Case(S: "SInt32", Value: Context.IntTy)
8117 .Case(S: "UInt32", Value: Context.UnsignedIntTy)
8118 .Default(Value: QualType());
8119
8120 if (!CastTy.isNull())
8121 return std::make_pair(x&: CastTy, y&: Name);
8122
8123 TyTy = UserTy->desugar();
8124 }
8125
8126 // Strip parens if necessary.
8127 if (const ParenExpr *PE = dyn_cast<ParenExpr>(Val: E))
8128 return shouldNotPrintDirectly(Context,
8129 IntendedTy: PE->getSubExpr()->getType(),
8130 E: PE->getSubExpr());
8131
8132 // If this is a conditional expression, then its result type is constructed
8133 // via usual arithmetic conversions and thus there might be no necessary
8134 // typedef sugar there. Recurse to operands to check for NSInteger &
8135 // Co. usage condition.
8136 if (const ConditionalOperator *CO = dyn_cast<ConditionalOperator>(Val: E)) {
8137 QualType TrueTy, FalseTy;
8138 StringRef TrueName, FalseName;
8139
8140 std::tie(args&: TrueTy, args&: TrueName) =
8141 shouldNotPrintDirectly(Context,
8142 IntendedTy: CO->getTrueExpr()->getType(),
8143 E: CO->getTrueExpr());
8144 std::tie(args&: FalseTy, args&: FalseName) =
8145 shouldNotPrintDirectly(Context,
8146 IntendedTy: CO->getFalseExpr()->getType(),
8147 E: CO->getFalseExpr());
8148
8149 if (TrueTy == FalseTy)
8150 return std::make_pair(x&: TrueTy, y&: TrueName);
8151 else if (TrueTy.isNull())
8152 return std::make_pair(x&: FalseTy, y&: FalseName);
8153 else if (FalseTy.isNull())
8154 return std::make_pair(x&: TrueTy, y&: TrueName);
8155 }
8156
8157 return std::make_pair(x: QualType(), y: StringRef());
8158}
8159
8160/// Return true if \p ICE is an implicit argument promotion of an arithmetic
8161/// type. Bit-field 'promotions' from a higher ranked type to a lower ranked
8162/// type do not count.
8163static bool
8164isArithmeticArgumentPromotion(Sema &S, const ImplicitCastExpr *ICE) {
8165 QualType From = ICE->getSubExpr()->getType();
8166 QualType To = ICE->getType();
8167 // It's an integer promotion if the destination type is the promoted
8168 // source type.
8169 if (ICE->getCastKind() == CK_IntegralCast &&
8170 S.Context.isPromotableIntegerType(T: From) &&
8171 S.Context.getPromotedIntegerType(PromotableType: From) == To)
8172 return true;
8173 // Look through vector types, since we do default argument promotion for
8174 // those in OpenCL.
8175 if (const auto *VecTy = From->getAs<ExtVectorType>())
8176 From = VecTy->getElementType();
8177 if (const auto *VecTy = To->getAs<ExtVectorType>())
8178 To = VecTy->getElementType();
8179 // It's a floating promotion if the source type is a lower rank.
8180 return ICE->getCastKind() == CK_FloatingCast &&
8181 S.Context.getFloatingTypeOrder(LHS: From, RHS: To) < 0;
8182}
8183
8184static analyze_format_string::ArgType::MatchKind
8185handleFormatSignedness(analyze_format_string::ArgType::MatchKind Match,
8186 DiagnosticsEngine &Diags, SourceLocation Loc) {
8187 if (Match == analyze_format_string::ArgType::NoMatchSignedness) {
8188 Match =
8189 Diags.isIgnored(
8190 DiagID: diag::warn_format_conversion_argument_type_mismatch_signedness, Loc)
8191 ? analyze_format_string::ArgType::Match
8192 : analyze_format_string::ArgType::NoMatch;
8193 }
8194 return Match;
8195}
8196
8197bool
8198CheckPrintfHandler::checkFormatExpr(const analyze_printf::PrintfSpecifier &FS,
8199 const char *StartSpecifier,
8200 unsigned SpecifierLen,
8201 const Expr *E) {
8202 using namespace analyze_format_string;
8203 using namespace analyze_printf;
8204
8205 // Now type check the data expression that matches the
8206 // format specifier.
8207 const analyze_printf::ArgType &AT = FS.getArgType(Ctx&: S.Context, IsObjCLiteral: isObjCContext());
8208 if (!AT.isValid())
8209 return true;
8210
8211 QualType ExprTy = E->getType();
8212 while (const TypeOfExprType *TET = dyn_cast<TypeOfExprType>(Val&: ExprTy)) {
8213 ExprTy = TET->getUnderlyingExpr()->getType();
8214 }
8215
8216 // When using the format attribute in C++, you can receive a function or an
8217 // array that will necessarily decay to a pointer when passed to the final
8218 // format consumer. Apply decay before type comparison.
8219 if (ExprTy->canDecayToPointerType())
8220 ExprTy = S.Context.getDecayedType(T: ExprTy);
8221
8222 // Diagnose attempts to print a boolean value as a character. Unlike other
8223 // -Wformat diagnostics, this is fine from a type perspective, but it still
8224 // doesn't make sense.
8225 if (FS.getConversionSpecifier().getKind() == ConversionSpecifier::cArg &&
8226 E->isKnownToHaveBooleanValue()) {
8227 const CharSourceRange &CSR =
8228 getSpecifierRange(startSpecifier: StartSpecifier, specifierLen: SpecifierLen);
8229 SmallString<4> FSString;
8230 llvm::raw_svector_ostream os(FSString);
8231 FS.toString(os);
8232 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_bool_as_character)
8233 << FSString,
8234 Loc: E->getExprLoc(), IsStringLocation: false, StringRange: CSR);
8235 return true;
8236 }
8237
8238 // Diagnose attempts to use '%P' with ObjC object types, which will result in
8239 // dumping raw class data (like is-a pointer), not actual data.
8240 if (FS.getConversionSpecifier().getKind() == ConversionSpecifier::PArg &&
8241 ExprTy->isObjCObjectPointerType()) {
8242 const CharSourceRange &CSR =
8243 getSpecifierRange(startSpecifier: StartSpecifier, specifierLen: SpecifierLen);
8244 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_format_P_with_objc_pointer),
8245 Loc: E->getExprLoc(), IsStringLocation: false, StringRange: CSR);
8246 return true;
8247 }
8248
8249 ArgType::MatchKind ImplicitMatch = ArgType::NoMatch;
8250 ArgType::MatchKind Match = AT.matchesType(C&: S.Context, argTy: ExprTy);
8251 ArgType::MatchKind OrigMatch = Match;
8252
8253 Match = handleFormatSignedness(Match, Diags&: S.getDiagnostics(), Loc: E->getExprLoc());
8254 if (Match == ArgType::Match)
8255 return true;
8256
8257 // NoMatchPromotionTypeConfusion should be only returned in ImplictCastExpr
8258 assert(Match != ArgType::NoMatchPromotionTypeConfusion);
8259
8260 // Look through argument promotions for our error message's reported type.
8261 // This includes the integral and floating promotions, but excludes array
8262 // and function pointer decay (seeing that an argument intended to be a
8263 // string has type 'char [6]' is probably more confusing than 'char *') and
8264 // certain bitfield promotions (bitfields can be 'demoted' to a lesser type).
8265 if (const ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(Val: E)) {
8266 if (isArithmeticArgumentPromotion(S, ICE)) {
8267 E = ICE->getSubExpr();
8268 ExprTy = E->getType();
8269
8270 // Check if we didn't match because of an implicit cast from a 'char'
8271 // or 'short' to an 'int'. This is done because printf is a varargs
8272 // function.
8273 if (ICE->getType() == S.Context.IntTy ||
8274 ICE->getType() == S.Context.UnsignedIntTy) {
8275 // All further checking is done on the subexpression
8276 ImplicitMatch = AT.matchesType(C&: S.Context, argTy: ExprTy);
8277 if (OrigMatch == ArgType::NoMatchSignedness &&
8278 ImplicitMatch != ArgType::NoMatchSignedness)
8279 // If the original match was a signedness match this match on the
8280 // implicit cast type also need to be signedness match otherwise we
8281 // might introduce new unexpected warnings from -Wformat-signedness.
8282 return true;
8283 ImplicitMatch = handleFormatSignedness(
8284 Match: ImplicitMatch, Diags&: S.getDiagnostics(), Loc: E->getExprLoc());
8285 if (ImplicitMatch == ArgType::Match)
8286 return true;
8287 }
8288 }
8289 } else if (const CharacterLiteral *CL = dyn_cast<CharacterLiteral>(Val: E)) {
8290 // Special case for 'a', which has type 'int' in C.
8291 // Note, however, that we do /not/ want to treat multibyte constants like
8292 // 'MooV' as characters! This form is deprecated but still exists. In
8293 // addition, don't treat expressions as of type 'char' if one byte length
8294 // modifier is provided.
8295 if (ExprTy == S.Context.IntTy &&
8296 FS.getLengthModifier().getKind() != LengthModifier::AsChar)
8297 if (llvm::isUIntN(N: S.Context.getCharWidth(), x: CL->getValue())) {
8298 ExprTy = S.Context.CharTy;
8299 // To improve check results, we consider a character literal in C
8300 // to be a 'char' rather than an 'int'. 'printf("%hd", 'a');' is
8301 // more likely a type confusion situation, so we will suggest to
8302 // use '%hhd' instead by discarding the MatchPromotion.
8303 if (Match == ArgType::MatchPromotion)
8304 Match = ArgType::NoMatch;
8305 }
8306 }
8307 if (Match == ArgType::MatchPromotion) {
8308 // WG14 N2562 only clarified promotions in *printf
8309 // For NSLog in ObjC, just preserve -Wformat behavior
8310 if (!S.getLangOpts().ObjC &&
8311 ImplicitMatch != ArgType::NoMatchPromotionTypeConfusion &&
8312 ImplicitMatch != ArgType::NoMatchTypeConfusion)
8313 return true;
8314 Match = ArgType::NoMatch;
8315 }
8316 if (ImplicitMatch == ArgType::NoMatchPedantic ||
8317 ImplicitMatch == ArgType::NoMatchTypeConfusion)
8318 Match = ImplicitMatch;
8319 assert(Match != ArgType::MatchPromotion);
8320
8321 // Look through unscoped enums to their underlying type.
8322 bool IsEnum = false;
8323 bool IsScopedEnum = false;
8324 QualType IntendedTy = ExprTy;
8325 if (auto EnumTy = ExprTy->getAs<EnumType>()) {
8326 IntendedTy = EnumTy->getDecl()->getIntegerType();
8327 if (EnumTy->isUnscopedEnumerationType()) {
8328 ExprTy = IntendedTy;
8329 // This controls whether we're talking about the underlying type or not,
8330 // which we only want to do when it's an unscoped enum.
8331 IsEnum = true;
8332 } else {
8333 IsScopedEnum = true;
8334 }
8335 }
8336
8337 // %C in an Objective-C context prints a unichar, not a wchar_t.
8338 // If the argument is an integer of some kind, believe the %C and suggest
8339 // a cast instead of changing the conversion specifier.
8340 if (isObjCContext() &&
8341 FS.getConversionSpecifier().getKind() == ConversionSpecifier::CArg) {
8342 if (ExprTy->isIntegralOrUnscopedEnumerationType() &&
8343 !ExprTy->isCharType()) {
8344 // 'unichar' is defined as a typedef of unsigned short, but we should
8345 // prefer using the typedef if it is visible.
8346 IntendedTy = S.Context.UnsignedShortTy;
8347
8348 // While we are here, check if the value is an IntegerLiteral that happens
8349 // to be within the valid range.
8350 if (const IntegerLiteral *IL = dyn_cast<IntegerLiteral>(Val: E)) {
8351 const llvm::APInt &V = IL->getValue();
8352 if (V.getActiveBits() <= S.Context.getTypeSize(T: IntendedTy))
8353 return true;
8354 }
8355
8356 LookupResult Result(S, &S.Context.Idents.get(Name: "unichar"), E->getBeginLoc(),
8357 Sema::LookupOrdinaryName);
8358 if (S.LookupName(R&: Result, S: S.getCurScope())) {
8359 NamedDecl *ND = Result.getFoundDecl();
8360 if (TypedefNameDecl *TD = dyn_cast<TypedefNameDecl>(Val: ND))
8361 if (TD->getUnderlyingType() == IntendedTy)
8362 IntendedTy = S.Context.getTypedefType(Decl: TD);
8363 }
8364 }
8365 }
8366
8367 // Special-case some of Darwin's platform-independence types by suggesting
8368 // casts to primitive types that are known to be large enough.
8369 bool ShouldNotPrintDirectly = false; StringRef CastTyName;
8370 if (S.Context.getTargetInfo().getTriple().isOSDarwin()) {
8371 QualType CastTy;
8372 std::tie(args&: CastTy, args&: CastTyName) = shouldNotPrintDirectly(Context: S.Context, IntendedTy, E);
8373 if (!CastTy.isNull()) {
8374 // %zi/%zu and %td/%tu are OK to use for NSInteger/NSUInteger of type int
8375 // (long in ASTContext). Only complain to pedants or when they're the
8376 // underlying type of a scoped enum (which always needs a cast).
8377 if (!IsScopedEnum &&
8378 (CastTyName == "NSInteger" || CastTyName == "NSUInteger") &&
8379 (AT.isSizeT() || AT.isPtrdiffT()) &&
8380 AT.matchesType(C&: S.Context, argTy: CastTy))
8381 Match = ArgType::NoMatchPedantic;
8382 IntendedTy = CastTy;
8383 ShouldNotPrintDirectly = true;
8384 }
8385 }
8386
8387 // We may be able to offer a FixItHint if it is a supported type.
8388 PrintfSpecifier fixedFS = FS;
8389 bool Success =
8390 fixedFS.fixType(QT: IntendedTy, LangOpt: S.getLangOpts(), Ctx&: S.Context, IsObjCLiteral: isObjCContext());
8391
8392 if (Success) {
8393 // Get the fix string from the fixed format specifier
8394 SmallString<16> buf;
8395 llvm::raw_svector_ostream os(buf);
8396 fixedFS.toString(os);
8397
8398 CharSourceRange SpecRange = getSpecifierRange(startSpecifier: StartSpecifier, specifierLen: SpecifierLen);
8399
8400 if (IntendedTy == ExprTy && !ShouldNotPrintDirectly && !IsScopedEnum) {
8401 unsigned Diag;
8402 switch (Match) {
8403 case ArgType::Match:
8404 case ArgType::MatchPromotion:
8405 case ArgType::NoMatchPromotionTypeConfusion:
8406 case ArgType::NoMatchSignedness:
8407 llvm_unreachable("expected non-matching");
8408 case ArgType::NoMatchPedantic:
8409 Diag = diag::warn_format_conversion_argument_type_mismatch_pedantic;
8410 break;
8411 case ArgType::NoMatchTypeConfusion:
8412 Diag = diag::warn_format_conversion_argument_type_mismatch_confusion;
8413 break;
8414 case ArgType::NoMatch:
8415 Diag = diag::warn_format_conversion_argument_type_mismatch;
8416 break;
8417 }
8418
8419 // In this case, the specifier is wrong and should be changed to match
8420 // the argument.
8421 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: Diag)
8422 << AT.getRepresentativeTypeName(C&: S.Context)
8423 << IntendedTy << IsEnum << E->getSourceRange(),
8424 Loc: E->getBeginLoc(),
8425 /*IsStringLocation*/ false, StringRange: SpecRange,
8426 FixIt: FixItHint::CreateReplacement(RemoveRange: SpecRange, Code: os.str()));
8427 } else {
8428 // The canonical type for formatting this value is different from the
8429 // actual type of the expression. (This occurs, for example, with Darwin's
8430 // NSInteger on 32-bit platforms, where it is typedef'd as 'int', but
8431 // should be printed as 'long' for 64-bit compatibility.)
8432 // Rather than emitting a normal format/argument mismatch, we want to
8433 // add a cast to the recommended type (and correct the format string
8434 // if necessary). We should also do so for scoped enumerations.
8435 SmallString<16> CastBuf;
8436 llvm::raw_svector_ostream CastFix(CastBuf);
8437 CastFix << (S.LangOpts.CPlusPlus ? "static_cast<" : "(");
8438 IntendedTy.print(OS&: CastFix, Policy: S.Context.getPrintingPolicy());
8439 CastFix << (S.LangOpts.CPlusPlus ? ">" : ")");
8440
8441 SmallVector<FixItHint,4> Hints;
8442 ArgType::MatchKind IntendedMatch = AT.matchesType(C&: S.Context, argTy: IntendedTy);
8443 IntendedMatch = handleFormatSignedness(Match: IntendedMatch, Diags&: S.getDiagnostics(),
8444 Loc: E->getExprLoc());
8445 if ((IntendedMatch != ArgType::Match) || ShouldNotPrintDirectly)
8446 Hints.push_back(Elt: FixItHint::CreateReplacement(RemoveRange: SpecRange, Code: os.str()));
8447
8448 if (const CStyleCastExpr *CCast = dyn_cast<CStyleCastExpr>(Val: E)) {
8449 // If there's already a cast present, just replace it.
8450 SourceRange CastRange(CCast->getLParenLoc(), CCast->getRParenLoc());
8451 Hints.push_back(Elt: FixItHint::CreateReplacement(RemoveRange: CastRange, Code: CastFix.str()));
8452
8453 } else if (!requiresParensToAddCast(E) && !S.LangOpts.CPlusPlus) {
8454 // If the expression has high enough precedence,
8455 // just write the C-style cast.
8456 Hints.push_back(
8457 Elt: FixItHint::CreateInsertion(InsertionLoc: E->getBeginLoc(), Code: CastFix.str()));
8458 } else {
8459 // Otherwise, add parens around the expression as well as the cast.
8460 CastFix << "(";
8461 Hints.push_back(
8462 Elt: FixItHint::CreateInsertion(InsertionLoc: E->getBeginLoc(), Code: CastFix.str()));
8463
8464 // We don't use getLocForEndOfToken because it returns invalid source
8465 // locations for macro expansions (by design).
8466 SourceLocation EndLoc = S.SourceMgr.getSpellingLoc(Loc: E->getEndLoc());
8467 SourceLocation After = EndLoc.getLocWithOffset(
8468 Offset: Lexer::MeasureTokenLength(Loc: EndLoc, SM: S.SourceMgr, LangOpts: S.LangOpts));
8469 Hints.push_back(Elt: FixItHint::CreateInsertion(InsertionLoc: After, Code: ")"));
8470 }
8471
8472 if (ShouldNotPrintDirectly && !IsScopedEnum) {
8473 // The expression has a type that should not be printed directly.
8474 // We extract the name from the typedef because we don't want to show
8475 // the underlying type in the diagnostic.
8476 StringRef Name;
8477 if (const auto *TypedefTy = ExprTy->getAs<TypedefType>())
8478 Name = TypedefTy->getDecl()->getName();
8479 else
8480 Name = CastTyName;
8481 unsigned Diag = Match == ArgType::NoMatchPedantic
8482 ? diag::warn_format_argument_needs_cast_pedantic
8483 : diag::warn_format_argument_needs_cast;
8484 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: Diag) << Name << IntendedTy << IsEnum
8485 << E->getSourceRange(),
8486 Loc: E->getBeginLoc(), /*IsStringLocation=*/false,
8487 StringRange: SpecRange, FixIt: Hints);
8488 } else {
8489 // In this case, the expression could be printed using a different
8490 // specifier, but we've decided that the specifier is probably correct
8491 // and we should cast instead. Just use the normal warning message.
8492
8493 unsigned Diag =
8494 IsScopedEnum
8495 ? diag::warn_format_conversion_argument_type_mismatch_pedantic
8496 : diag::warn_format_conversion_argument_type_mismatch;
8497
8498 EmitFormatDiagnostic(
8499 PDiag: S.PDiag(DiagID: Diag) << AT.getRepresentativeTypeName(C&: S.Context) << ExprTy
8500 << IsEnum << E->getSourceRange(),
8501 Loc: E->getBeginLoc(), /*IsStringLocation*/ false, StringRange: SpecRange, FixIt: Hints);
8502 }
8503 }
8504 } else {
8505 const CharSourceRange &CSR = getSpecifierRange(startSpecifier: StartSpecifier,
8506 specifierLen: SpecifierLen);
8507 // Since the warning for passing non-POD types to variadic functions
8508 // was deferred until now, we emit a warning for non-POD
8509 // arguments here.
8510 bool EmitTypeMismatch = false;
8511 switch (S.isValidVarArgType(Ty: ExprTy)) {
8512 case VarArgKind::Valid:
8513 case VarArgKind::ValidInCXX11: {
8514 unsigned Diag;
8515 switch (Match) {
8516 case ArgType::Match:
8517 case ArgType::MatchPromotion:
8518 case ArgType::NoMatchPromotionTypeConfusion:
8519 case ArgType::NoMatchSignedness:
8520 llvm_unreachable("expected non-matching");
8521 case ArgType::NoMatchPedantic:
8522 Diag = diag::warn_format_conversion_argument_type_mismatch_pedantic;
8523 break;
8524 case ArgType::NoMatchTypeConfusion:
8525 Diag = diag::warn_format_conversion_argument_type_mismatch_confusion;
8526 break;
8527 case ArgType::NoMatch:
8528 Diag = diag::warn_format_conversion_argument_type_mismatch;
8529 break;
8530 }
8531
8532 EmitFormatDiagnostic(
8533 PDiag: S.PDiag(DiagID: Diag) << AT.getRepresentativeTypeName(C&: S.Context) << ExprTy
8534 << IsEnum << CSR << E->getSourceRange(),
8535 Loc: E->getBeginLoc(), /*IsStringLocation*/ false, StringRange: CSR);
8536 break;
8537 }
8538 case VarArgKind::Undefined:
8539 case VarArgKind::MSVCUndefined:
8540 if (CallType == VariadicCallType::DoesNotApply) {
8541 EmitTypeMismatch = true;
8542 } else {
8543 EmitFormatDiagnostic(
8544 PDiag: S.PDiag(DiagID: diag::warn_non_pod_vararg_with_format_string)
8545 << S.getLangOpts().CPlusPlus11 << ExprTy << CallType
8546 << AT.getRepresentativeTypeName(C&: S.Context) << CSR
8547 << E->getSourceRange(),
8548 Loc: E->getBeginLoc(), /*IsStringLocation*/ false, StringRange: CSR);
8549 checkForCStrMembers(AT, E);
8550 }
8551 break;
8552
8553 case VarArgKind::Invalid:
8554 if (CallType == VariadicCallType::DoesNotApply)
8555 EmitTypeMismatch = true;
8556 else if (ExprTy->isObjCObjectType())
8557 EmitFormatDiagnostic(
8558 PDiag: S.PDiag(DiagID: diag::err_cannot_pass_objc_interface_to_vararg_format)
8559 << S.getLangOpts().CPlusPlus11 << ExprTy << CallType
8560 << AT.getRepresentativeTypeName(C&: S.Context) << CSR
8561 << E->getSourceRange(),
8562 Loc: E->getBeginLoc(), /*IsStringLocation*/ false, StringRange: CSR);
8563 else
8564 // FIXME: If this is an initializer list, suggest removing the braces
8565 // or inserting a cast to the target type.
8566 S.Diag(Loc: E->getBeginLoc(), DiagID: diag::err_cannot_pass_to_vararg_format)
8567 << isa<InitListExpr>(Val: E) << ExprTy << CallType
8568 << AT.getRepresentativeTypeName(C&: S.Context) << E->getSourceRange();
8569 break;
8570 }
8571
8572 if (EmitTypeMismatch) {
8573 // The function is not variadic, so we do not generate warnings about
8574 // being allowed to pass that object as a variadic argument. Instead,
8575 // since there are inherently no printf specifiers for types which cannot
8576 // be passed as variadic arguments, emit a plain old specifier mismatch
8577 // argument.
8578 EmitFormatDiagnostic(
8579 PDiag: S.PDiag(DiagID: diag::warn_format_conversion_argument_type_mismatch)
8580 << AT.getRepresentativeTypeName(C&: S.Context) << ExprTy << false
8581 << E->getSourceRange(),
8582 Loc: E->getBeginLoc(), IsStringLocation: false, StringRange: CSR);
8583 }
8584
8585 assert(FirstDataArg + FS.getArgIndex() < CheckedVarArgs.size() &&
8586 "format string specifier index out of range");
8587 CheckedVarArgs[FirstDataArg + FS.getArgIndex()] = true;
8588 }
8589
8590 return true;
8591}
8592
8593//===--- CHECK: Scanf format string checking ------------------------------===//
8594
8595namespace {
8596
8597class CheckScanfHandler : public CheckFormatHandler {
8598public:
8599 CheckScanfHandler(Sema &s, const FormatStringLiteral *fexpr,
8600 const Expr *origFormatExpr, FormatStringType type,
8601 unsigned firstDataArg, unsigned numDataArgs,
8602 const char *beg, Sema::FormatArgumentPassingKind APK,
8603 ArrayRef<const Expr *> Args, unsigned formatIdx,
8604 bool inFunctionCall, VariadicCallType CallType,
8605 llvm::SmallBitVector &CheckedVarArgs,
8606 UncoveredArgHandler &UncoveredArg)
8607 : CheckFormatHandler(s, fexpr, origFormatExpr, type, firstDataArg,
8608 numDataArgs, beg, APK, Args, formatIdx,
8609 inFunctionCall, CallType, CheckedVarArgs,
8610 UncoveredArg) {}
8611
8612 bool HandleScanfSpecifier(const analyze_scanf::ScanfSpecifier &FS,
8613 const char *startSpecifier,
8614 unsigned specifierLen) override;
8615
8616 bool HandleInvalidScanfConversionSpecifier(
8617 const analyze_scanf::ScanfSpecifier &FS,
8618 const char *startSpecifier,
8619 unsigned specifierLen) override;
8620
8621 void HandleIncompleteScanList(const char *start, const char *end) override;
8622};
8623
8624} // namespace
8625
8626void CheckScanfHandler::HandleIncompleteScanList(const char *start,
8627 const char *end) {
8628 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_scanf_scanlist_incomplete),
8629 Loc: getLocationOfByte(x: end), /*IsStringLocation*/true,
8630 StringRange: getSpecifierRange(startSpecifier: start, specifierLen: end - start));
8631}
8632
8633bool CheckScanfHandler::HandleInvalidScanfConversionSpecifier(
8634 const analyze_scanf::ScanfSpecifier &FS,
8635 const char *startSpecifier,
8636 unsigned specifierLen) {
8637 const analyze_scanf::ScanfConversionSpecifier &CS =
8638 FS.getConversionSpecifier();
8639
8640 return HandleInvalidConversionSpecifier(argIndex: FS.getArgIndex(),
8641 Loc: getLocationOfByte(x: CS.getStart()),
8642 startSpec: startSpecifier, specifierLen,
8643 csStart: CS.getStart(), csLen: CS.getLength());
8644}
8645
8646bool CheckScanfHandler::HandleScanfSpecifier(
8647 const analyze_scanf::ScanfSpecifier &FS,
8648 const char *startSpecifier,
8649 unsigned specifierLen) {
8650 using namespace analyze_scanf;
8651 using namespace analyze_format_string;
8652
8653 const ScanfConversionSpecifier &CS = FS.getConversionSpecifier();
8654
8655 // Handle case where '%' and '*' don't consume an argument. These shouldn't
8656 // be used to decide if we are using positional arguments consistently.
8657 if (FS.consumesDataArgument()) {
8658 if (atFirstArg) {
8659 atFirstArg = false;
8660 usesPositionalArgs = FS.usesPositionalArg();
8661 }
8662 else if (usesPositionalArgs != FS.usesPositionalArg()) {
8663 HandlePositionalNonpositionalArgs(Loc: getLocationOfByte(x: CS.getStart()),
8664 startSpec: startSpecifier, specifierLen);
8665 return false;
8666 }
8667 }
8668
8669 // Check if the field with is non-zero.
8670 const OptionalAmount &Amt = FS.getFieldWidth();
8671 if (Amt.getHowSpecified() == OptionalAmount::Constant) {
8672 if (Amt.getConstantAmount() == 0) {
8673 const CharSourceRange &R = getSpecifierRange(startSpecifier: Amt.getStart(),
8674 specifierLen: Amt.getConstantLength());
8675 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: diag::warn_scanf_nonzero_width),
8676 Loc: getLocationOfByte(x: Amt.getStart()),
8677 /*IsStringLocation*/true, StringRange: R,
8678 FixIt: FixItHint::CreateRemoval(RemoveRange: R));
8679 }
8680 }
8681
8682 if (!FS.consumesDataArgument()) {
8683 // FIXME: Technically specifying a precision or field width here
8684 // makes no sense. Worth issuing a warning at some point.
8685 return true;
8686 }
8687
8688 // Consume the argument.
8689 unsigned argIndex = FS.getArgIndex();
8690 if (argIndex < NumDataArgs) {
8691 // The check to see if the argIndex is valid will come later.
8692 // We set the bit here because we may exit early from this
8693 // function if we encounter some other error.
8694 CoveredArgs.set(argIndex);
8695 }
8696
8697 // Check the length modifier is valid with the given conversion specifier.
8698 if (!FS.hasValidLengthModifier(Target: S.getASTContext().getTargetInfo(),
8699 LO: S.getLangOpts()))
8700 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen,
8701 DiagID: diag::warn_format_nonsensical_length);
8702 else if (!FS.hasStandardLengthModifier())
8703 HandleNonStandardLengthModifier(FS, startSpecifier, specifierLen);
8704 else if (!FS.hasStandardLengthConversionCombination())
8705 HandleInvalidLengthModifier(FS, CS, startSpecifier, specifierLen,
8706 DiagID: diag::warn_format_non_standard_conversion_spec);
8707
8708 if (!FS.hasStandardConversionSpecifier(LangOpt: S.getLangOpts()))
8709 HandleNonStandardConversionSpecifier(CS, startSpecifier, specifierLen);
8710
8711 // The remaining checks depend on the data arguments.
8712 if (!HasFormatArguments())
8713 return true;
8714
8715 if (!CheckNumArgs(FS, CS, startSpecifier, specifierLen, argIndex))
8716 return false;
8717
8718 // Check that the argument type matches the format specifier.
8719 const Expr *Ex = getDataArg(i: argIndex);
8720 if (!Ex)
8721 return true;
8722
8723 const analyze_format_string::ArgType &AT = FS.getArgType(Ctx&: S.Context);
8724
8725 if (!AT.isValid()) {
8726 return true;
8727 }
8728
8729 analyze_format_string::ArgType::MatchKind Match =
8730 AT.matchesType(C&: S.Context, argTy: Ex->getType());
8731 Match = handleFormatSignedness(Match, Diags&: S.getDiagnostics(), Loc: Ex->getExprLoc());
8732 bool Pedantic = Match == analyze_format_string::ArgType::NoMatchPedantic;
8733 if (Match == analyze_format_string::ArgType::Match)
8734 return true;
8735
8736 ScanfSpecifier fixedFS = FS;
8737 bool Success = fixedFS.fixType(QT: Ex->getType(), RawQT: Ex->IgnoreImpCasts()->getType(),
8738 LangOpt: S.getLangOpts(), Ctx&: S.Context);
8739
8740 unsigned Diag =
8741 Pedantic ? diag::warn_format_conversion_argument_type_mismatch_pedantic
8742 : diag::warn_format_conversion_argument_type_mismatch;
8743
8744 if (Success) {
8745 // Get the fix string from the fixed format specifier.
8746 SmallString<128> buf;
8747 llvm::raw_svector_ostream os(buf);
8748 fixedFS.toString(os);
8749
8750 EmitFormatDiagnostic(
8751 PDiag: S.PDiag(DiagID: Diag) << AT.getRepresentativeTypeName(C&: S.Context)
8752 << Ex->getType() << false << Ex->getSourceRange(),
8753 Loc: Ex->getBeginLoc(),
8754 /*IsStringLocation*/ false,
8755 StringRange: getSpecifierRange(startSpecifier, specifierLen),
8756 FixIt: FixItHint::CreateReplacement(
8757 RemoveRange: getSpecifierRange(startSpecifier, specifierLen), Code: os.str()));
8758 } else {
8759 EmitFormatDiagnostic(PDiag: S.PDiag(DiagID: Diag)
8760 << AT.getRepresentativeTypeName(C&: S.Context)
8761 << Ex->getType() << false << Ex->getSourceRange(),
8762 Loc: Ex->getBeginLoc(),
8763 /*IsStringLocation*/ false,
8764 StringRange: getSpecifierRange(startSpecifier, specifierLen));
8765 }
8766
8767 return true;
8768}
8769
8770static bool CompareFormatSpecifiers(Sema &S, const StringLiteral *Ref,
8771 ArrayRef<EquatableFormatArgument> RefArgs,
8772 const StringLiteral *Fmt,
8773 ArrayRef<EquatableFormatArgument> FmtArgs,
8774 const Expr *FmtExpr, bool InFunctionCall) {
8775 bool HadError = false;
8776 auto FmtIter = FmtArgs.begin(), FmtEnd = FmtArgs.end();
8777 auto RefIter = RefArgs.begin(), RefEnd = RefArgs.end();
8778 while (FmtIter < FmtEnd && RefIter < RefEnd) {
8779 // In positional-style format strings, the same specifier can appear
8780 // multiple times (like %2$i %2$d). Specifiers in both RefArgs and FmtArgs
8781 // are sorted by getPosition(), and we process each range of equal
8782 // getPosition() values as one group.
8783 // RefArgs are taken from a string literal that was given to
8784 // attribute(format_matches), and if we got this far, we have already
8785 // verified that if it has positional specifiers that appear in multiple
8786 // locations, then they are all mutually compatible. What's left for us to
8787 // do is verify that all specifiers with the same position in FmtArgs are
8788 // compatible with the RefArgs specifiers. We check each specifier from
8789 // FmtArgs against the first member of the RefArgs group.
8790 for (; FmtIter < FmtEnd; ++FmtIter) {
8791 // Clang does not diagnose missing format specifiers in positional-style
8792 // strings (TODO: which it probably should do, as it is UB to skip over a
8793 // format argument). Skip specifiers if needed.
8794 if (FmtIter->getPosition() < RefIter->getPosition())
8795 continue;
8796
8797 // Delimits a new getPosition() value.
8798 if (FmtIter->getPosition() > RefIter->getPosition())
8799 break;
8800
8801 HadError |=
8802 !FmtIter->VerifyCompatible(S, Other: *RefIter, FmtExpr, InFunctionCall);
8803 }
8804
8805 // Jump RefIter to the start of the next group.
8806 RefIter = std::find_if(first: RefIter + 1, last: RefEnd, pred: [=](const auto &Arg) {
8807 return Arg.getPosition() != RefIter->getPosition();
8808 });
8809 }
8810
8811 if (FmtIter < FmtEnd) {
8812 CheckFormatHandler::EmitFormatDiagnostic(
8813 S, InFunctionCall, ArgumentExpr: FmtExpr,
8814 PDiag: S.PDiag(DiagID: diag::warn_format_cmp_specifier_arity) << 1,
8815 Loc: FmtExpr->getBeginLoc(), IsStringLocation: false, StringRange: FmtIter->getSourceRange());
8816 HadError = S.Diag(Loc: Ref->getBeginLoc(), DiagID: diag::note_format_cmp_with) << 1;
8817 } else if (RefIter < RefEnd) {
8818 CheckFormatHandler::EmitFormatDiagnostic(
8819 S, InFunctionCall, ArgumentExpr: FmtExpr,
8820 PDiag: S.PDiag(DiagID: diag::warn_format_cmp_specifier_arity) << 0,
8821 Loc: FmtExpr->getBeginLoc(), IsStringLocation: false, StringRange: Fmt->getSourceRange());
8822 HadError = S.Diag(Loc: Ref->getBeginLoc(), DiagID: diag::note_format_cmp_with)
8823 << 1 << RefIter->getSourceRange();
8824 }
8825 return !HadError;
8826}
8827
8828static void CheckFormatString(
8829 Sema &S, const FormatStringLiteral *FExpr,
8830 const StringLiteral *ReferenceFormatString, const Expr *OrigFormatExpr,
8831 ArrayRef<const Expr *> Args, Sema::FormatArgumentPassingKind APK,
8832 unsigned format_idx, unsigned firstDataArg, FormatStringType Type,
8833 bool inFunctionCall, VariadicCallType CallType,
8834 llvm::SmallBitVector &CheckedVarArgs, UncoveredArgHandler &UncoveredArg,
8835 bool IgnoreStringsWithoutSpecifiers) {
8836 // CHECK: is the format string a wide literal?
8837 if (!FExpr->isAscii() && !FExpr->isUTF8()) {
8838 CheckFormatHandler::EmitFormatDiagnostic(
8839 S, InFunctionCall: inFunctionCall, ArgumentExpr: Args[format_idx],
8840 PDiag: S.PDiag(DiagID: diag::warn_format_string_is_wide_literal), Loc: FExpr->getBeginLoc(),
8841 /*IsStringLocation*/ true, StringRange: OrigFormatExpr->getSourceRange());
8842 return;
8843 }
8844
8845 // Str - The format string. NOTE: this is NOT null-terminated!
8846 StringRef StrRef = FExpr->getString();
8847 const char *Str = StrRef.data();
8848 // Account for cases where the string literal is truncated in a declaration.
8849 const ConstantArrayType *T =
8850 S.Context.getAsConstantArrayType(T: FExpr->getType());
8851 assert(T && "String literal not of constant array type!");
8852 size_t TypeSize = T->getZExtSize();
8853 size_t StrLen = std::min(a: std::max(a: TypeSize, b: size_t(1)) - 1, b: StrRef.size());
8854 const unsigned numDataArgs = Args.size() - firstDataArg;
8855
8856 if (IgnoreStringsWithoutSpecifiers &&
8857 !analyze_format_string::parseFormatStringHasFormattingSpecifiers(
8858 Begin: Str, End: Str + StrLen, LO: S.getLangOpts(), Target: S.Context.getTargetInfo()))
8859 return;
8860
8861 // Emit a warning if the string literal is truncated and does not contain an
8862 // embedded null character.
8863 if (TypeSize <= StrRef.size() && !StrRef.substr(Start: 0, N: TypeSize).contains(C: '\0')) {
8864 CheckFormatHandler::EmitFormatDiagnostic(
8865 S, InFunctionCall: inFunctionCall, ArgumentExpr: Args[format_idx],
8866 PDiag: S.PDiag(DiagID: diag::warn_printf_format_string_not_null_terminated),
8867 Loc: FExpr->getBeginLoc(),
8868 /*IsStringLocation=*/true, StringRange: OrigFormatExpr->getSourceRange());
8869 return;
8870 }
8871
8872 // CHECK: empty format string?
8873 if (StrLen == 0 && numDataArgs > 0) {
8874 CheckFormatHandler::EmitFormatDiagnostic(
8875 S, InFunctionCall: inFunctionCall, ArgumentExpr: Args[format_idx],
8876 PDiag: S.PDiag(DiagID: diag::warn_empty_format_string), Loc: FExpr->getBeginLoc(),
8877 /*IsStringLocation*/ true, StringRange: OrigFormatExpr->getSourceRange());
8878 return;
8879 }
8880
8881 if (Type == FormatStringType::Printf || Type == FormatStringType::NSString ||
8882 Type == FormatStringType::Kprintf ||
8883 Type == FormatStringType::FreeBSDKPrintf ||
8884 Type == FormatStringType::OSLog || Type == FormatStringType::OSTrace ||
8885 Type == FormatStringType::Syslog) {
8886 bool IsObjC =
8887 Type == FormatStringType::NSString || Type == FormatStringType::OSTrace;
8888 if (ReferenceFormatString == nullptr) {
8889 CheckPrintfHandler H(S, FExpr, OrigFormatExpr, Type, firstDataArg,
8890 numDataArgs, IsObjC, Str, APK, Args, format_idx,
8891 inFunctionCall, CallType, CheckedVarArgs,
8892 UncoveredArg);
8893
8894 if (!analyze_format_string::ParsePrintfString(
8895 H, beg: Str, end: Str + StrLen, LO: S.getLangOpts(), Target: S.Context.getTargetInfo(),
8896 isFreeBSDKPrintf: Type == FormatStringType::Kprintf ||
8897 Type == FormatStringType::FreeBSDKPrintf))
8898 H.DoneProcessing();
8899 } else {
8900 S.CheckFormatStringsCompatible(
8901 FST: Type, AuthoritativeFormatString: ReferenceFormatString, TestedFormatString: FExpr->getFormatString(),
8902 FunctionCallArg: inFunctionCall ? nullptr : Args[format_idx]);
8903 }
8904 } else if (Type == FormatStringType::Scanf) {
8905 CheckScanfHandler H(S, FExpr, OrigFormatExpr, Type, firstDataArg,
8906 numDataArgs, Str, APK, Args, format_idx, inFunctionCall,
8907 CallType, CheckedVarArgs, UncoveredArg);
8908
8909 if (!analyze_format_string::ParseScanfString(
8910 H, beg: Str, end: Str + StrLen, LO: S.getLangOpts(), Target: S.Context.getTargetInfo()))
8911 H.DoneProcessing();
8912 } // TODO: handle other formats
8913}
8914
8915bool Sema::CheckFormatStringsCompatible(
8916 FormatStringType Type, const StringLiteral *AuthoritativeFormatString,
8917 const StringLiteral *TestedFormatString, const Expr *FunctionCallArg) {
8918 if (Type != FormatStringType::Printf && Type != FormatStringType::NSString &&
8919 Type != FormatStringType::Kprintf &&
8920 Type != FormatStringType::FreeBSDKPrintf &&
8921 Type != FormatStringType::OSLog && Type != FormatStringType::OSTrace &&
8922 Type != FormatStringType::Syslog)
8923 return true;
8924
8925 bool IsObjC =
8926 Type == FormatStringType::NSString || Type == FormatStringType::OSTrace;
8927 llvm::SmallVector<EquatableFormatArgument, 9> RefArgs, FmtArgs;
8928 FormatStringLiteral RefLit = AuthoritativeFormatString;
8929 FormatStringLiteral TestLit = TestedFormatString;
8930 const Expr *Arg;
8931 bool DiagAtStringLiteral;
8932 if (FunctionCallArg) {
8933 Arg = FunctionCallArg;
8934 DiagAtStringLiteral = false;
8935 } else {
8936 Arg = TestedFormatString;
8937 DiagAtStringLiteral = true;
8938 }
8939 if (DecomposePrintfHandler::GetSpecifiers(S&: *this, FSL: &RefLit,
8940 FmtExpr: AuthoritativeFormatString, Type,
8941 IsObjC, InFunctionCall: true, Args&: RefArgs) &&
8942 DecomposePrintfHandler::GetSpecifiers(S&: *this, FSL: &TestLit, FmtExpr: Arg, Type, IsObjC,
8943 InFunctionCall: DiagAtStringLiteral, Args&: FmtArgs)) {
8944 return CompareFormatSpecifiers(S&: *this, Ref: AuthoritativeFormatString, RefArgs,
8945 Fmt: TestedFormatString, FmtArgs, FmtExpr: Arg,
8946 InFunctionCall: DiagAtStringLiteral);
8947 }
8948 return false;
8949}
8950
8951bool Sema::ValidateFormatString(FormatStringType Type,
8952 const StringLiteral *Str) {
8953 if (Type != FormatStringType::Printf && Type != FormatStringType::NSString &&
8954 Type != FormatStringType::Kprintf &&
8955 Type != FormatStringType::FreeBSDKPrintf &&
8956 Type != FormatStringType::OSLog && Type != FormatStringType::OSTrace &&
8957 Type != FormatStringType::Syslog)
8958 return true;
8959
8960 FormatStringLiteral RefLit = Str;
8961 llvm::SmallVector<EquatableFormatArgument, 9> Args;
8962 bool IsObjC =
8963 Type == FormatStringType::NSString || Type == FormatStringType::OSTrace;
8964 if (!DecomposePrintfHandler::GetSpecifiers(S&: *this, FSL: &RefLit, FmtExpr: Str, Type, IsObjC,
8965 InFunctionCall: true, Args))
8966 return false;
8967
8968 // Group arguments by getPosition() value, and check that each member of the
8969 // group is compatible with the first member. This verifies that when
8970 // positional arguments are used multiple times (such as %2$i %2$d), all uses
8971 // are mutually compatible. As an optimization, don't test the first member
8972 // against itself.
8973 bool HadError = false;
8974 auto Iter = Args.begin();
8975 auto End = Args.end();
8976 while (Iter != End) {
8977 const auto &FirstInGroup = *Iter;
8978 for (++Iter;
8979 Iter != End && Iter->getPosition() == FirstInGroup.getPosition();
8980 ++Iter) {
8981 HadError |= !Iter->VerifyCompatible(S&: *this, Other: FirstInGroup, FmtExpr: Str, InFunctionCall: true);
8982 }
8983 }
8984 return !HadError;
8985}
8986
8987bool Sema::FormatStringHasSArg(const StringLiteral *FExpr) {
8988 // Str - The format string. NOTE: this is NOT null-terminated!
8989 StringRef StrRef = FExpr->getString();
8990 const char *Str = StrRef.data();
8991 // Account for cases where the string literal is truncated in a declaration.
8992 const ConstantArrayType *T = Context.getAsConstantArrayType(T: FExpr->getType());
8993 assert(T && "String literal not of constant array type!");
8994 size_t TypeSize = T->getZExtSize();
8995 size_t StrLen = std::min(a: std::max(a: TypeSize, b: size_t(1)) - 1, b: StrRef.size());
8996 return analyze_format_string::ParseFormatStringHasSArg(beg: Str, end: Str + StrLen,
8997 LO: getLangOpts(),
8998 Target: Context.getTargetInfo());
8999}
9000
9001//===--- CHECK: Warn on use of wrong absolute value function. -------------===//
9002
9003// Returns the related absolute value function that is larger, of 0 if one
9004// does not exist.
9005static unsigned getLargerAbsoluteValueFunction(unsigned AbsFunction) {
9006 switch (AbsFunction) {
9007 default:
9008 return 0;
9009
9010 case Builtin::BI__builtin_abs:
9011 return Builtin::BI__builtin_labs;
9012 case Builtin::BI__builtin_labs:
9013 return Builtin::BI__builtin_llabs;
9014 case Builtin::BI__builtin_llabs:
9015 return 0;
9016
9017 case Builtin::BI__builtin_fabsf:
9018 return Builtin::BI__builtin_fabs;
9019 case Builtin::BI__builtin_fabs:
9020 return Builtin::BI__builtin_fabsl;
9021 case Builtin::BI__builtin_fabsl:
9022 return 0;
9023
9024 case Builtin::BI__builtin_cabsf:
9025 return Builtin::BI__builtin_cabs;
9026 case Builtin::BI__builtin_cabs:
9027 return Builtin::BI__builtin_cabsl;
9028 case Builtin::BI__builtin_cabsl:
9029 return 0;
9030
9031 case Builtin::BIabs:
9032 return Builtin::BIlabs;
9033 case Builtin::BIlabs:
9034 return Builtin::BIllabs;
9035 case Builtin::BIllabs:
9036 return 0;
9037
9038 case Builtin::BIfabsf:
9039 return Builtin::BIfabs;
9040 case Builtin::BIfabs:
9041 return Builtin::BIfabsl;
9042 case Builtin::BIfabsl:
9043 return 0;
9044
9045 case Builtin::BIcabsf:
9046 return Builtin::BIcabs;
9047 case Builtin::BIcabs:
9048 return Builtin::BIcabsl;
9049 case Builtin::BIcabsl:
9050 return 0;
9051 }
9052}
9053
9054// Returns the argument type of the absolute value function.
9055static QualType getAbsoluteValueArgumentType(ASTContext &Context,
9056 unsigned AbsType) {
9057 if (AbsType == 0)
9058 return QualType();
9059
9060 ASTContext::GetBuiltinTypeError Error = ASTContext::GE_None;
9061 QualType BuiltinType = Context.GetBuiltinType(ID: AbsType, Error);
9062 if (Error != ASTContext::GE_None)
9063 return QualType();
9064
9065 const FunctionProtoType *FT = BuiltinType->getAs<FunctionProtoType>();
9066 if (!FT)
9067 return QualType();
9068
9069 if (FT->getNumParams() != 1)
9070 return QualType();
9071
9072 return FT->getParamType(i: 0);
9073}
9074
9075// Returns the best absolute value function, or zero, based on type and
9076// current absolute value function.
9077static unsigned getBestAbsFunction(ASTContext &Context, QualType ArgType,
9078 unsigned AbsFunctionKind) {
9079 unsigned BestKind = 0;
9080 uint64_t ArgSize = Context.getTypeSize(T: ArgType);
9081 for (unsigned Kind = AbsFunctionKind; Kind != 0;
9082 Kind = getLargerAbsoluteValueFunction(AbsFunction: Kind)) {
9083 QualType ParamType = getAbsoluteValueArgumentType(Context, AbsType: Kind);
9084 if (Context.getTypeSize(T: ParamType) >= ArgSize) {
9085 if (BestKind == 0)
9086 BestKind = Kind;
9087 else if (Context.hasSameType(T1: ParamType, T2: ArgType)) {
9088 BestKind = Kind;
9089 break;
9090 }
9091 }
9092 }
9093 return BestKind;
9094}
9095
9096enum AbsoluteValueKind {
9097 AVK_Integer,
9098 AVK_Floating,
9099 AVK_Complex
9100};
9101
9102static AbsoluteValueKind getAbsoluteValueKind(QualType T) {
9103 if (T->isIntegralOrEnumerationType())
9104 return AVK_Integer;
9105 if (T->isRealFloatingType())
9106 return AVK_Floating;
9107 if (T->isAnyComplexType())
9108 return AVK_Complex;
9109
9110 llvm_unreachable("Type not integer, floating, or complex");
9111}
9112
9113// Changes the absolute value function to a different type. Preserves whether
9114// the function is a builtin.
9115static unsigned changeAbsFunction(unsigned AbsKind,
9116 AbsoluteValueKind ValueKind) {
9117 switch (ValueKind) {
9118 case AVK_Integer:
9119 switch (AbsKind) {
9120 default:
9121 return 0;
9122 case Builtin::BI__builtin_fabsf:
9123 case Builtin::BI__builtin_fabs:
9124 case Builtin::BI__builtin_fabsl:
9125 case Builtin::BI__builtin_cabsf:
9126 case Builtin::BI__builtin_cabs:
9127 case Builtin::BI__builtin_cabsl:
9128 return Builtin::BI__builtin_abs;
9129 case Builtin::BIfabsf:
9130 case Builtin::BIfabs:
9131 case Builtin::BIfabsl:
9132 case Builtin::BIcabsf:
9133 case Builtin::BIcabs:
9134 case Builtin::BIcabsl:
9135 return Builtin::BIabs;
9136 }
9137 case AVK_Floating:
9138 switch (AbsKind) {
9139 default:
9140 return 0;
9141 case Builtin::BI__builtin_abs:
9142 case Builtin::BI__builtin_labs:
9143 case Builtin::BI__builtin_llabs:
9144 case Builtin::BI__builtin_cabsf:
9145 case Builtin::BI__builtin_cabs:
9146 case Builtin::BI__builtin_cabsl:
9147 return Builtin::BI__builtin_fabsf;
9148 case Builtin::BIabs:
9149 case Builtin::BIlabs:
9150 case Builtin::BIllabs:
9151 case Builtin::BIcabsf:
9152 case Builtin::BIcabs:
9153 case Builtin::BIcabsl:
9154 return Builtin::BIfabsf;
9155 }
9156 case AVK_Complex:
9157 switch (AbsKind) {
9158 default:
9159 return 0;
9160 case Builtin::BI__builtin_abs:
9161 case Builtin::BI__builtin_labs:
9162 case Builtin::BI__builtin_llabs:
9163 case Builtin::BI__builtin_fabsf:
9164 case Builtin::BI__builtin_fabs:
9165 case Builtin::BI__builtin_fabsl:
9166 return Builtin::BI__builtin_cabsf;
9167 case Builtin::BIabs:
9168 case Builtin::BIlabs:
9169 case Builtin::BIllabs:
9170 case Builtin::BIfabsf:
9171 case Builtin::BIfabs:
9172 case Builtin::BIfabsl:
9173 return Builtin::BIcabsf;
9174 }
9175 }
9176 llvm_unreachable("Unable to convert function");
9177}
9178
9179static unsigned getAbsoluteValueFunctionKind(const FunctionDecl *FDecl) {
9180 const IdentifierInfo *FnInfo = FDecl->getIdentifier();
9181 if (!FnInfo)
9182 return 0;
9183
9184 switch (FDecl->getBuiltinID()) {
9185 default:
9186 return 0;
9187 case Builtin::BI__builtin_abs:
9188 case Builtin::BI__builtin_fabs:
9189 case Builtin::BI__builtin_fabsf:
9190 case Builtin::BI__builtin_fabsl:
9191 case Builtin::BI__builtin_labs:
9192 case Builtin::BI__builtin_llabs:
9193 case Builtin::BI__builtin_cabs:
9194 case Builtin::BI__builtin_cabsf:
9195 case Builtin::BI__builtin_cabsl:
9196 case Builtin::BIabs:
9197 case Builtin::BIlabs:
9198 case Builtin::BIllabs:
9199 case Builtin::BIfabs:
9200 case Builtin::BIfabsf:
9201 case Builtin::BIfabsl:
9202 case Builtin::BIcabs:
9203 case Builtin::BIcabsf:
9204 case Builtin::BIcabsl:
9205 return FDecl->getBuiltinID();
9206 }
9207 llvm_unreachable("Unknown Builtin type");
9208}
9209
9210// If the replacement is valid, emit a note with replacement function.
9211// Additionally, suggest including the proper header if not already included.
9212static void emitReplacement(Sema &S, SourceLocation Loc, SourceRange Range,
9213 unsigned AbsKind, QualType ArgType) {
9214 bool EmitHeaderHint = true;
9215 const char *HeaderName = nullptr;
9216 std::string FunctionName;
9217 if (S.getLangOpts().CPlusPlus && !ArgType->isAnyComplexType()) {
9218 FunctionName = "std::abs";
9219 if (ArgType->isIntegralOrEnumerationType()) {
9220 HeaderName = "cstdlib";
9221 } else if (ArgType->isRealFloatingType()) {
9222 HeaderName = "cmath";
9223 } else {
9224 llvm_unreachable("Invalid Type");
9225 }
9226
9227 // Lookup all std::abs
9228 if (NamespaceDecl *Std = S.getStdNamespace()) {
9229 LookupResult R(S, &S.Context.Idents.get(Name: "abs"), Loc, Sema::LookupAnyName);
9230 R.suppressDiagnostics();
9231 S.LookupQualifiedName(R, LookupCtx: Std);
9232
9233 for (const auto *I : R) {
9234 const FunctionDecl *FDecl = nullptr;
9235 if (const UsingShadowDecl *UsingD = dyn_cast<UsingShadowDecl>(Val: I)) {
9236 FDecl = dyn_cast<FunctionDecl>(Val: UsingD->getTargetDecl());
9237 } else {
9238 FDecl = dyn_cast<FunctionDecl>(Val: I);
9239 }
9240 if (!FDecl)
9241 continue;
9242
9243 // Found std::abs(), check that they are the right ones.
9244 if (FDecl->getNumParams() != 1)
9245 continue;
9246
9247 // Check that the parameter type can handle the argument.
9248 QualType ParamType = FDecl->getParamDecl(i: 0)->getType();
9249 if (getAbsoluteValueKind(T: ArgType) == getAbsoluteValueKind(T: ParamType) &&
9250 S.Context.getTypeSize(T: ArgType) <=
9251 S.Context.getTypeSize(T: ParamType)) {
9252 // Found a function, don't need the header hint.
9253 EmitHeaderHint = false;
9254 break;
9255 }
9256 }
9257 }
9258 } else {
9259 FunctionName = S.Context.BuiltinInfo.getName(ID: AbsKind);
9260 HeaderName = S.Context.BuiltinInfo.getHeaderName(ID: AbsKind);
9261
9262 if (HeaderName) {
9263 DeclarationName DN(&S.Context.Idents.get(Name: FunctionName));
9264 LookupResult R(S, DN, Loc, Sema::LookupAnyName);
9265 R.suppressDiagnostics();
9266 S.LookupName(R, S: S.getCurScope());
9267
9268 if (R.isSingleResult()) {
9269 FunctionDecl *FD = dyn_cast<FunctionDecl>(Val: R.getFoundDecl());
9270 if (FD && FD->getBuiltinID() == AbsKind) {
9271 EmitHeaderHint = false;
9272 } else {
9273 return;
9274 }
9275 } else if (!R.empty()) {
9276 return;
9277 }
9278 }
9279 }
9280
9281 S.Diag(Loc, DiagID: diag::note_replace_abs_function)
9282 << FunctionName << FixItHint::CreateReplacement(RemoveRange: Range, Code: FunctionName);
9283
9284 if (!HeaderName)
9285 return;
9286
9287 if (!EmitHeaderHint)
9288 return;
9289
9290 S.Diag(Loc, DiagID: diag::note_include_header_or_declare) << HeaderName
9291 << FunctionName;
9292}
9293
9294template <std::size_t StrLen>
9295static bool IsStdFunction(const FunctionDecl *FDecl,
9296 const char (&Str)[StrLen]) {
9297 if (!FDecl)
9298 return false;
9299 if (!FDecl->getIdentifier() || !FDecl->getIdentifier()->isStr(Str))
9300 return false;
9301 if (!FDecl->isInStdNamespace())
9302 return false;
9303
9304 return true;
9305}
9306
9307enum class MathCheck { NaN, Inf };
9308static bool IsInfOrNanFunction(StringRef calleeName, MathCheck Check) {
9309 auto MatchesAny = [&](std::initializer_list<llvm::StringRef> names) {
9310 return llvm::is_contained(Set: names, Element: calleeName);
9311 };
9312
9313 switch (Check) {
9314 case MathCheck::NaN:
9315 return MatchesAny({"__builtin_nan", "__builtin_nanf", "__builtin_nanl",
9316 "__builtin_nanf16", "__builtin_nanf128"});
9317 case MathCheck::Inf:
9318 return MatchesAny({"__builtin_inf", "__builtin_inff", "__builtin_infl",
9319 "__builtin_inff16", "__builtin_inff128"});
9320 }
9321 llvm_unreachable("unknown MathCheck");
9322}
9323
9324static bool IsInfinityFunction(const FunctionDecl *FDecl) {
9325 if (FDecl->getName() != "infinity")
9326 return false;
9327
9328 if (const CXXMethodDecl *MDecl = dyn_cast<CXXMethodDecl>(Val: FDecl)) {
9329 const CXXRecordDecl *RDecl = MDecl->getParent();
9330 if (RDecl->getName() != "numeric_limits")
9331 return false;
9332
9333 if (const NamespaceDecl *NSDecl =
9334 dyn_cast<NamespaceDecl>(Val: RDecl->getDeclContext()))
9335 return NSDecl->isStdNamespace();
9336 }
9337
9338 return false;
9339}
9340
9341void Sema::CheckInfNaNFunction(const CallExpr *Call,
9342 const FunctionDecl *FDecl) {
9343 if (!FDecl->getIdentifier())
9344 return;
9345
9346 FPOptions FPO = Call->getFPFeaturesInEffect(LO: getLangOpts());
9347 if (FPO.getNoHonorNaNs() &&
9348 (IsStdFunction(FDecl, Str: "isnan") || IsStdFunction(FDecl, Str: "isunordered") ||
9349 IsInfOrNanFunction(calleeName: FDecl->getName(), Check: MathCheck::NaN))) {
9350 Diag(Loc: Call->getBeginLoc(), DiagID: diag::warn_fp_nan_inf_when_disabled)
9351 << 1 << 0 << Call->getSourceRange();
9352 return;
9353 }
9354
9355 if (FPO.getNoHonorInfs() &&
9356 (IsStdFunction(FDecl, Str: "isinf") || IsStdFunction(FDecl, Str: "isfinite") ||
9357 IsInfinityFunction(FDecl) ||
9358 IsInfOrNanFunction(calleeName: FDecl->getName(), Check: MathCheck::Inf))) {
9359 Diag(Loc: Call->getBeginLoc(), DiagID: diag::warn_fp_nan_inf_when_disabled)
9360 << 0 << 0 << Call->getSourceRange();
9361 }
9362}
9363
9364void Sema::CheckAbsoluteValueFunction(const CallExpr *Call,
9365 const FunctionDecl *FDecl) {
9366 if (Call->getNumArgs() != 1)
9367 return;
9368
9369 unsigned AbsKind = getAbsoluteValueFunctionKind(FDecl);
9370 bool IsStdAbs = IsStdFunction(FDecl, Str: "abs");
9371 if (AbsKind == 0 && !IsStdAbs)
9372 return;
9373
9374 QualType ArgType = Call->getArg(Arg: 0)->IgnoreParenImpCasts()->getType();
9375 QualType ParamType = Call->getArg(Arg: 0)->getType();
9376
9377 // Unsigned types cannot be negative. Suggest removing the absolute value
9378 // function call.
9379 if (ArgType->isUnsignedIntegerType()) {
9380 std::string FunctionName =
9381 IsStdAbs ? "std::abs" : Context.BuiltinInfo.getName(ID: AbsKind);
9382 Diag(Loc: Call->getExprLoc(), DiagID: diag::warn_unsigned_abs) << ArgType << ParamType;
9383 Diag(Loc: Call->getExprLoc(), DiagID: diag::note_remove_abs)
9384 << FunctionName
9385 << FixItHint::CreateRemoval(RemoveRange: Call->getCallee()->getSourceRange());
9386 return;
9387 }
9388
9389 // Taking the absolute value of a pointer is very suspicious, they probably
9390 // wanted to index into an array, dereference a pointer, call a function, etc.
9391 if (ArgType->isPointerType() || ArgType->canDecayToPointerType()) {
9392 unsigned DiagType = 0;
9393 if (ArgType->isFunctionType())
9394 DiagType = 1;
9395 else if (ArgType->isArrayType())
9396 DiagType = 2;
9397
9398 Diag(Loc: Call->getExprLoc(), DiagID: diag::warn_pointer_abs) << DiagType << ArgType;
9399 return;
9400 }
9401
9402 // std::abs has overloads which prevent most of the absolute value problems
9403 // from occurring.
9404 if (IsStdAbs)
9405 return;
9406
9407 AbsoluteValueKind ArgValueKind = getAbsoluteValueKind(T: ArgType);
9408 AbsoluteValueKind ParamValueKind = getAbsoluteValueKind(T: ParamType);
9409
9410 // The argument and parameter are the same kind. Check if they are the right
9411 // size.
9412 if (ArgValueKind == ParamValueKind) {
9413 if (Context.getTypeSize(T: ArgType) <= Context.getTypeSize(T: ParamType))
9414 return;
9415
9416 unsigned NewAbsKind = getBestAbsFunction(Context, ArgType, AbsFunctionKind: AbsKind);
9417 Diag(Loc: Call->getExprLoc(), DiagID: diag::warn_abs_too_small)
9418 << FDecl << ArgType << ParamType;
9419
9420 if (NewAbsKind == 0)
9421 return;
9422
9423 emitReplacement(S&: *this, Loc: Call->getExprLoc(),
9424 Range: Call->getCallee()->getSourceRange(), AbsKind: NewAbsKind, ArgType);
9425 return;
9426 }
9427
9428 // ArgValueKind != ParamValueKind
9429 // The wrong type of absolute value function was used. Attempt to find the
9430 // proper one.
9431 unsigned NewAbsKind = changeAbsFunction(AbsKind, ValueKind: ArgValueKind);
9432 NewAbsKind = getBestAbsFunction(Context, ArgType, AbsFunctionKind: NewAbsKind);
9433 if (NewAbsKind == 0)
9434 return;
9435
9436 Diag(Loc: Call->getExprLoc(), DiagID: diag::warn_wrong_absolute_value_type)
9437 << FDecl << ParamValueKind << ArgValueKind;
9438
9439 emitReplacement(S&: *this, Loc: Call->getExprLoc(),
9440 Range: Call->getCallee()->getSourceRange(), AbsKind: NewAbsKind, ArgType);
9441}
9442
9443//===--- CHECK: Warn on use of std::max and unsigned zero. r---------------===//
9444void Sema::CheckMaxUnsignedZero(const CallExpr *Call,
9445 const FunctionDecl *FDecl) {
9446 if (!Call || !FDecl) return;
9447
9448 // Ignore template specializations and macros.
9449 if (inTemplateInstantiation()) return;
9450 if (Call->getExprLoc().isMacroID()) return;
9451
9452 // Only care about the one template argument, two function parameter std::max
9453 if (Call->getNumArgs() != 2) return;
9454 if (!IsStdFunction(FDecl, Str: "max")) return;
9455 const auto * ArgList = FDecl->getTemplateSpecializationArgs();
9456 if (!ArgList) return;
9457 if (ArgList->size() != 1) return;
9458
9459 // Check that template type argument is unsigned integer.
9460 const auto& TA = ArgList->get(Idx: 0);
9461 if (TA.getKind() != TemplateArgument::Type) return;
9462 QualType ArgType = TA.getAsType();
9463 if (!ArgType->isUnsignedIntegerType()) return;
9464
9465 // See if either argument is a literal zero.
9466 auto IsLiteralZeroArg = [](const Expr* E) -> bool {
9467 const auto *MTE = dyn_cast<MaterializeTemporaryExpr>(Val: E);
9468 if (!MTE) return false;
9469 const auto *Num = dyn_cast<IntegerLiteral>(Val: MTE->getSubExpr());
9470 if (!Num) return false;
9471 if (Num->getValue() != 0) return false;
9472 return true;
9473 };
9474
9475 const Expr *FirstArg = Call->getArg(Arg: 0);
9476 const Expr *SecondArg = Call->getArg(Arg: 1);
9477 const bool IsFirstArgZero = IsLiteralZeroArg(FirstArg);
9478 const bool IsSecondArgZero = IsLiteralZeroArg(SecondArg);
9479
9480 // Only warn when exactly one argument is zero.
9481 if (IsFirstArgZero == IsSecondArgZero) return;
9482
9483 SourceRange FirstRange = FirstArg->getSourceRange();
9484 SourceRange SecondRange = SecondArg->getSourceRange();
9485
9486 SourceRange ZeroRange = IsFirstArgZero ? FirstRange : SecondRange;
9487
9488 Diag(Loc: Call->getExprLoc(), DiagID: diag::warn_max_unsigned_zero)
9489 << IsFirstArgZero << Call->getCallee()->getSourceRange() << ZeroRange;
9490
9491 // Deduce what parts to remove so that "std::max(0u, foo)" becomes "(foo)".
9492 SourceRange RemovalRange;
9493 if (IsFirstArgZero) {
9494 RemovalRange = SourceRange(FirstRange.getBegin(),
9495 SecondRange.getBegin().getLocWithOffset(Offset: -1));
9496 } else {
9497 RemovalRange = SourceRange(getLocForEndOfToken(Loc: FirstRange.getEnd()),
9498 SecondRange.getEnd());
9499 }
9500
9501 Diag(Loc: Call->getExprLoc(), DiagID: diag::note_remove_max_call)
9502 << FixItHint::CreateRemoval(RemoveRange: Call->getCallee()->getSourceRange())
9503 << FixItHint::CreateRemoval(RemoveRange: RemovalRange);
9504}
9505
9506//===--- CHECK: Standard memory functions ---------------------------------===//
9507
9508/// Takes the expression passed to the size_t parameter of functions
9509/// such as memcmp, strncat, etc and warns if it's a comparison.
9510///
9511/// This is to catch typos like `if (memcmp(&a, &b, sizeof(a) > 0))`.
9512static bool CheckMemorySizeofForComparison(Sema &S, const Expr *E,
9513 const IdentifierInfo *FnName,
9514 SourceLocation FnLoc,
9515 SourceLocation RParenLoc) {
9516 const auto *Size = dyn_cast<BinaryOperator>(Val: E);
9517 if (!Size)
9518 return false;
9519
9520 // if E is binop and op is <=>, >, <, >=, <=, ==, &&, ||:
9521 if (!Size->isComparisonOp() && !Size->isLogicalOp())
9522 return false;
9523
9524 SourceRange SizeRange = Size->getSourceRange();
9525 S.Diag(Loc: Size->getOperatorLoc(), DiagID: diag::warn_memsize_comparison)
9526 << SizeRange << FnName;
9527 S.Diag(Loc: FnLoc, DiagID: diag::note_memsize_comparison_paren)
9528 << FnName
9529 << FixItHint::CreateInsertion(
9530 InsertionLoc: S.getLocForEndOfToken(Loc: Size->getLHS()->getEndLoc()), Code: ")")
9531 << FixItHint::CreateRemoval(RemoveRange: RParenLoc);
9532 S.Diag(Loc: SizeRange.getBegin(), DiagID: diag::note_memsize_comparison_cast_silence)
9533 << FixItHint::CreateInsertion(InsertionLoc: SizeRange.getBegin(), Code: "(size_t)(")
9534 << FixItHint::CreateInsertion(InsertionLoc: S.getLocForEndOfToken(Loc: SizeRange.getEnd()),
9535 Code: ")");
9536
9537 return true;
9538}
9539
9540/// Determine whether the given type is or contains a dynamic class type
9541/// (e.g., whether it has a vtable).
9542static const CXXRecordDecl *getContainedDynamicClass(QualType T,
9543 bool &IsContained) {
9544 // Look through array types while ignoring qualifiers.
9545 const Type *Ty = T->getBaseElementTypeUnsafe();
9546 IsContained = false;
9547
9548 const CXXRecordDecl *RD = Ty->getAsCXXRecordDecl();
9549 RD = RD ? RD->getDefinition() : nullptr;
9550 if (!RD || RD->isInvalidDecl())
9551 return nullptr;
9552
9553 if (RD->isDynamicClass())
9554 return RD;
9555
9556 // Check all the fields. If any bases were dynamic, the class is dynamic.
9557 // It's impossible for a class to transitively contain itself by value, so
9558 // infinite recursion is impossible.
9559 for (auto *FD : RD->fields()) {
9560 bool SubContained;
9561 if (const CXXRecordDecl *ContainedRD =
9562 getContainedDynamicClass(T: FD->getType(), IsContained&: SubContained)) {
9563 IsContained = true;
9564 return ContainedRD;
9565 }
9566 }
9567
9568 return nullptr;
9569}
9570
9571static const UnaryExprOrTypeTraitExpr *getAsSizeOfExpr(const Expr *E) {
9572 if (const auto *Unary = dyn_cast<UnaryExprOrTypeTraitExpr>(Val: E))
9573 if (Unary->getKind() == UETT_SizeOf)
9574 return Unary;
9575 return nullptr;
9576}
9577
9578/// If E is a sizeof expression, returns its argument expression,
9579/// otherwise returns NULL.
9580static const Expr *getSizeOfExprArg(const Expr *E) {
9581 if (const UnaryExprOrTypeTraitExpr *SizeOf = getAsSizeOfExpr(E))
9582 if (!SizeOf->isArgumentType())
9583 return SizeOf->getArgumentExpr()->IgnoreParenImpCasts();
9584 return nullptr;
9585}
9586
9587/// If E is a sizeof expression, returns its argument type.
9588static QualType getSizeOfArgType(const Expr *E) {
9589 if (const UnaryExprOrTypeTraitExpr *SizeOf = getAsSizeOfExpr(E))
9590 return SizeOf->getTypeOfArgument();
9591 return QualType();
9592}
9593
9594namespace {
9595
9596struct SearchNonTrivialToInitializeField
9597 : DefaultInitializedTypeVisitor<SearchNonTrivialToInitializeField> {
9598 using Super =
9599 DefaultInitializedTypeVisitor<SearchNonTrivialToInitializeField>;
9600
9601 SearchNonTrivialToInitializeField(const Expr *E, Sema &S) : E(E), S(S) {}
9602
9603 void visitWithKind(QualType::PrimitiveDefaultInitializeKind PDIK, QualType FT,
9604 SourceLocation SL) {
9605 if (const auto *AT = asDerived().getContext().getAsArrayType(T: FT)) {
9606 asDerived().visitArray(PDIK, AT, SL);
9607 return;
9608 }
9609
9610 Super::visitWithKind(PDIK, FT, Args&: SL);
9611 }
9612
9613 void visitARCStrong(QualType FT, SourceLocation SL) {
9614 S.DiagRuntimeBehavior(Loc: SL, Statement: E, PD: S.PDiag(DiagID: diag::note_nontrivial_field) << 1);
9615 }
9616 void visitARCWeak(QualType FT, SourceLocation SL) {
9617 S.DiagRuntimeBehavior(Loc: SL, Statement: E, PD: S.PDiag(DiagID: diag::note_nontrivial_field) << 1);
9618 }
9619 void visitStruct(QualType FT, SourceLocation SL) {
9620 for (const FieldDecl *FD : FT->castAs<RecordType>()->getDecl()->fields())
9621 visit(FT: FD->getType(), Args: FD->getLocation());
9622 }
9623 void visitArray(QualType::PrimitiveDefaultInitializeKind PDIK,
9624 const ArrayType *AT, SourceLocation SL) {
9625 visit(FT: getContext().getBaseElementType(VAT: AT), Args&: SL);
9626 }
9627 void visitTrivial(QualType FT, SourceLocation SL) {}
9628
9629 static void diag(QualType RT, const Expr *E, Sema &S) {
9630 SearchNonTrivialToInitializeField(E, S).visitStruct(FT: RT, SL: SourceLocation());
9631 }
9632
9633 ASTContext &getContext() { return S.getASTContext(); }
9634
9635 const Expr *E;
9636 Sema &S;
9637};
9638
9639struct SearchNonTrivialToCopyField
9640 : CopiedTypeVisitor<SearchNonTrivialToCopyField, false> {
9641 using Super = CopiedTypeVisitor<SearchNonTrivialToCopyField, false>;
9642
9643 SearchNonTrivialToCopyField(const Expr *E, Sema &S) : E(E), S(S) {}
9644
9645 void visitWithKind(QualType::PrimitiveCopyKind PCK, QualType FT,
9646 SourceLocation SL) {
9647 if (const auto *AT = asDerived().getContext().getAsArrayType(T: FT)) {
9648 asDerived().visitArray(PCK, AT, SL);
9649 return;
9650 }
9651
9652 Super::visitWithKind(PCK, FT, Args&: SL);
9653 }
9654
9655 void visitARCStrong(QualType FT, SourceLocation SL) {
9656 S.DiagRuntimeBehavior(Loc: SL, Statement: E, PD: S.PDiag(DiagID: diag::note_nontrivial_field) << 0);
9657 }
9658 void visitARCWeak(QualType FT, SourceLocation SL) {
9659 S.DiagRuntimeBehavior(Loc: SL, Statement: E, PD: S.PDiag(DiagID: diag::note_nontrivial_field) << 0);
9660 }
9661 void visitPtrAuth(QualType FT, SourceLocation SL) {
9662 S.DiagRuntimeBehavior(Loc: SL, Statement: E, PD: S.PDiag(DiagID: diag::note_nontrivial_field) << 0);
9663 }
9664 void visitStruct(QualType FT, SourceLocation SL) {
9665 for (const FieldDecl *FD : FT->castAs<RecordType>()->getDecl()->fields())
9666 visit(FT: FD->getType(), Args: FD->getLocation());
9667 }
9668 void visitArray(QualType::PrimitiveCopyKind PCK, const ArrayType *AT,
9669 SourceLocation SL) {
9670 visit(FT: getContext().getBaseElementType(VAT: AT), Args&: SL);
9671 }
9672 void preVisit(QualType::PrimitiveCopyKind PCK, QualType FT,
9673 SourceLocation SL) {}
9674 void visitTrivial(QualType FT, SourceLocation SL) {}
9675 void visitVolatileTrivial(QualType FT, SourceLocation SL) {}
9676
9677 static void diag(QualType RT, const Expr *E, Sema &S) {
9678 SearchNonTrivialToCopyField(E, S).visitStruct(FT: RT, SL: SourceLocation());
9679 }
9680
9681 ASTContext &getContext() { return S.getASTContext(); }
9682
9683 const Expr *E;
9684 Sema &S;
9685};
9686
9687}
9688
9689/// Detect if \c SizeofExpr is likely to calculate the sizeof an object.
9690static bool doesExprLikelyComputeSize(const Expr *SizeofExpr) {
9691 SizeofExpr = SizeofExpr->IgnoreParenImpCasts();
9692
9693 if (const auto *BO = dyn_cast<BinaryOperator>(Val: SizeofExpr)) {
9694 if (BO->getOpcode() != BO_Mul && BO->getOpcode() != BO_Add)
9695 return false;
9696
9697 return doesExprLikelyComputeSize(SizeofExpr: BO->getLHS()) ||
9698 doesExprLikelyComputeSize(SizeofExpr: BO->getRHS());
9699 }
9700
9701 return getAsSizeOfExpr(E: SizeofExpr) != nullptr;
9702}
9703
9704/// Check if the ArgLoc originated from a macro passed to the call at CallLoc.
9705///
9706/// \code
9707/// #define MACRO 0
9708/// foo(MACRO);
9709/// foo(0);
9710/// \endcode
9711///
9712/// This should return true for the first call to foo, but not for the second
9713/// (regardless of whether foo is a macro or function).
9714static bool isArgumentExpandedFromMacro(SourceManager &SM,
9715 SourceLocation CallLoc,
9716 SourceLocation ArgLoc) {
9717 if (!CallLoc.isMacroID())
9718 return SM.getFileID(SpellingLoc: CallLoc) != SM.getFileID(SpellingLoc: ArgLoc);
9719
9720 return SM.getFileID(SpellingLoc: SM.getImmediateMacroCallerLoc(Loc: CallLoc)) !=
9721 SM.getFileID(SpellingLoc: SM.getImmediateMacroCallerLoc(Loc: ArgLoc));
9722}
9723
9724/// Diagnose cases like 'memset(buf, sizeof(buf), 0)', which should have the
9725/// last two arguments transposed.
9726static void CheckMemaccessSize(Sema &S, unsigned BId, const CallExpr *Call) {
9727 if (BId != Builtin::BImemset && BId != Builtin::BIbzero)
9728 return;
9729
9730 const Expr *SizeArg =
9731 Call->getArg(Arg: BId == Builtin::BImemset ? 2 : 1)->IgnoreImpCasts();
9732
9733 auto isLiteralZero = [](const Expr *E) {
9734 return (isa<IntegerLiteral>(Val: E) &&
9735 cast<IntegerLiteral>(Val: E)->getValue() == 0) ||
9736 (isa<CharacterLiteral>(Val: E) &&
9737 cast<CharacterLiteral>(Val: E)->getValue() == 0);
9738 };
9739
9740 // If we're memsetting or bzeroing 0 bytes, then this is likely an error.
9741 SourceLocation CallLoc = Call->getRParenLoc();
9742 SourceManager &SM = S.getSourceManager();
9743 if (isLiteralZero(SizeArg) &&
9744 !isArgumentExpandedFromMacro(SM, CallLoc, ArgLoc: SizeArg->getExprLoc())) {
9745
9746 SourceLocation DiagLoc = SizeArg->getExprLoc();
9747
9748 // Some platforms #define bzero to __builtin_memset. See if this is the
9749 // case, and if so, emit a better diagnostic.
9750 if (BId == Builtin::BIbzero ||
9751 (CallLoc.isMacroID() && Lexer::getImmediateMacroName(
9752 Loc: CallLoc, SM, LangOpts: S.getLangOpts()) == "bzero")) {
9753 S.Diag(Loc: DiagLoc, DiagID: diag::warn_suspicious_bzero_size);
9754 S.Diag(Loc: DiagLoc, DiagID: diag::note_suspicious_bzero_size_silence);
9755 } else if (!isLiteralZero(Call->getArg(Arg: 1)->IgnoreImpCasts())) {
9756 S.Diag(Loc: DiagLoc, DiagID: diag::warn_suspicious_sizeof_memset) << 0;
9757 S.Diag(Loc: DiagLoc, DiagID: diag::note_suspicious_sizeof_memset_silence) << 0;
9758 }
9759 return;
9760 }
9761
9762 // If the second argument to a memset is a sizeof expression and the third
9763 // isn't, this is also likely an error. This should catch
9764 // 'memset(buf, sizeof(buf), 0xff)'.
9765 if (BId == Builtin::BImemset &&
9766 doesExprLikelyComputeSize(SizeofExpr: Call->getArg(Arg: 1)) &&
9767 !doesExprLikelyComputeSize(SizeofExpr: Call->getArg(Arg: 2))) {
9768 SourceLocation DiagLoc = Call->getArg(Arg: 1)->getExprLoc();
9769 S.Diag(Loc: DiagLoc, DiagID: diag::warn_suspicious_sizeof_memset) << 1;
9770 S.Diag(Loc: DiagLoc, DiagID: diag::note_suspicious_sizeof_memset_silence) << 1;
9771 return;
9772 }
9773}
9774
9775void Sema::CheckMemaccessArguments(const CallExpr *Call,
9776 unsigned BId,
9777 IdentifierInfo *FnName) {
9778 assert(BId != 0);
9779
9780 // It is possible to have a non-standard definition of memset. Validate
9781 // we have enough arguments, and if not, abort further checking.
9782 unsigned ExpectedNumArgs =
9783 (BId == Builtin::BIstrndup || BId == Builtin::BIbzero ? 2 : 3);
9784 if (Call->getNumArgs() < ExpectedNumArgs)
9785 return;
9786
9787 unsigned LastArg = (BId == Builtin::BImemset || BId == Builtin::BIbzero ||
9788 BId == Builtin::BIstrndup ? 1 : 2);
9789 unsigned LenArg =
9790 (BId == Builtin::BIbzero || BId == Builtin::BIstrndup ? 1 : 2);
9791 const Expr *LenExpr = Call->getArg(Arg: LenArg)->IgnoreParenImpCasts();
9792
9793 if (CheckMemorySizeofForComparison(S&: *this, E: LenExpr, FnName,
9794 FnLoc: Call->getBeginLoc(), RParenLoc: Call->getRParenLoc()))
9795 return;
9796
9797 // Catch cases like 'memset(buf, sizeof(buf), 0)'.
9798 CheckMemaccessSize(S&: *this, BId, Call);
9799
9800 // We have special checking when the length is a sizeof expression.
9801 QualType SizeOfArgTy = getSizeOfArgType(E: LenExpr);
9802 const Expr *SizeOfArg = getSizeOfExprArg(E: LenExpr);
9803 llvm::FoldingSetNodeID SizeOfArgID;
9804
9805 // Although widely used, 'bzero' is not a standard function. Be more strict
9806 // with the argument types before allowing diagnostics and only allow the
9807 // form bzero(ptr, sizeof(...)).
9808 QualType FirstArgTy = Call->getArg(Arg: 0)->IgnoreParenImpCasts()->getType();
9809 if (BId == Builtin::BIbzero && !FirstArgTy->getAs<PointerType>())
9810 return;
9811
9812 for (unsigned ArgIdx = 0; ArgIdx != LastArg; ++ArgIdx) {
9813 const Expr *Dest = Call->getArg(Arg: ArgIdx)->IgnoreParenImpCasts();
9814 SourceRange ArgRange = Call->getArg(Arg: ArgIdx)->getSourceRange();
9815
9816 QualType DestTy = Dest->getType();
9817 QualType PointeeTy;
9818 if (const PointerType *DestPtrTy = DestTy->getAs<PointerType>()) {
9819 PointeeTy = DestPtrTy->getPointeeType();
9820
9821 // Never warn about void type pointers. This can be used to suppress
9822 // false positives.
9823 if (PointeeTy->isVoidType())
9824 continue;
9825
9826 // Catch "memset(p, 0, sizeof(p))" -- needs to be sizeof(*p). Do this by
9827 // actually comparing the expressions for equality. Because computing the
9828 // expression IDs can be expensive, we only do this if the diagnostic is
9829 // enabled.
9830 if (SizeOfArg &&
9831 !Diags.isIgnored(DiagID: diag::warn_sizeof_pointer_expr_memaccess,
9832 Loc: SizeOfArg->getExprLoc())) {
9833 // We only compute IDs for expressions if the warning is enabled, and
9834 // cache the sizeof arg's ID.
9835 if (SizeOfArgID == llvm::FoldingSetNodeID())
9836 SizeOfArg->Profile(ID&: SizeOfArgID, Context, Canonical: true);
9837 llvm::FoldingSetNodeID DestID;
9838 Dest->Profile(ID&: DestID, Context, Canonical: true);
9839 if (DestID == SizeOfArgID) {
9840 // TODO: For strncpy() and friends, this could suggest sizeof(dst)
9841 // over sizeof(src) as well.
9842 unsigned ActionIdx = 0; // Default is to suggest dereferencing.
9843 StringRef ReadableName = FnName->getName();
9844
9845 if (const UnaryOperator *UnaryOp = dyn_cast<UnaryOperator>(Val: Dest))
9846 if (UnaryOp->getOpcode() == UO_AddrOf)
9847 ActionIdx = 1; // If its an address-of operator, just remove it.
9848 if (!PointeeTy->isIncompleteType() &&
9849 (Context.getTypeSize(T: PointeeTy) == Context.getCharWidth()))
9850 ActionIdx = 2; // If the pointee's size is sizeof(char),
9851 // suggest an explicit length.
9852
9853 // If the function is defined as a builtin macro, do not show macro
9854 // expansion.
9855 SourceLocation SL = SizeOfArg->getExprLoc();
9856 SourceRange DSR = Dest->getSourceRange();
9857 SourceRange SSR = SizeOfArg->getSourceRange();
9858 SourceManager &SM = getSourceManager();
9859
9860 if (SM.isMacroArgExpansion(Loc: SL)) {
9861 ReadableName = Lexer::getImmediateMacroName(Loc: SL, SM, LangOpts);
9862 SL = SM.getSpellingLoc(Loc: SL);
9863 DSR = SourceRange(SM.getSpellingLoc(Loc: DSR.getBegin()),
9864 SM.getSpellingLoc(Loc: DSR.getEnd()));
9865 SSR = SourceRange(SM.getSpellingLoc(Loc: SSR.getBegin()),
9866 SM.getSpellingLoc(Loc: SSR.getEnd()));
9867 }
9868
9869 DiagRuntimeBehavior(Loc: SL, Statement: SizeOfArg,
9870 PD: PDiag(DiagID: diag::warn_sizeof_pointer_expr_memaccess)
9871 << ReadableName
9872 << PointeeTy
9873 << DestTy
9874 << DSR
9875 << SSR);
9876 DiagRuntimeBehavior(Loc: SL, Statement: SizeOfArg,
9877 PD: PDiag(DiagID: diag::warn_sizeof_pointer_expr_memaccess_note)
9878 << ActionIdx
9879 << SSR);
9880
9881 break;
9882 }
9883 }
9884
9885 // Also check for cases where the sizeof argument is the exact same
9886 // type as the memory argument, and where it points to a user-defined
9887 // record type.
9888 if (SizeOfArgTy != QualType()) {
9889 if (PointeeTy->isRecordType() &&
9890 Context.typesAreCompatible(T1: SizeOfArgTy, T2: DestTy)) {
9891 DiagRuntimeBehavior(Loc: LenExpr->getExprLoc(), Statement: Dest,
9892 PD: PDiag(DiagID: diag::warn_sizeof_pointer_type_memaccess)
9893 << FnName << SizeOfArgTy << ArgIdx
9894 << PointeeTy << Dest->getSourceRange()
9895 << LenExpr->getSourceRange());
9896 break;
9897 }
9898 }
9899 } else if (DestTy->isArrayType()) {
9900 PointeeTy = DestTy;
9901 }
9902
9903 if (PointeeTy == QualType())
9904 continue;
9905
9906 // Always complain about dynamic classes.
9907 bool IsContained;
9908 if (const CXXRecordDecl *ContainedRD =
9909 getContainedDynamicClass(T: PointeeTy, IsContained)) {
9910
9911 unsigned OperationType = 0;
9912 const bool IsCmp = BId == Builtin::BImemcmp || BId == Builtin::BIbcmp;
9913 // "overwritten" if we're warning about the destination for any call
9914 // but memcmp; otherwise a verb appropriate to the call.
9915 if (ArgIdx != 0 || IsCmp) {
9916 if (BId == Builtin::BImemcpy)
9917 OperationType = 1;
9918 else if(BId == Builtin::BImemmove)
9919 OperationType = 2;
9920 else if (IsCmp)
9921 OperationType = 3;
9922 }
9923
9924 DiagRuntimeBehavior(Loc: Dest->getExprLoc(), Statement: Dest,
9925 PD: PDiag(DiagID: diag::warn_dyn_class_memaccess)
9926 << (IsCmp ? ArgIdx + 2 : ArgIdx) << FnName
9927 << IsContained << ContainedRD << OperationType
9928 << Call->getCallee()->getSourceRange());
9929 } else if (PointeeTy.hasNonTrivialObjCLifetime() &&
9930 BId != Builtin::BImemset)
9931 DiagRuntimeBehavior(
9932 Loc: Dest->getExprLoc(), Statement: Dest,
9933 PD: PDiag(DiagID: diag::warn_arc_object_memaccess)
9934 << ArgIdx << FnName << PointeeTy
9935 << Call->getCallee()->getSourceRange());
9936 else if (const auto *RT = PointeeTy->getAs<RecordType>()) {
9937
9938 // FIXME: Do not consider incomplete types even though they may be
9939 // completed later. GCC does not diagnose such code, but we may want to
9940 // consider diagnosing it in the future, perhaps under a different, but
9941 // related, diagnostic group.
9942 bool NonTriviallyCopyableCXXRecord =
9943 getLangOpts().CPlusPlus && !RT->isIncompleteType() &&
9944 !RT->desugar().isTriviallyCopyableType(Context);
9945
9946 if ((BId == Builtin::BImemset || BId == Builtin::BIbzero) &&
9947 RT->getDecl()->isNonTrivialToPrimitiveDefaultInitialize()) {
9948 DiagRuntimeBehavior(Loc: Dest->getExprLoc(), Statement: Dest,
9949 PD: PDiag(DiagID: diag::warn_cstruct_memaccess)
9950 << ArgIdx << FnName << PointeeTy << 0);
9951 SearchNonTrivialToInitializeField::diag(RT: PointeeTy, E: Dest, S&: *this);
9952 } else if ((BId == Builtin::BImemset || BId == Builtin::BIbzero) &&
9953 NonTriviallyCopyableCXXRecord && ArgIdx == 0) {
9954 // FIXME: Limiting this warning to dest argument until we decide
9955 // whether it's valid for source argument too.
9956 DiagRuntimeBehavior(Loc: Dest->getExprLoc(), Statement: Dest,
9957 PD: PDiag(DiagID: diag::warn_cxxstruct_memaccess)
9958 << FnName << PointeeTy);
9959 } else if ((BId == Builtin::BImemcpy || BId == Builtin::BImemmove) &&
9960 RT->getDecl()->isNonTrivialToPrimitiveCopy()) {
9961 DiagRuntimeBehavior(Loc: Dest->getExprLoc(), Statement: Dest,
9962 PD: PDiag(DiagID: diag::warn_cstruct_memaccess)
9963 << ArgIdx << FnName << PointeeTy << 1);
9964 SearchNonTrivialToCopyField::diag(RT: PointeeTy, E: Dest, S&: *this);
9965 } else if ((BId == Builtin::BImemcpy || BId == Builtin::BImemmove) &&
9966 NonTriviallyCopyableCXXRecord && ArgIdx == 0) {
9967 // FIXME: Limiting this warning to dest argument until we decide
9968 // whether it's valid for source argument too.
9969 DiagRuntimeBehavior(Loc: Dest->getExprLoc(), Statement: Dest,
9970 PD: PDiag(DiagID: diag::warn_cxxstruct_memaccess)
9971 << FnName << PointeeTy);
9972 } else {
9973 continue;
9974 }
9975 } else
9976 continue;
9977
9978 DiagRuntimeBehavior(
9979 Loc: Dest->getExprLoc(), Statement: Dest,
9980 PD: PDiag(DiagID: diag::note_bad_memaccess_silence)
9981 << FixItHint::CreateInsertion(InsertionLoc: ArgRange.getBegin(), Code: "(void*)"));
9982 break;
9983 }
9984}
9985
9986// A little helper routine: ignore addition and subtraction of integer literals.
9987// This intentionally does not ignore all integer constant expressions because
9988// we don't want to remove sizeof().
9989static const Expr *ignoreLiteralAdditions(const Expr *Ex, ASTContext &Ctx) {
9990 Ex = Ex->IgnoreParenCasts();
9991
9992 while (true) {
9993 const BinaryOperator * BO = dyn_cast<BinaryOperator>(Val: Ex);
9994 if (!BO || !BO->isAdditiveOp())
9995 break;
9996
9997 const Expr *RHS = BO->getRHS()->IgnoreParenCasts();
9998 const Expr *LHS = BO->getLHS()->IgnoreParenCasts();
9999
10000 if (isa<IntegerLiteral>(Val: RHS))
10001 Ex = LHS;
10002 else if (isa<IntegerLiteral>(Val: LHS))
10003 Ex = RHS;
10004 else
10005 break;
10006 }
10007
10008 return Ex;
10009}
10010
10011static bool isConstantSizeArrayWithMoreThanOneElement(QualType Ty,
10012 ASTContext &Context) {
10013 // Only handle constant-sized or VLAs, but not flexible members.
10014 if (const ConstantArrayType *CAT = Context.getAsConstantArrayType(T: Ty)) {
10015 // Only issue the FIXIT for arrays of size > 1.
10016 if (CAT->getZExtSize() <= 1)
10017 return false;
10018 } else if (!Ty->isVariableArrayType()) {
10019 return false;
10020 }
10021 return true;
10022}
10023
10024void Sema::CheckStrlcpycatArguments(const CallExpr *Call,
10025 IdentifierInfo *FnName) {
10026
10027 // Don't crash if the user has the wrong number of arguments
10028 unsigned NumArgs = Call->getNumArgs();
10029 if ((NumArgs != 3) && (NumArgs != 4))
10030 return;
10031
10032 const Expr *SrcArg = ignoreLiteralAdditions(Ex: Call->getArg(Arg: 1), Ctx&: Context);
10033 const Expr *SizeArg = ignoreLiteralAdditions(Ex: Call->getArg(Arg: 2), Ctx&: Context);
10034 const Expr *CompareWithSrc = nullptr;
10035
10036 if (CheckMemorySizeofForComparison(S&: *this, E: SizeArg, FnName,
10037 FnLoc: Call->getBeginLoc(), RParenLoc: Call->getRParenLoc()))
10038 return;
10039
10040 // Look for 'strlcpy(dst, x, sizeof(x))'
10041 if (const Expr *Ex = getSizeOfExprArg(E: SizeArg))
10042 CompareWithSrc = Ex;
10043 else {
10044 // Look for 'strlcpy(dst, x, strlen(x))'
10045 if (const CallExpr *SizeCall = dyn_cast<CallExpr>(Val: SizeArg)) {
10046 if (SizeCall->getBuiltinCallee() == Builtin::BIstrlen &&
10047 SizeCall->getNumArgs() == 1)
10048 CompareWithSrc = ignoreLiteralAdditions(Ex: SizeCall->getArg(Arg: 0), Ctx&: Context);
10049 }
10050 }
10051
10052 if (!CompareWithSrc)
10053 return;
10054
10055 // Determine if the argument to sizeof/strlen is equal to the source
10056 // argument. In principle there's all kinds of things you could do
10057 // here, for instance creating an == expression and evaluating it with
10058 // EvaluateAsBooleanCondition, but this uses a more direct technique:
10059 const DeclRefExpr *SrcArgDRE = dyn_cast<DeclRefExpr>(Val: SrcArg);
10060 if (!SrcArgDRE)
10061 return;
10062
10063 const DeclRefExpr *CompareWithSrcDRE = dyn_cast<DeclRefExpr>(Val: CompareWithSrc);
10064 if (!CompareWithSrcDRE ||
10065 SrcArgDRE->getDecl() != CompareWithSrcDRE->getDecl())
10066 return;
10067
10068 const Expr *OriginalSizeArg = Call->getArg(Arg: 2);
10069 Diag(Loc: CompareWithSrcDRE->getBeginLoc(), DiagID: diag::warn_strlcpycat_wrong_size)
10070 << OriginalSizeArg->getSourceRange() << FnName;
10071
10072 // Output a FIXIT hint if the destination is an array (rather than a
10073 // pointer to an array). This could be enhanced to handle some
10074 // pointers if we know the actual size, like if DstArg is 'array+2'
10075 // we could say 'sizeof(array)-2'.
10076 const Expr *DstArg = Call->getArg(Arg: 0)->IgnoreParenImpCasts();
10077 if (!isConstantSizeArrayWithMoreThanOneElement(Ty: DstArg->getType(), Context))
10078 return;
10079
10080 SmallString<128> sizeString;
10081 llvm::raw_svector_ostream OS(sizeString);
10082 OS << "sizeof(";
10083 DstArg->printPretty(OS, Helper: nullptr, Policy: getPrintingPolicy());
10084 OS << ")";
10085
10086 Diag(Loc: OriginalSizeArg->getBeginLoc(), DiagID: diag::note_strlcpycat_wrong_size)
10087 << FixItHint::CreateReplacement(RemoveRange: OriginalSizeArg->getSourceRange(),
10088 Code: OS.str());
10089}
10090
10091/// Check if two expressions refer to the same declaration.
10092static bool referToTheSameDecl(const Expr *E1, const Expr *E2) {
10093 if (const DeclRefExpr *D1 = dyn_cast_or_null<DeclRefExpr>(Val: E1))
10094 if (const DeclRefExpr *D2 = dyn_cast_or_null<DeclRefExpr>(Val: E2))
10095 return D1->getDecl() == D2->getDecl();
10096 return false;
10097}
10098
10099static const Expr *getStrlenExprArg(const Expr *E) {
10100 if (const CallExpr *CE = dyn_cast<CallExpr>(Val: E)) {
10101 const FunctionDecl *FD = CE->getDirectCallee();
10102 if (!FD || FD->getMemoryFunctionKind() != Builtin::BIstrlen)
10103 return nullptr;
10104 return CE->getArg(Arg: 0)->IgnoreParenCasts();
10105 }
10106 return nullptr;
10107}
10108
10109void Sema::CheckStrncatArguments(const CallExpr *CE,
10110 const IdentifierInfo *FnName) {
10111 // Don't crash if the user has the wrong number of arguments.
10112 if (CE->getNumArgs() < 3)
10113 return;
10114 const Expr *DstArg = CE->getArg(Arg: 0)->IgnoreParenCasts();
10115 const Expr *SrcArg = CE->getArg(Arg: 1)->IgnoreParenCasts();
10116 const Expr *LenArg = CE->getArg(Arg: 2)->IgnoreParenCasts();
10117
10118 if (CheckMemorySizeofForComparison(S&: *this, E: LenArg, FnName, FnLoc: CE->getBeginLoc(),
10119 RParenLoc: CE->getRParenLoc()))
10120 return;
10121
10122 // Identify common expressions, which are wrongly used as the size argument
10123 // to strncat and may lead to buffer overflows.
10124 unsigned PatternType = 0;
10125 if (const Expr *SizeOfArg = getSizeOfExprArg(E: LenArg)) {
10126 // - sizeof(dst)
10127 if (referToTheSameDecl(E1: SizeOfArg, E2: DstArg))
10128 PatternType = 1;
10129 // - sizeof(src)
10130 else if (referToTheSameDecl(E1: SizeOfArg, E2: SrcArg))
10131 PatternType = 2;
10132 } else if (const BinaryOperator *BE = dyn_cast<BinaryOperator>(Val: LenArg)) {
10133 if (BE->getOpcode() == BO_Sub) {
10134 const Expr *L = BE->getLHS()->IgnoreParenCasts();
10135 const Expr *R = BE->getRHS()->IgnoreParenCasts();
10136 // - sizeof(dst) - strlen(dst)
10137 if (referToTheSameDecl(E1: DstArg, E2: getSizeOfExprArg(E: L)) &&
10138 referToTheSameDecl(E1: DstArg, E2: getStrlenExprArg(E: R)))
10139 PatternType = 1;
10140 // - sizeof(src) - (anything)
10141 else if (referToTheSameDecl(E1: SrcArg, E2: getSizeOfExprArg(E: L)))
10142 PatternType = 2;
10143 }
10144 }
10145
10146 if (PatternType == 0)
10147 return;
10148
10149 // Generate the diagnostic.
10150 SourceLocation SL = LenArg->getBeginLoc();
10151 SourceRange SR = LenArg->getSourceRange();
10152 SourceManager &SM = getSourceManager();
10153
10154 // If the function is defined as a builtin macro, do not show macro expansion.
10155 if (SM.isMacroArgExpansion(Loc: SL)) {
10156 SL = SM.getSpellingLoc(Loc: SL);
10157 SR = SourceRange(SM.getSpellingLoc(Loc: SR.getBegin()),
10158 SM.getSpellingLoc(Loc: SR.getEnd()));
10159 }
10160
10161 // Check if the destination is an array (rather than a pointer to an array).
10162 QualType DstTy = DstArg->getType();
10163 bool isKnownSizeArray = isConstantSizeArrayWithMoreThanOneElement(Ty: DstTy,
10164 Context);
10165 if (!isKnownSizeArray) {
10166 if (PatternType == 1)
10167 Diag(Loc: SL, DiagID: diag::warn_strncat_wrong_size) << SR;
10168 else
10169 Diag(Loc: SL, DiagID: diag::warn_strncat_src_size) << SR;
10170 return;
10171 }
10172
10173 if (PatternType == 1)
10174 Diag(Loc: SL, DiagID: diag::warn_strncat_large_size) << SR;
10175 else
10176 Diag(Loc: SL, DiagID: diag::warn_strncat_src_size) << SR;
10177
10178 SmallString<128> sizeString;
10179 llvm::raw_svector_ostream OS(sizeString);
10180 OS << "sizeof(";
10181 DstArg->printPretty(OS, Helper: nullptr, Policy: getPrintingPolicy());
10182 OS << ") - ";
10183 OS << "strlen(";
10184 DstArg->printPretty(OS, Helper: nullptr, Policy: getPrintingPolicy());
10185 OS << ") - 1";
10186
10187 Diag(Loc: SL, DiagID: diag::note_strncat_wrong_size)
10188 << FixItHint::CreateReplacement(RemoveRange: SR, Code: OS.str());
10189}
10190
10191namespace {
10192void CheckFreeArgumentsOnLvalue(Sema &S, const std::string &CalleeName,
10193 const UnaryOperator *UnaryExpr, const Decl *D) {
10194 if (isa<FieldDecl, FunctionDecl, VarDecl>(Val: D)) {
10195 S.Diag(Loc: UnaryExpr->getBeginLoc(), DiagID: diag::warn_free_nonheap_object)
10196 << CalleeName << 0 /*object: */ << cast<NamedDecl>(Val: D);
10197 return;
10198 }
10199}
10200
10201void CheckFreeArgumentsAddressof(Sema &S, const std::string &CalleeName,
10202 const UnaryOperator *UnaryExpr) {
10203 if (const auto *Lvalue = dyn_cast<DeclRefExpr>(Val: UnaryExpr->getSubExpr())) {
10204 const Decl *D = Lvalue->getDecl();
10205 if (const auto *DD = dyn_cast<DeclaratorDecl>(Val: D)) {
10206 if (!DD->getType()->isReferenceType())
10207 return CheckFreeArgumentsOnLvalue(S, CalleeName, UnaryExpr, D);
10208 }
10209 }
10210
10211 if (const auto *Lvalue = dyn_cast<MemberExpr>(Val: UnaryExpr->getSubExpr()))
10212 return CheckFreeArgumentsOnLvalue(S, CalleeName, UnaryExpr,
10213 D: Lvalue->getMemberDecl());
10214}
10215
10216void CheckFreeArgumentsPlus(Sema &S, const std::string &CalleeName,
10217 const UnaryOperator *UnaryExpr) {
10218 const auto *Lambda = dyn_cast<LambdaExpr>(
10219 Val: UnaryExpr->getSubExpr()->IgnoreImplicitAsWritten()->IgnoreParens());
10220 if (!Lambda)
10221 return;
10222
10223 S.Diag(Loc: Lambda->getBeginLoc(), DiagID: diag::warn_free_nonheap_object)
10224 << CalleeName << 2 /*object: lambda expression*/;
10225}
10226
10227void CheckFreeArgumentsStackArray(Sema &S, const std::string &CalleeName,
10228 const DeclRefExpr *Lvalue) {
10229 const auto *Var = dyn_cast<VarDecl>(Val: Lvalue->getDecl());
10230 if (Var == nullptr)
10231 return;
10232
10233 S.Diag(Loc: Lvalue->getBeginLoc(), DiagID: diag::warn_free_nonheap_object)
10234 << CalleeName << 0 /*object: */ << Var;
10235}
10236
10237void CheckFreeArgumentsCast(Sema &S, const std::string &CalleeName,
10238 const CastExpr *Cast) {
10239 SmallString<128> SizeString;
10240 llvm::raw_svector_ostream OS(SizeString);
10241
10242 clang::CastKind Kind = Cast->getCastKind();
10243 if (Kind == clang::CK_BitCast &&
10244 !Cast->getSubExpr()->getType()->isFunctionPointerType())
10245 return;
10246 if (Kind == clang::CK_IntegralToPointer &&
10247 !isa<IntegerLiteral>(
10248 Val: Cast->getSubExpr()->IgnoreParenImpCasts()->IgnoreParens()))
10249 return;
10250
10251 switch (Cast->getCastKind()) {
10252 case clang::CK_BitCast:
10253 case clang::CK_IntegralToPointer:
10254 case clang::CK_FunctionToPointerDecay:
10255 OS << '\'';
10256 Cast->printPretty(OS, Helper: nullptr, Policy: S.getPrintingPolicy());
10257 OS << '\'';
10258 break;
10259 default:
10260 return;
10261 }
10262
10263 S.Diag(Loc: Cast->getBeginLoc(), DiagID: diag::warn_free_nonheap_object)
10264 << CalleeName << 0 /*object: */ << OS.str();
10265}
10266} // namespace
10267
10268void Sema::CheckFreeArguments(const CallExpr *E) {
10269 const std::string CalleeName =
10270 cast<FunctionDecl>(Val: E->getCalleeDecl())->getQualifiedNameAsString();
10271
10272 { // Prefer something that doesn't involve a cast to make things simpler.
10273 const Expr *Arg = E->getArg(Arg: 0)->IgnoreParenCasts();
10274 if (const auto *UnaryExpr = dyn_cast<UnaryOperator>(Val: Arg))
10275 switch (UnaryExpr->getOpcode()) {
10276 case UnaryOperator::Opcode::UO_AddrOf:
10277 return CheckFreeArgumentsAddressof(S&: *this, CalleeName, UnaryExpr);
10278 case UnaryOperator::Opcode::UO_Plus:
10279 return CheckFreeArgumentsPlus(S&: *this, CalleeName, UnaryExpr);
10280 default:
10281 break;
10282 }
10283
10284 if (const auto *Lvalue = dyn_cast<DeclRefExpr>(Val: Arg))
10285 if (Lvalue->getType()->isArrayType())
10286 return CheckFreeArgumentsStackArray(S&: *this, CalleeName, Lvalue);
10287
10288 if (const auto *Label = dyn_cast<AddrLabelExpr>(Val: Arg)) {
10289 Diag(Loc: Label->getBeginLoc(), DiagID: diag::warn_free_nonheap_object)
10290 << CalleeName << 0 /*object: */ << Label->getLabel()->getIdentifier();
10291 return;
10292 }
10293
10294 if (isa<BlockExpr>(Val: Arg)) {
10295 Diag(Loc: Arg->getBeginLoc(), DiagID: diag::warn_free_nonheap_object)
10296 << CalleeName << 1 /*object: block*/;
10297 return;
10298 }
10299 }
10300 // Maybe the cast was important, check after the other cases.
10301 if (const auto *Cast = dyn_cast<CastExpr>(Val: E->getArg(Arg: 0)))
10302 return CheckFreeArgumentsCast(S&: *this, CalleeName, Cast);
10303}
10304
10305void
10306Sema::CheckReturnValExpr(Expr *RetValExp, QualType lhsType,
10307 SourceLocation ReturnLoc,
10308 bool isObjCMethod,
10309 const AttrVec *Attrs,
10310 const FunctionDecl *FD) {
10311 // Check if the return value is null but should not be.
10312 if (((Attrs && hasSpecificAttr<ReturnsNonNullAttr>(container: *Attrs)) ||
10313 (!isObjCMethod && isNonNullType(type: lhsType))) &&
10314 CheckNonNullExpr(S&: *this, Expr: RetValExp))
10315 Diag(Loc: ReturnLoc, DiagID: diag::warn_null_ret)
10316 << (isObjCMethod ? 1 : 0) << RetValExp->getSourceRange();
10317
10318 // C++11 [basic.stc.dynamic.allocation]p4:
10319 // If an allocation function declared with a non-throwing
10320 // exception-specification fails to allocate storage, it shall return
10321 // a null pointer. Any other allocation function that fails to allocate
10322 // storage shall indicate failure only by throwing an exception [...]
10323 if (FD) {
10324 OverloadedOperatorKind Op = FD->getOverloadedOperator();
10325 if (Op == OO_New || Op == OO_Array_New) {
10326 const FunctionProtoType *Proto
10327 = FD->getType()->castAs<FunctionProtoType>();
10328 if (!Proto->isNothrow(/*ResultIfDependent*/true) &&
10329 CheckNonNullExpr(S&: *this, Expr: RetValExp))
10330 Diag(Loc: ReturnLoc, DiagID: diag::warn_operator_new_returns_null)
10331 << FD << getLangOpts().CPlusPlus11;
10332 }
10333 }
10334
10335 if (RetValExp && RetValExp->getType()->isWebAssemblyTableType()) {
10336 Diag(Loc: ReturnLoc, DiagID: diag::err_wasm_table_art) << 1;
10337 }
10338
10339 // PPC MMA non-pointer types are not allowed as return type. Checking the type
10340 // here prevent the user from using a PPC MMA type as trailing return type.
10341 if (Context.getTargetInfo().getTriple().isPPC64())
10342 PPC().CheckPPCMMAType(Type: RetValExp->getType(), TypeLoc: ReturnLoc);
10343}
10344
10345void Sema::CheckFloatComparison(SourceLocation Loc, const Expr *LHS,
10346 const Expr *RHS, BinaryOperatorKind Opcode) {
10347 if (!BinaryOperator::isEqualityOp(Opc: Opcode))
10348 return;
10349
10350 // Match and capture subexpressions such as "(float) X == 0.1".
10351 const FloatingLiteral *FPLiteral;
10352 const CastExpr *FPCast;
10353 auto getCastAndLiteral = [&FPLiteral, &FPCast](const Expr *L, const Expr *R) {
10354 FPLiteral = dyn_cast<FloatingLiteral>(Val: L->IgnoreParens());
10355 FPCast = dyn_cast<CastExpr>(Val: R->IgnoreParens());
10356 return FPLiteral && FPCast;
10357 };
10358
10359 if (getCastAndLiteral(LHS, RHS) || getCastAndLiteral(RHS, LHS)) {
10360 auto *SourceTy = FPCast->getSubExpr()->getType()->getAs<BuiltinType>();
10361 auto *TargetTy = FPLiteral->getType()->getAs<BuiltinType>();
10362 if (SourceTy && TargetTy && SourceTy->isFloatingPoint() &&
10363 TargetTy->isFloatingPoint()) {
10364 bool Lossy;
10365 llvm::APFloat TargetC = FPLiteral->getValue();
10366 TargetC.convert(ToSemantics: Context.getFloatTypeSemantics(T: QualType(SourceTy, 0)),
10367 RM: llvm::APFloat::rmNearestTiesToEven, losesInfo: &Lossy);
10368 if (Lossy) {
10369 // If the literal cannot be represented in the source type, then a
10370 // check for == is always false and check for != is always true.
10371 Diag(Loc, DiagID: diag::warn_float_compare_literal)
10372 << (Opcode == BO_EQ) << QualType(SourceTy, 0)
10373 << LHS->getSourceRange() << RHS->getSourceRange();
10374 return;
10375 }
10376 }
10377 }
10378
10379 // Match a more general floating-point equality comparison (-Wfloat-equal).
10380 const Expr *LeftExprSansParen = LHS->IgnoreParenImpCasts();
10381 const Expr *RightExprSansParen = RHS->IgnoreParenImpCasts();
10382
10383 // Special case: check for x == x (which is OK).
10384 // Do not emit warnings for such cases.
10385 if (const auto *DRL = dyn_cast<DeclRefExpr>(Val: LeftExprSansParen))
10386 if (const auto *DRR = dyn_cast<DeclRefExpr>(Val: RightExprSansParen))
10387 if (DRL->getDecl() == DRR->getDecl())
10388 return;
10389
10390 // Special case: check for comparisons against literals that can be exactly
10391 // represented by APFloat. In such cases, do not emit a warning. This
10392 // is a heuristic: often comparison against such literals are used to
10393 // detect if a value in a variable has not changed. This clearly can
10394 // lead to false negatives.
10395 if (const auto *FLL = dyn_cast<FloatingLiteral>(Val: LeftExprSansParen)) {
10396 if (FLL->isExact())
10397 return;
10398 } else if (const auto *FLR = dyn_cast<FloatingLiteral>(Val: RightExprSansParen))
10399 if (FLR->isExact())
10400 return;
10401
10402 // Check for comparisons with builtin types.
10403 if (const auto *CL = dyn_cast<CallExpr>(Val: LeftExprSansParen);
10404 CL && CL->getBuiltinCallee())
10405 return;
10406
10407 if (const auto *CR = dyn_cast<CallExpr>(Val: RightExprSansParen);
10408 CR && CR->getBuiltinCallee())
10409 return;
10410
10411 // Emit the diagnostic.
10412 Diag(Loc, DiagID: diag::warn_floatingpoint_eq)
10413 << LHS->getSourceRange() << RHS->getSourceRange();
10414}
10415
10416//===--- CHECK: Integer mixed-sign comparisons (-Wsign-compare) --------===//
10417//===--- CHECK: Lossy implicit conversions (-Wconversion) --------------===//
10418
10419namespace {
10420
10421/// Structure recording the 'active' range of an integer-valued
10422/// expression.
10423struct IntRange {
10424 /// The number of bits active in the int. Note that this includes exactly one
10425 /// sign bit if !NonNegative.
10426 unsigned Width;
10427
10428 /// True if the int is known not to have negative values. If so, all leading
10429 /// bits before Width are known zero, otherwise they are known to be the
10430 /// same as the MSB within Width.
10431 bool NonNegative;
10432
10433 IntRange(unsigned Width, bool NonNegative)
10434 : Width(Width), NonNegative(NonNegative) {}
10435
10436 /// Number of bits excluding the sign bit.
10437 unsigned valueBits() const {
10438 return NonNegative ? Width : Width - 1;
10439 }
10440
10441 /// Returns the range of the bool type.
10442 static IntRange forBoolType() {
10443 return IntRange(1, true);
10444 }
10445
10446 /// Returns the range of an opaque value of the given integral type.
10447 static IntRange forValueOfType(ASTContext &C, QualType T) {
10448 return forValueOfCanonicalType(C,
10449 T: T->getCanonicalTypeInternal().getTypePtr());
10450 }
10451
10452 /// Returns the range of an opaque value of a canonical integral type.
10453 static IntRange forValueOfCanonicalType(ASTContext &C, const Type *T) {
10454 assert(T->isCanonicalUnqualified());
10455
10456 if (const auto *VT = dyn_cast<VectorType>(Val: T))
10457 T = VT->getElementType().getTypePtr();
10458 if (const auto *CT = dyn_cast<ComplexType>(Val: T))
10459 T = CT->getElementType().getTypePtr();
10460 if (const auto *AT = dyn_cast<AtomicType>(Val: T))
10461 T = AT->getValueType().getTypePtr();
10462
10463 if (!C.getLangOpts().CPlusPlus) {
10464 // For enum types in C code, use the underlying datatype.
10465 if (const auto *ET = dyn_cast<EnumType>(Val: T))
10466 T = ET->getDecl()->getIntegerType().getDesugaredType(Context: C).getTypePtr();
10467 } else if (const auto *ET = dyn_cast<EnumType>(Val: T)) {
10468 // For enum types in C++, use the known bit width of the enumerators.
10469 EnumDecl *Enum = ET->getDecl();
10470 // In C++11, enums can have a fixed underlying type. Use this type to
10471 // compute the range.
10472 if (Enum->isFixed()) {
10473 return IntRange(C.getIntWidth(T: QualType(T, 0)),
10474 !ET->isSignedIntegerOrEnumerationType());
10475 }
10476
10477 unsigned NumPositive = Enum->getNumPositiveBits();
10478 unsigned NumNegative = Enum->getNumNegativeBits();
10479
10480 if (NumNegative == 0)
10481 return IntRange(NumPositive, true/*NonNegative*/);
10482 else
10483 return IntRange(std::max(a: NumPositive + 1, b: NumNegative),
10484 false/*NonNegative*/);
10485 }
10486
10487 if (const auto *EIT = dyn_cast<BitIntType>(Val: T))
10488 return IntRange(EIT->getNumBits(), EIT->isUnsigned());
10489
10490 const BuiltinType *BT = cast<BuiltinType>(Val: T);
10491 assert(BT->isInteger());
10492
10493 return IntRange(C.getIntWidth(T: QualType(T, 0)), BT->isUnsignedInteger());
10494 }
10495
10496 /// Returns the "target" range of a canonical integral type, i.e.
10497 /// the range of values expressible in the type.
10498 ///
10499 /// This matches forValueOfCanonicalType except that enums have the
10500 /// full range of their type, not the range of their enumerators.
10501 static IntRange forTargetOfCanonicalType(ASTContext &C, const Type *T) {
10502 assert(T->isCanonicalUnqualified());
10503
10504 if (const VectorType *VT = dyn_cast<VectorType>(Val: T))
10505 T = VT->getElementType().getTypePtr();
10506 if (const ComplexType *CT = dyn_cast<ComplexType>(Val: T))
10507 T = CT->getElementType().getTypePtr();
10508 if (const AtomicType *AT = dyn_cast<AtomicType>(Val: T))
10509 T = AT->getValueType().getTypePtr();
10510 if (const EnumType *ET = dyn_cast<EnumType>(Val: T))
10511 T = C.getCanonicalType(T: ET->getDecl()->getIntegerType()).getTypePtr();
10512
10513 if (const auto *EIT = dyn_cast<BitIntType>(Val: T))
10514 return IntRange(EIT->getNumBits(), EIT->isUnsigned());
10515
10516 const BuiltinType *BT = cast<BuiltinType>(Val: T);
10517 assert(BT->isInteger());
10518
10519 return IntRange(C.getIntWidth(T: QualType(T, 0)), BT->isUnsignedInteger());
10520 }
10521
10522 /// Returns the supremum of two ranges: i.e. their conservative merge.
10523 static IntRange join(IntRange L, IntRange R) {
10524 bool Unsigned = L.NonNegative && R.NonNegative;
10525 return IntRange(std::max(a: L.valueBits(), b: R.valueBits()) + !Unsigned,
10526 L.NonNegative && R.NonNegative);
10527 }
10528
10529 /// Return the range of a bitwise-AND of the two ranges.
10530 static IntRange bit_and(IntRange L, IntRange R) {
10531 unsigned Bits = std::max(a: L.Width, b: R.Width);
10532 bool NonNegative = false;
10533 if (L.NonNegative) {
10534 Bits = std::min(a: Bits, b: L.Width);
10535 NonNegative = true;
10536 }
10537 if (R.NonNegative) {
10538 Bits = std::min(a: Bits, b: R.Width);
10539 NonNegative = true;
10540 }
10541 return IntRange(Bits, NonNegative);
10542 }
10543
10544 /// Return the range of a sum of the two ranges.
10545 static IntRange sum(IntRange L, IntRange R) {
10546 bool Unsigned = L.NonNegative && R.NonNegative;
10547 return IntRange(std::max(a: L.valueBits(), b: R.valueBits()) + 1 + !Unsigned,
10548 Unsigned);
10549 }
10550
10551 /// Return the range of a difference of the two ranges.
10552 static IntRange difference(IntRange L, IntRange R) {
10553 // We need a 1-bit-wider range if:
10554 // 1) LHS can be negative: least value can be reduced.
10555 // 2) RHS can be negative: greatest value can be increased.
10556 bool CanWiden = !L.NonNegative || !R.NonNegative;
10557 bool Unsigned = L.NonNegative && R.Width == 0;
10558 return IntRange(std::max(a: L.valueBits(), b: R.valueBits()) + CanWiden +
10559 !Unsigned,
10560 Unsigned);
10561 }
10562
10563 /// Return the range of a product of the two ranges.
10564 static IntRange product(IntRange L, IntRange R) {
10565 // If both LHS and RHS can be negative, we can form
10566 // -2^L * -2^R = 2^(L + R)
10567 // which requires L + R + 1 value bits to represent.
10568 bool CanWiden = !L.NonNegative && !R.NonNegative;
10569 bool Unsigned = L.NonNegative && R.NonNegative;
10570 return IntRange(L.valueBits() + R.valueBits() + CanWiden + !Unsigned,
10571 Unsigned);
10572 }
10573
10574 /// Return the range of a remainder operation between the two ranges.
10575 static IntRange rem(IntRange L, IntRange R) {
10576 // The result of a remainder can't be larger than the result of
10577 // either side. The sign of the result is the sign of the LHS.
10578 bool Unsigned = L.NonNegative;
10579 return IntRange(std::min(a: L.valueBits(), b: R.valueBits()) + !Unsigned,
10580 Unsigned);
10581 }
10582};
10583
10584} // namespace
10585
10586static IntRange GetValueRange(llvm::APSInt &value, unsigned MaxWidth) {
10587 if (value.isSigned() && value.isNegative())
10588 return IntRange(value.getSignificantBits(), false);
10589
10590 if (value.getBitWidth() > MaxWidth)
10591 value = value.trunc(width: MaxWidth);
10592
10593 // isNonNegative() just checks the sign bit without considering
10594 // signedness.
10595 return IntRange(value.getActiveBits(), true);
10596}
10597
10598static IntRange GetValueRange(APValue &result, QualType Ty, unsigned MaxWidth) {
10599 if (result.isInt())
10600 return GetValueRange(value&: result.getInt(), MaxWidth);
10601
10602 if (result.isVector()) {
10603 IntRange R = GetValueRange(result&: result.getVectorElt(I: 0), Ty, MaxWidth);
10604 for (unsigned i = 1, e = result.getVectorLength(); i != e; ++i) {
10605 IntRange El = GetValueRange(result&: result.getVectorElt(I: i), Ty, MaxWidth);
10606 R = IntRange::join(L: R, R: El);
10607 }
10608 return R;
10609 }
10610
10611 if (result.isComplexInt()) {
10612 IntRange R = GetValueRange(value&: result.getComplexIntReal(), MaxWidth);
10613 IntRange I = GetValueRange(value&: result.getComplexIntImag(), MaxWidth);
10614 return IntRange::join(L: R, R: I);
10615 }
10616
10617 // This can happen with lossless casts to intptr_t of "based" lvalues.
10618 // Assume it might use arbitrary bits.
10619 // FIXME: The only reason we need to pass the type in here is to get
10620 // the sign right on this one case. It would be nice if APValue
10621 // preserved this.
10622 assert(result.isLValue() || result.isAddrLabelDiff());
10623 return IntRange(MaxWidth, Ty->isUnsignedIntegerOrEnumerationType());
10624}
10625
10626static QualType GetExprType(const Expr *E) {
10627 QualType Ty = E->getType();
10628 if (const auto *AtomicRHS = Ty->getAs<AtomicType>())
10629 Ty = AtomicRHS->getValueType();
10630 return Ty;
10631}
10632
10633/// Attempts to estimate an approximate range for the given integer expression.
10634/// Returns a range if successful, otherwise it returns \c std::nullopt if a
10635/// reliable estimation cannot be determined.
10636///
10637/// \param MaxWidth The width to which the value will be truncated.
10638/// \param InConstantContext If \c true, interpret the expression within a
10639/// constant context.
10640/// \param Approximate If \c true, provide a likely range of values by assuming
10641/// that arithmetic on narrower types remains within those types.
10642/// If \c false, return a range that includes all possible values
10643/// resulting from the expression.
10644/// \returns A range of values that the expression might take, or
10645/// std::nullopt if a reliable estimation cannot be determined.
10646static std::optional<IntRange> TryGetExprRange(ASTContext &C, const Expr *E,
10647 unsigned MaxWidth,
10648 bool InConstantContext,
10649 bool Approximate) {
10650 E = E->IgnoreParens();
10651
10652 // Try a full evaluation first.
10653 Expr::EvalResult result;
10654 if (E->EvaluateAsRValue(Result&: result, Ctx: C, InConstantContext))
10655 return GetValueRange(result&: result.Val, Ty: GetExprType(E), MaxWidth);
10656
10657 // I think we only want to look through implicit casts here; if the
10658 // user has an explicit widening cast, we should treat the value as
10659 // being of the new, wider type.
10660 if (const auto *CE = dyn_cast<ImplicitCastExpr>(Val: E)) {
10661 if (CE->getCastKind() == CK_NoOp || CE->getCastKind() == CK_LValueToRValue)
10662 return TryGetExprRange(C, E: CE->getSubExpr(), MaxWidth, InConstantContext,
10663 Approximate);
10664
10665 IntRange OutputTypeRange = IntRange::forValueOfType(C, T: GetExprType(E: CE));
10666
10667 bool isIntegerCast = CE->getCastKind() == CK_IntegralCast ||
10668 CE->getCastKind() == CK_BooleanToSignedIntegral;
10669
10670 // Assume that non-integer casts can span the full range of the type.
10671 if (!isIntegerCast)
10672 return OutputTypeRange;
10673
10674 std::optional<IntRange> SubRange = TryGetExprRange(
10675 C, E: CE->getSubExpr(), MaxWidth: std::min(a: MaxWidth, b: OutputTypeRange.Width),
10676 InConstantContext, Approximate);
10677 if (!SubRange)
10678 return std::nullopt;
10679
10680 // Bail out if the subexpr's range is as wide as the cast type.
10681 if (SubRange->Width >= OutputTypeRange.Width)
10682 return OutputTypeRange;
10683
10684 // Otherwise, we take the smaller width, and we're non-negative if
10685 // either the output type or the subexpr is.
10686 return IntRange(SubRange->Width,
10687 SubRange->NonNegative || OutputTypeRange.NonNegative);
10688 }
10689
10690 if (const auto *CO = dyn_cast<ConditionalOperator>(Val: E)) {
10691 // If we can fold the condition, just take that operand.
10692 bool CondResult;
10693 if (CO->getCond()->EvaluateAsBooleanCondition(Result&: CondResult, Ctx: C))
10694 return TryGetExprRange(
10695 C, E: CondResult ? CO->getTrueExpr() : CO->getFalseExpr(), MaxWidth,
10696 InConstantContext, Approximate);
10697
10698 // Otherwise, conservatively merge.
10699 // TryGetExprRange requires an integer expression, but a throw expression
10700 // results in a void type.
10701 Expr *TrueExpr = CO->getTrueExpr();
10702 if (TrueExpr->getType()->isVoidType())
10703 return std::nullopt;
10704
10705 std::optional<IntRange> L =
10706 TryGetExprRange(C, E: TrueExpr, MaxWidth, InConstantContext, Approximate);
10707 if (!L)
10708 return std::nullopt;
10709
10710 Expr *FalseExpr = CO->getFalseExpr();
10711 if (FalseExpr->getType()->isVoidType())
10712 return std::nullopt;
10713
10714 std::optional<IntRange> R =
10715 TryGetExprRange(C, E: FalseExpr, MaxWidth, InConstantContext, Approximate);
10716 if (!R)
10717 return std::nullopt;
10718
10719 return IntRange::join(L: *L, R: *R);
10720 }
10721
10722 if (const auto *BO = dyn_cast<BinaryOperator>(Val: E)) {
10723 IntRange (*Combine)(IntRange, IntRange) = IntRange::join;
10724
10725 switch (BO->getOpcode()) {
10726 case BO_Cmp:
10727 llvm_unreachable("builtin <=> should have class type");
10728
10729 // Boolean-valued operations are single-bit and positive.
10730 case BO_LAnd:
10731 case BO_LOr:
10732 case BO_LT:
10733 case BO_GT:
10734 case BO_LE:
10735 case BO_GE:
10736 case BO_EQ:
10737 case BO_NE:
10738 return IntRange::forBoolType();
10739
10740 // The type of the assignments is the type of the LHS, so the RHS
10741 // is not necessarily the same type.
10742 case BO_MulAssign:
10743 case BO_DivAssign:
10744 case BO_RemAssign:
10745 case BO_AddAssign:
10746 case BO_SubAssign:
10747 case BO_XorAssign:
10748 case BO_OrAssign:
10749 // TODO: bitfields?
10750 return IntRange::forValueOfType(C, T: GetExprType(E));
10751
10752 // Simple assignments just pass through the RHS, which will have
10753 // been coerced to the LHS type.
10754 case BO_Assign:
10755 // TODO: bitfields?
10756 return TryGetExprRange(C, E: BO->getRHS(), MaxWidth, InConstantContext,
10757 Approximate);
10758
10759 // Operations with opaque sources are black-listed.
10760 case BO_PtrMemD:
10761 case BO_PtrMemI:
10762 return IntRange::forValueOfType(C, T: GetExprType(E));
10763
10764 // Bitwise-and uses the *infinum* of the two source ranges.
10765 case BO_And:
10766 case BO_AndAssign:
10767 Combine = IntRange::bit_and;
10768 break;
10769
10770 // Left shift gets black-listed based on a judgement call.
10771 case BO_Shl:
10772 // ...except that we want to treat '1 << (blah)' as logically
10773 // positive. It's an important idiom.
10774 if (IntegerLiteral *I
10775 = dyn_cast<IntegerLiteral>(Val: BO->getLHS()->IgnoreParenCasts())) {
10776 if (I->getValue() == 1) {
10777 IntRange R = IntRange::forValueOfType(C, T: GetExprType(E));
10778 return IntRange(R.Width, /*NonNegative*/ true);
10779 }
10780 }
10781 [[fallthrough]];
10782
10783 case BO_ShlAssign:
10784 return IntRange::forValueOfType(C, T: GetExprType(E));
10785
10786 // Right shift by a constant can narrow its left argument.
10787 case BO_Shr:
10788 case BO_ShrAssign: {
10789 std::optional<IntRange> L = TryGetExprRange(
10790 C, E: BO->getLHS(), MaxWidth, InConstantContext, Approximate);
10791 if (!L)
10792 return std::nullopt;
10793
10794 // If the shift amount is a positive constant, drop the width by
10795 // that much.
10796 if (std::optional<llvm::APSInt> shift =
10797 BO->getRHS()->getIntegerConstantExpr(Ctx: C)) {
10798 if (shift->isNonNegative()) {
10799 if (shift->uge(RHS: L->Width))
10800 L->Width = (L->NonNegative ? 0 : 1);
10801 else
10802 L->Width -= shift->getZExtValue();
10803 }
10804 }
10805
10806 return L;
10807 }
10808
10809 // Comma acts as its right operand.
10810 case BO_Comma:
10811 return TryGetExprRange(C, E: BO->getRHS(), MaxWidth, InConstantContext,
10812 Approximate);
10813
10814 case BO_Add:
10815 if (!Approximate)
10816 Combine = IntRange::sum;
10817 break;
10818
10819 case BO_Sub:
10820 if (BO->getLHS()->getType()->isPointerType())
10821 return IntRange::forValueOfType(C, T: GetExprType(E));
10822 if (!Approximate)
10823 Combine = IntRange::difference;
10824 break;
10825
10826 case BO_Mul:
10827 if (!Approximate)
10828 Combine = IntRange::product;
10829 break;
10830
10831 // The width of a division result is mostly determined by the size
10832 // of the LHS.
10833 case BO_Div: {
10834 // Don't 'pre-truncate' the operands.
10835 unsigned opWidth = C.getIntWidth(T: GetExprType(E));
10836 std::optional<IntRange> L = TryGetExprRange(
10837 C, E: BO->getLHS(), MaxWidth: opWidth, InConstantContext, Approximate);
10838 if (!L)
10839 return std::nullopt;
10840
10841 // If the divisor is constant, use that.
10842 if (std::optional<llvm::APSInt> divisor =
10843 BO->getRHS()->getIntegerConstantExpr(Ctx: C)) {
10844 unsigned log2 = divisor->logBase2(); // floor(log_2(divisor))
10845 if (log2 >= L->Width)
10846 L->Width = (L->NonNegative ? 0 : 1);
10847 else
10848 L->Width = std::min(a: L->Width - log2, b: MaxWidth);
10849 return L;
10850 }
10851
10852 // Otherwise, just use the LHS's width.
10853 // FIXME: This is wrong if the LHS could be its minimal value and the RHS
10854 // could be -1.
10855 std::optional<IntRange> R = TryGetExprRange(
10856 C, E: BO->getRHS(), MaxWidth: opWidth, InConstantContext, Approximate);
10857 if (!R)
10858 return std::nullopt;
10859
10860 return IntRange(L->Width, L->NonNegative && R->NonNegative);
10861 }
10862
10863 case BO_Rem:
10864 Combine = IntRange::rem;
10865 break;
10866
10867 // The default behavior is okay for these.
10868 case BO_Xor:
10869 case BO_Or:
10870 break;
10871 }
10872
10873 // Combine the two ranges, but limit the result to the type in which we
10874 // performed the computation.
10875 QualType T = GetExprType(E);
10876 unsigned opWidth = C.getIntWidth(T);
10877 std::optional<IntRange> L = TryGetExprRange(C, E: BO->getLHS(), MaxWidth: opWidth,
10878 InConstantContext, Approximate);
10879 if (!L)
10880 return std::nullopt;
10881
10882 std::optional<IntRange> R = TryGetExprRange(C, E: BO->getRHS(), MaxWidth: opWidth,
10883 InConstantContext, Approximate);
10884 if (!R)
10885 return std::nullopt;
10886
10887 IntRange C = Combine(*L, *R);
10888 C.NonNegative |= T->isUnsignedIntegerOrEnumerationType();
10889 C.Width = std::min(a: C.Width, b: MaxWidth);
10890 return C;
10891 }
10892
10893 if (const auto *UO = dyn_cast<UnaryOperator>(Val: E)) {
10894 switch (UO->getOpcode()) {
10895 // Boolean-valued operations are white-listed.
10896 case UO_LNot:
10897 return IntRange::forBoolType();
10898
10899 // Operations with opaque sources are black-listed.
10900 case UO_Deref:
10901 case UO_AddrOf: // should be impossible
10902 return IntRange::forValueOfType(C, T: GetExprType(E));
10903
10904 case UO_Minus: {
10905 if (E->getType()->isUnsignedIntegerType()) {
10906 return TryGetExprRange(C, E: UO->getSubExpr(), MaxWidth, InConstantContext,
10907 Approximate);
10908 }
10909
10910 std::optional<IntRange> SubRange = TryGetExprRange(
10911 C, E: UO->getSubExpr(), MaxWidth, InConstantContext, Approximate);
10912
10913 if (!SubRange)
10914 return std::nullopt;
10915
10916 // If the range was previously non-negative, we need an extra bit for the
10917 // sign bit. Otherwise, we need an extra bit because the negation of the
10918 // most-negative value is one bit wider than that value.
10919 return IntRange(std::min(a: SubRange->Width + 1, b: MaxWidth), false);
10920 }
10921
10922 case UO_Not: {
10923 if (E->getType()->isUnsignedIntegerType()) {
10924 return TryGetExprRange(C, E: UO->getSubExpr(), MaxWidth, InConstantContext,
10925 Approximate);
10926 }
10927
10928 std::optional<IntRange> SubRange = TryGetExprRange(
10929 C, E: UO->getSubExpr(), MaxWidth, InConstantContext, Approximate);
10930
10931 if (!SubRange)
10932 return std::nullopt;
10933
10934 // The width increments by 1 if the sub-expression cannot be negative
10935 // since it now can be.
10936 return IntRange(
10937 std::min(a: SubRange->Width + (int)SubRange->NonNegative, b: MaxWidth),
10938 false);
10939 }
10940
10941 default:
10942 return TryGetExprRange(C, E: UO->getSubExpr(), MaxWidth, InConstantContext,
10943 Approximate);
10944 }
10945 }
10946
10947 if (const auto *OVE = dyn_cast<OpaqueValueExpr>(Val: E))
10948 return TryGetExprRange(C, E: OVE->getSourceExpr(), MaxWidth, InConstantContext,
10949 Approximate);
10950
10951 if (const auto *BitField = E->getSourceBitField())
10952 return IntRange(BitField->getBitWidthValue(),
10953 BitField->getType()->isUnsignedIntegerOrEnumerationType());
10954
10955 if (GetExprType(E)->isVoidType())
10956 return std::nullopt;
10957
10958 return IntRange::forValueOfType(C, T: GetExprType(E));
10959}
10960
10961static std::optional<IntRange> TryGetExprRange(ASTContext &C, const Expr *E,
10962 bool InConstantContext,
10963 bool Approximate) {
10964 return TryGetExprRange(C, E, MaxWidth: C.getIntWidth(T: GetExprType(E)), InConstantContext,
10965 Approximate);
10966}
10967
10968/// Checks whether the given value, which currently has the given
10969/// source semantics, has the same value when coerced through the
10970/// target semantics.
10971static bool IsSameFloatAfterCast(const llvm::APFloat &value,
10972 const llvm::fltSemantics &Src,
10973 const llvm::fltSemantics &Tgt) {
10974 llvm::APFloat truncated = value;
10975
10976 bool ignored;
10977 truncated.convert(ToSemantics: Src, RM: llvm::APFloat::rmNearestTiesToEven, losesInfo: &ignored);
10978 truncated.convert(ToSemantics: Tgt, RM: llvm::APFloat::rmNearestTiesToEven, losesInfo: &ignored);
10979
10980 return truncated.bitwiseIsEqual(RHS: value);
10981}
10982
10983/// Checks whether the given value, which currently has the given
10984/// source semantics, has the same value when coerced through the
10985/// target semantics.
10986///
10987/// The value might be a vector of floats (or a complex number).
10988static bool IsSameFloatAfterCast(const APValue &value,
10989 const llvm::fltSemantics &Src,
10990 const llvm::fltSemantics &Tgt) {
10991 if (value.isFloat())
10992 return IsSameFloatAfterCast(value: value.getFloat(), Src, Tgt);
10993
10994 if (value.isVector()) {
10995 for (unsigned i = 0, e = value.getVectorLength(); i != e; ++i)
10996 if (!IsSameFloatAfterCast(value: value.getVectorElt(I: i), Src, Tgt))
10997 return false;
10998 return true;
10999 }
11000
11001 assert(value.isComplexFloat());
11002 return (IsSameFloatAfterCast(value: value.getComplexFloatReal(), Src, Tgt) &&
11003 IsSameFloatAfterCast(value: value.getComplexFloatImag(), Src, Tgt));
11004}
11005
11006static void AnalyzeImplicitConversions(Sema &S, Expr *E, SourceLocation CC,
11007 bool IsListInit = false);
11008
11009static bool IsEnumConstOrFromMacro(Sema &S, const Expr *E) {
11010 // Suppress cases where we are comparing against an enum constant.
11011 if (const auto *DR = dyn_cast<DeclRefExpr>(Val: E->IgnoreParenImpCasts()))
11012 if (isa<EnumConstantDecl>(Val: DR->getDecl()))
11013 return true;
11014
11015 // Suppress cases where the value is expanded from a macro, unless that macro
11016 // is how a language represents a boolean literal. This is the case in both C
11017 // and Objective-C.
11018 SourceLocation BeginLoc = E->getBeginLoc();
11019 if (BeginLoc.isMacroID()) {
11020 StringRef MacroName = Lexer::getImmediateMacroName(
11021 Loc: BeginLoc, SM: S.getSourceManager(), LangOpts: S.getLangOpts());
11022 return MacroName != "YES" && MacroName != "NO" &&
11023 MacroName != "true" && MacroName != "false";
11024 }
11025
11026 return false;
11027}
11028
11029static bool isKnownToHaveUnsignedValue(const Expr *E) {
11030 return E->getType()->isIntegerType() &&
11031 (!E->getType()->isSignedIntegerType() ||
11032 !E->IgnoreParenImpCasts()->getType()->isSignedIntegerType());
11033}
11034
11035namespace {
11036/// The promoted range of values of a type. In general this has the
11037/// following structure:
11038///
11039/// |-----------| . . . |-----------|
11040/// ^ ^ ^ ^
11041/// Min HoleMin HoleMax Max
11042///
11043/// ... where there is only a hole if a signed type is promoted to unsigned
11044/// (in which case Min and Max are the smallest and largest representable
11045/// values).
11046struct PromotedRange {
11047 // Min, or HoleMax if there is a hole.
11048 llvm::APSInt PromotedMin;
11049 // Max, or HoleMin if there is a hole.
11050 llvm::APSInt PromotedMax;
11051
11052 PromotedRange(IntRange R, unsigned BitWidth, bool Unsigned) {
11053 if (R.Width == 0)
11054 PromotedMin = PromotedMax = llvm::APSInt(BitWidth, Unsigned);
11055 else if (R.Width >= BitWidth && !Unsigned) {
11056 // Promotion made the type *narrower*. This happens when promoting
11057 // a < 32-bit unsigned / <= 32-bit signed bit-field to 'signed int'.
11058 // Treat all values of 'signed int' as being in range for now.
11059 PromotedMin = llvm::APSInt::getMinValue(numBits: BitWidth, Unsigned);
11060 PromotedMax = llvm::APSInt::getMaxValue(numBits: BitWidth, Unsigned);
11061 } else {
11062 PromotedMin = llvm::APSInt::getMinValue(numBits: R.Width, Unsigned: R.NonNegative)
11063 .extOrTrunc(width: BitWidth);
11064 PromotedMin.setIsUnsigned(Unsigned);
11065
11066 PromotedMax = llvm::APSInt::getMaxValue(numBits: R.Width, Unsigned: R.NonNegative)
11067 .extOrTrunc(width: BitWidth);
11068 PromotedMax.setIsUnsigned(Unsigned);
11069 }
11070 }
11071
11072 // Determine whether this range is contiguous (has no hole).
11073 bool isContiguous() const { return PromotedMin <= PromotedMax; }
11074
11075 // Where a constant value is within the range.
11076 enum ComparisonResult {
11077 LT = 0x1,
11078 LE = 0x2,
11079 GT = 0x4,
11080 GE = 0x8,
11081 EQ = 0x10,
11082 NE = 0x20,
11083 InRangeFlag = 0x40,
11084
11085 Less = LE | LT | NE,
11086 Min = LE | InRangeFlag,
11087 InRange = InRangeFlag,
11088 Max = GE | InRangeFlag,
11089 Greater = GE | GT | NE,
11090
11091 OnlyValue = LE | GE | EQ | InRangeFlag,
11092 InHole = NE
11093 };
11094
11095 ComparisonResult compare(const llvm::APSInt &Value) const {
11096 assert(Value.getBitWidth() == PromotedMin.getBitWidth() &&
11097 Value.isUnsigned() == PromotedMin.isUnsigned());
11098 if (!isContiguous()) {
11099 assert(Value.isUnsigned() && "discontiguous range for signed compare");
11100 if (Value.isMinValue()) return Min;
11101 if (Value.isMaxValue()) return Max;
11102 if (Value >= PromotedMin) return InRange;
11103 if (Value <= PromotedMax) return InRange;
11104 return InHole;
11105 }
11106
11107 switch (llvm::APSInt::compareValues(I1: Value, I2: PromotedMin)) {
11108 case -1: return Less;
11109 case 0: return PromotedMin == PromotedMax ? OnlyValue : Min;
11110 case 1:
11111 switch (llvm::APSInt::compareValues(I1: Value, I2: PromotedMax)) {
11112 case -1: return InRange;
11113 case 0: return Max;
11114 case 1: return Greater;
11115 }
11116 }
11117
11118 llvm_unreachable("impossible compare result");
11119 }
11120
11121 static std::optional<StringRef>
11122 constantValue(BinaryOperatorKind Op, ComparisonResult R, bool ConstantOnRHS) {
11123 if (Op == BO_Cmp) {
11124 ComparisonResult LTFlag = LT, GTFlag = GT;
11125 if (ConstantOnRHS) std::swap(a&: LTFlag, b&: GTFlag);
11126
11127 if (R & EQ) return StringRef("'std::strong_ordering::equal'");
11128 if (R & LTFlag) return StringRef("'std::strong_ordering::less'");
11129 if (R & GTFlag) return StringRef("'std::strong_ordering::greater'");
11130 return std::nullopt;
11131 }
11132
11133 ComparisonResult TrueFlag, FalseFlag;
11134 if (Op == BO_EQ) {
11135 TrueFlag = EQ;
11136 FalseFlag = NE;
11137 } else if (Op == BO_NE) {
11138 TrueFlag = NE;
11139 FalseFlag = EQ;
11140 } else {
11141 if ((Op == BO_LT || Op == BO_GE) ^ ConstantOnRHS) {
11142 TrueFlag = LT;
11143 FalseFlag = GE;
11144 } else {
11145 TrueFlag = GT;
11146 FalseFlag = LE;
11147 }
11148 if (Op == BO_GE || Op == BO_LE)
11149 std::swap(a&: TrueFlag, b&: FalseFlag);
11150 }
11151 if (R & TrueFlag)
11152 return StringRef("true");
11153 if (R & FalseFlag)
11154 return StringRef("false");
11155 return std::nullopt;
11156 }
11157};
11158}
11159
11160static bool HasEnumType(const Expr *E) {
11161 // Strip off implicit integral promotions.
11162 while (const auto *ICE = dyn_cast<ImplicitCastExpr>(Val: E)) {
11163 if (ICE->getCastKind() != CK_IntegralCast &&
11164 ICE->getCastKind() != CK_NoOp)
11165 break;
11166 E = ICE->getSubExpr();
11167 }
11168
11169 return E->getType()->isEnumeralType();
11170}
11171
11172static int classifyConstantValue(Expr *Constant) {
11173 // The values of this enumeration are used in the diagnostics
11174 // diag::warn_out_of_range_compare and diag::warn_tautological_bool_compare.
11175 enum ConstantValueKind {
11176 Miscellaneous = 0,
11177 LiteralTrue,
11178 LiteralFalse
11179 };
11180 if (auto *BL = dyn_cast<CXXBoolLiteralExpr>(Val: Constant))
11181 return BL->getValue() ? ConstantValueKind::LiteralTrue
11182 : ConstantValueKind::LiteralFalse;
11183 return ConstantValueKind::Miscellaneous;
11184}
11185
11186static bool CheckTautologicalComparison(Sema &S, BinaryOperator *E,
11187 Expr *Constant, Expr *Other,
11188 const llvm::APSInt &Value,
11189 bool RhsConstant) {
11190 if (S.inTemplateInstantiation())
11191 return false;
11192
11193 Expr *OriginalOther = Other;
11194
11195 Constant = Constant->IgnoreParenImpCasts();
11196 Other = Other->IgnoreParenImpCasts();
11197
11198 // Suppress warnings on tautological comparisons between values of the same
11199 // enumeration type. There are only two ways we could warn on this:
11200 // - If the constant is outside the range of representable values of
11201 // the enumeration. In such a case, we should warn about the cast
11202 // to enumeration type, not about the comparison.
11203 // - If the constant is the maximum / minimum in-range value. For an
11204 // enumeratin type, such comparisons can be meaningful and useful.
11205 if (Constant->getType()->isEnumeralType() &&
11206 S.Context.hasSameUnqualifiedType(T1: Constant->getType(), T2: Other->getType()))
11207 return false;
11208
11209 std::optional<IntRange> OtherValueRange = TryGetExprRange(
11210 C&: S.Context, E: Other, InConstantContext: S.isConstantEvaluatedContext(), /*Approximate=*/false);
11211 if (!OtherValueRange)
11212 return false;
11213
11214 QualType OtherT = Other->getType();
11215 if (const auto *AT = OtherT->getAs<AtomicType>())
11216 OtherT = AT->getValueType();
11217 IntRange OtherTypeRange = IntRange::forValueOfType(C&: S.Context, T: OtherT);
11218
11219 // Special case for ObjC BOOL on targets where its a typedef for a signed char
11220 // (Namely, macOS). FIXME: IntRange::forValueOfType should do this.
11221 bool IsObjCSignedCharBool = S.getLangOpts().ObjC &&
11222 S.ObjC().NSAPIObj->isObjCBOOLType(T: OtherT) &&
11223 OtherT->isSpecificBuiltinType(K: BuiltinType::SChar);
11224
11225 // Whether we're treating Other as being a bool because of the form of
11226 // expression despite it having another type (typically 'int' in C).
11227 bool OtherIsBooleanDespiteType =
11228 !OtherT->isBooleanType() && Other->isKnownToHaveBooleanValue();
11229 if (OtherIsBooleanDespiteType || IsObjCSignedCharBool)
11230 OtherTypeRange = *OtherValueRange = IntRange::forBoolType();
11231
11232 // Check if all values in the range of possible values of this expression
11233 // lead to the same comparison outcome.
11234 PromotedRange OtherPromotedValueRange(*OtherValueRange, Value.getBitWidth(),
11235 Value.isUnsigned());
11236 auto Cmp = OtherPromotedValueRange.compare(Value);
11237 auto Result = PromotedRange::constantValue(Op: E->getOpcode(), R: Cmp, ConstantOnRHS: RhsConstant);
11238 if (!Result)
11239 return false;
11240
11241 // Also consider the range determined by the type alone. This allows us to
11242 // classify the warning under the proper diagnostic group.
11243 bool TautologicalTypeCompare = false;
11244 {
11245 PromotedRange OtherPromotedTypeRange(OtherTypeRange, Value.getBitWidth(),
11246 Value.isUnsigned());
11247 auto TypeCmp = OtherPromotedTypeRange.compare(Value);
11248 if (auto TypeResult = PromotedRange::constantValue(Op: E->getOpcode(), R: TypeCmp,
11249 ConstantOnRHS: RhsConstant)) {
11250 TautologicalTypeCompare = true;
11251 Cmp = TypeCmp;
11252 Result = TypeResult;
11253 }
11254 }
11255
11256 // Don't warn if the non-constant operand actually always evaluates to the
11257 // same value.
11258 if (!TautologicalTypeCompare && OtherValueRange->Width == 0)
11259 return false;
11260
11261 // Suppress the diagnostic for an in-range comparison if the constant comes
11262 // from a macro or enumerator. We don't want to diagnose
11263 //
11264 // some_long_value <= INT_MAX
11265 //
11266 // when sizeof(int) == sizeof(long).
11267 bool InRange = Cmp & PromotedRange::InRangeFlag;
11268 if (InRange && IsEnumConstOrFromMacro(S, E: Constant))
11269 return false;
11270
11271 // A comparison of an unsigned bit-field against 0 is really a type problem,
11272 // even though at the type level the bit-field might promote to 'signed int'.
11273 if (Other->refersToBitField() && InRange && Value == 0 &&
11274 Other->getType()->isUnsignedIntegerOrEnumerationType())
11275 TautologicalTypeCompare = true;
11276
11277 // If this is a comparison to an enum constant, include that
11278 // constant in the diagnostic.
11279 const EnumConstantDecl *ED = nullptr;
11280 if (const auto *DR = dyn_cast<DeclRefExpr>(Val: Constant))
11281 ED = dyn_cast<EnumConstantDecl>(Val: DR->getDecl());
11282
11283 // Should be enough for uint128 (39 decimal digits)
11284 SmallString<64> PrettySourceValue;
11285 llvm::raw_svector_ostream OS(PrettySourceValue);
11286 if (ED) {
11287 OS << '\'' << *ED << "' (" << Value << ")";
11288 } else if (auto *BL = dyn_cast<ObjCBoolLiteralExpr>(
11289 Val: Constant->IgnoreParenImpCasts())) {
11290 OS << (BL->getValue() ? "YES" : "NO");
11291 } else {
11292 OS << Value;
11293 }
11294
11295 if (!TautologicalTypeCompare) {
11296 S.Diag(Loc: E->getOperatorLoc(), DiagID: diag::warn_tautological_compare_value_range)
11297 << RhsConstant << OtherValueRange->Width << OtherValueRange->NonNegative
11298 << E->getOpcodeStr() << OS.str() << *Result
11299 << E->getLHS()->getSourceRange() << E->getRHS()->getSourceRange();
11300 return true;
11301 }
11302
11303 if (IsObjCSignedCharBool) {
11304 S.DiagRuntimeBehavior(Loc: E->getOperatorLoc(), Statement: E,
11305 PD: S.PDiag(DiagID: diag::warn_tautological_compare_objc_bool)
11306 << OS.str() << *Result);
11307 return true;
11308 }
11309
11310 // FIXME: We use a somewhat different formatting for the in-range cases and
11311 // cases involving boolean values for historical reasons. We should pick a
11312 // consistent way of presenting these diagnostics.
11313 if (!InRange || Other->isKnownToHaveBooleanValue()) {
11314
11315 S.DiagRuntimeBehavior(
11316 Loc: E->getOperatorLoc(), Statement: E,
11317 PD: S.PDiag(DiagID: !InRange ? diag::warn_out_of_range_compare
11318 : diag::warn_tautological_bool_compare)
11319 << OS.str() << classifyConstantValue(Constant) << OtherT
11320 << OtherIsBooleanDespiteType << *Result
11321 << E->getLHS()->getSourceRange() << E->getRHS()->getSourceRange());
11322 } else {
11323 bool IsCharTy = OtherT.withoutLocalFastQualifiers() == S.Context.CharTy;
11324 unsigned Diag =
11325 (isKnownToHaveUnsignedValue(E: OriginalOther) && Value == 0)
11326 ? (HasEnumType(E: OriginalOther)
11327 ? diag::warn_unsigned_enum_always_true_comparison
11328 : IsCharTy ? diag::warn_unsigned_char_always_true_comparison
11329 : diag::warn_unsigned_always_true_comparison)
11330 : diag::warn_tautological_constant_compare;
11331
11332 S.Diag(Loc: E->getOperatorLoc(), DiagID: Diag)
11333 << RhsConstant << OtherT << E->getOpcodeStr() << OS.str() << *Result
11334 << E->getLHS()->getSourceRange() << E->getRHS()->getSourceRange();
11335 }
11336
11337 return true;
11338}
11339
11340/// Analyze the operands of the given comparison. Implements the
11341/// fallback case from AnalyzeComparison.
11342static void AnalyzeImpConvsInComparison(Sema &S, BinaryOperator *E) {
11343 AnalyzeImplicitConversions(S, E: E->getLHS(), CC: E->getOperatorLoc());
11344 AnalyzeImplicitConversions(S, E: E->getRHS(), CC: E->getOperatorLoc());
11345}
11346
11347/// Implements -Wsign-compare.
11348///
11349/// \param E the binary operator to check for warnings
11350static void AnalyzeComparison(Sema &S, BinaryOperator *E) {
11351 // The type the comparison is being performed in.
11352 QualType T = E->getLHS()->getType();
11353
11354 // Only analyze comparison operators where both sides have been converted to
11355 // the same type.
11356 if (!S.Context.hasSameUnqualifiedType(T1: T, T2: E->getRHS()->getType()))
11357 return AnalyzeImpConvsInComparison(S, E);
11358
11359 // Don't analyze value-dependent comparisons directly.
11360 if (E->isValueDependent())
11361 return AnalyzeImpConvsInComparison(S, E);
11362
11363 Expr *LHS = E->getLHS();
11364 Expr *RHS = E->getRHS();
11365
11366 if (T->isIntegralType(Ctx: S.Context)) {
11367 std::optional<llvm::APSInt> RHSValue =
11368 RHS->getIntegerConstantExpr(Ctx: S.Context);
11369 std::optional<llvm::APSInt> LHSValue =
11370 LHS->getIntegerConstantExpr(Ctx: S.Context);
11371
11372 // We don't care about expressions whose result is a constant.
11373 if (RHSValue && LHSValue)
11374 return AnalyzeImpConvsInComparison(S, E);
11375
11376 // We only care about expressions where just one side is literal
11377 if ((bool)RHSValue ^ (bool)LHSValue) {
11378 // Is the constant on the RHS or LHS?
11379 const bool RhsConstant = (bool)RHSValue;
11380 Expr *Const = RhsConstant ? RHS : LHS;
11381 Expr *Other = RhsConstant ? LHS : RHS;
11382 const llvm::APSInt &Value = RhsConstant ? *RHSValue : *LHSValue;
11383
11384 // Check whether an integer constant comparison results in a value
11385 // of 'true' or 'false'.
11386 if (CheckTautologicalComparison(S, E, Constant: Const, Other, Value, RhsConstant))
11387 return AnalyzeImpConvsInComparison(S, E);
11388 }
11389 }
11390
11391 if (!T->hasUnsignedIntegerRepresentation()) {
11392 // We don't do anything special if this isn't an unsigned integral
11393 // comparison: we're only interested in integral comparisons, and
11394 // signed comparisons only happen in cases we don't care to warn about.
11395 return AnalyzeImpConvsInComparison(S, E);
11396 }
11397
11398 LHS = LHS->IgnoreParenImpCasts();
11399 RHS = RHS->IgnoreParenImpCasts();
11400
11401 if (!S.getLangOpts().CPlusPlus) {
11402 // Avoid warning about comparison of integers with different signs when
11403 // RHS/LHS has a `typeof(E)` type whose sign is different from the sign of
11404 // the type of `E`.
11405 if (const auto *TET = dyn_cast<TypeOfExprType>(Val: LHS->getType()))
11406 LHS = TET->getUnderlyingExpr()->IgnoreParenImpCasts();
11407 if (const auto *TET = dyn_cast<TypeOfExprType>(Val: RHS->getType()))
11408 RHS = TET->getUnderlyingExpr()->IgnoreParenImpCasts();
11409 }
11410
11411 // Check to see if one of the (unmodified) operands is of different
11412 // signedness.
11413 Expr *signedOperand, *unsignedOperand;
11414 if (LHS->getType()->hasSignedIntegerRepresentation()) {
11415 assert(!RHS->getType()->hasSignedIntegerRepresentation() &&
11416 "unsigned comparison between two signed integer expressions?");
11417 signedOperand = LHS;
11418 unsignedOperand = RHS;
11419 } else if (RHS->getType()->hasSignedIntegerRepresentation()) {
11420 signedOperand = RHS;
11421 unsignedOperand = LHS;
11422 } else {
11423 return AnalyzeImpConvsInComparison(S, E);
11424 }
11425
11426 // Otherwise, calculate the effective range of the signed operand.
11427 std::optional<IntRange> signedRange =
11428 TryGetExprRange(C&: S.Context, E: signedOperand, InConstantContext: S.isConstantEvaluatedContext(),
11429 /*Approximate=*/true);
11430 if (!signedRange)
11431 return;
11432
11433 // Go ahead and analyze implicit conversions in the operands. Note
11434 // that we skip the implicit conversions on both sides.
11435 AnalyzeImplicitConversions(S, E: LHS, CC: E->getOperatorLoc());
11436 AnalyzeImplicitConversions(S, E: RHS, CC: E->getOperatorLoc());
11437
11438 // If the signed range is non-negative, -Wsign-compare won't fire.
11439 if (signedRange->NonNegative)
11440 return;
11441
11442 // For (in)equality comparisons, if the unsigned operand is a
11443 // constant which cannot collide with a overflowed signed operand,
11444 // then reinterpreting the signed operand as unsigned will not
11445 // change the result of the comparison.
11446 if (E->isEqualityOp()) {
11447 unsigned comparisonWidth = S.Context.getIntWidth(T);
11448 std::optional<IntRange> unsignedRange = TryGetExprRange(
11449 C&: S.Context, E: unsignedOperand, InConstantContext: S.isConstantEvaluatedContext(),
11450 /*Approximate=*/true);
11451 if (!unsignedRange)
11452 return;
11453
11454 // We should never be unable to prove that the unsigned operand is
11455 // non-negative.
11456 assert(unsignedRange->NonNegative && "unsigned range includes negative?");
11457
11458 if (unsignedRange->Width < comparisonWidth)
11459 return;
11460 }
11461
11462 S.DiagRuntimeBehavior(Loc: E->getOperatorLoc(), Statement: E,
11463 PD: S.PDiag(DiagID: diag::warn_mixed_sign_comparison)
11464 << LHS->getType() << RHS->getType()
11465 << LHS->getSourceRange() << RHS->getSourceRange());
11466}
11467
11468/// Analyzes an attempt to assign the given value to a bitfield.
11469///
11470/// Returns true if there was something fishy about the attempt.
11471static bool AnalyzeBitFieldAssignment(Sema &S, FieldDecl *Bitfield, Expr *Init,
11472 SourceLocation InitLoc) {
11473 assert(Bitfield->isBitField());
11474 if (Bitfield->isInvalidDecl())
11475 return false;
11476
11477 // White-list bool bitfields.
11478 QualType BitfieldType = Bitfield->getType();
11479 if (BitfieldType->isBooleanType())
11480 return false;
11481
11482 if (BitfieldType->isEnumeralType()) {
11483 EnumDecl *BitfieldEnumDecl = BitfieldType->castAs<EnumType>()->getDecl();
11484 // If the underlying enum type was not explicitly specified as an unsigned
11485 // type and the enum contain only positive values, MSVC++ will cause an
11486 // inconsistency by storing this as a signed type.
11487 if (S.getLangOpts().CPlusPlus11 &&
11488 !BitfieldEnumDecl->getIntegerTypeSourceInfo() &&
11489 BitfieldEnumDecl->getNumPositiveBits() > 0 &&
11490 BitfieldEnumDecl->getNumNegativeBits() == 0) {
11491 S.Diag(Loc: InitLoc, DiagID: diag::warn_no_underlying_type_specified_for_enum_bitfield)
11492 << BitfieldEnumDecl;
11493 }
11494 }
11495
11496 // Ignore value- or type-dependent expressions.
11497 if (Bitfield->getBitWidth()->isValueDependent() ||
11498 Bitfield->getBitWidth()->isTypeDependent() ||
11499 Init->isValueDependent() ||
11500 Init->isTypeDependent())
11501 return false;
11502
11503 Expr *OriginalInit = Init->IgnoreParenImpCasts();
11504 unsigned FieldWidth = Bitfield->getBitWidthValue();
11505
11506 Expr::EvalResult Result;
11507 if (!OriginalInit->EvaluateAsInt(Result, Ctx: S.Context,
11508 AllowSideEffects: Expr::SE_AllowSideEffects)) {
11509 // The RHS is not constant. If the RHS has an enum type, make sure the
11510 // bitfield is wide enough to hold all the values of the enum without
11511 // truncation.
11512 const auto *EnumTy = OriginalInit->getType()->getAs<EnumType>();
11513 const PreferredTypeAttr *PTAttr = nullptr;
11514 if (!EnumTy) {
11515 PTAttr = Bitfield->getAttr<PreferredTypeAttr>();
11516 if (PTAttr)
11517 EnumTy = PTAttr->getType()->getAs<EnumType>();
11518 }
11519 if (EnumTy) {
11520 EnumDecl *ED = EnumTy->getDecl();
11521 bool SignedBitfield = BitfieldType->isSignedIntegerOrEnumerationType();
11522
11523 // Enum types are implicitly signed on Windows, so check if there are any
11524 // negative enumerators to see if the enum was intended to be signed or
11525 // not.
11526 bool SignedEnum = ED->getNumNegativeBits() > 0;
11527
11528 // Check for surprising sign changes when assigning enum values to a
11529 // bitfield of different signedness. If the bitfield is signed and we
11530 // have exactly the right number of bits to store this unsigned enum,
11531 // suggest changing the enum to an unsigned type. This typically happens
11532 // on Windows where unfixed enums always use an underlying type of 'int'.
11533 unsigned DiagID = 0;
11534 if (SignedEnum && !SignedBitfield) {
11535 DiagID =
11536 PTAttr == nullptr
11537 ? diag::warn_unsigned_bitfield_assigned_signed_enum
11538 : diag::
11539 warn_preferred_type_unsigned_bitfield_assigned_signed_enum;
11540 } else if (SignedBitfield && !SignedEnum &&
11541 ED->getNumPositiveBits() == FieldWidth) {
11542 DiagID =
11543 PTAttr == nullptr
11544 ? diag::warn_signed_bitfield_enum_conversion
11545 : diag::warn_preferred_type_signed_bitfield_enum_conversion;
11546 }
11547 if (DiagID) {
11548 S.Diag(Loc: InitLoc, DiagID) << Bitfield << ED;
11549 TypeSourceInfo *TSI = Bitfield->getTypeSourceInfo();
11550 SourceRange TypeRange =
11551 TSI ? TSI->getTypeLoc().getSourceRange() : SourceRange();
11552 S.Diag(Loc: Bitfield->getTypeSpecStartLoc(), DiagID: diag::note_change_bitfield_sign)
11553 << SignedEnum << TypeRange;
11554 if (PTAttr)
11555 S.Diag(Loc: PTAttr->getLocation(), DiagID: diag::note_bitfield_preferred_type)
11556 << ED;
11557 }
11558
11559 // Compute the required bitwidth. If the enum has negative values, we need
11560 // one more bit than the normal number of positive bits to represent the
11561 // sign bit.
11562 unsigned BitsNeeded = SignedEnum ? std::max(a: ED->getNumPositiveBits() + 1,
11563 b: ED->getNumNegativeBits())
11564 : ED->getNumPositiveBits();
11565
11566 // Check the bitwidth.
11567 if (BitsNeeded > FieldWidth) {
11568 Expr *WidthExpr = Bitfield->getBitWidth();
11569 auto DiagID =
11570 PTAttr == nullptr
11571 ? diag::warn_bitfield_too_small_for_enum
11572 : diag::warn_preferred_type_bitfield_too_small_for_enum;
11573 S.Diag(Loc: InitLoc, DiagID) << Bitfield << ED;
11574 S.Diag(Loc: WidthExpr->getExprLoc(), DiagID: diag::note_widen_bitfield)
11575 << BitsNeeded << ED << WidthExpr->getSourceRange();
11576 if (PTAttr)
11577 S.Diag(Loc: PTAttr->getLocation(), DiagID: diag::note_bitfield_preferred_type)
11578 << ED;
11579 }
11580 }
11581
11582 return false;
11583 }
11584
11585 llvm::APSInt Value = Result.Val.getInt();
11586
11587 unsigned OriginalWidth = Value.getBitWidth();
11588
11589 // In C, the macro 'true' from stdbool.h will evaluate to '1'; To reduce
11590 // false positives where the user is demonstrating they intend to use the
11591 // bit-field as a Boolean, check to see if the value is 1 and we're assigning
11592 // to a one-bit bit-field to see if the value came from a macro named 'true'.
11593 bool OneAssignedToOneBitBitfield = FieldWidth == 1 && Value == 1;
11594 if (OneAssignedToOneBitBitfield && !S.LangOpts.CPlusPlus) {
11595 SourceLocation MaybeMacroLoc = OriginalInit->getBeginLoc();
11596 if (S.SourceMgr.isInSystemMacro(loc: MaybeMacroLoc) &&
11597 S.findMacroSpelling(loc&: MaybeMacroLoc, name: "true"))
11598 return false;
11599 }
11600
11601 if (!Value.isSigned() || Value.isNegative())
11602 if (UnaryOperator *UO = dyn_cast<UnaryOperator>(Val: OriginalInit))
11603 if (UO->getOpcode() == UO_Minus || UO->getOpcode() == UO_Not)
11604 OriginalWidth = Value.getSignificantBits();
11605
11606 if (OriginalWidth <= FieldWidth)
11607 return false;
11608
11609 // Compute the value which the bitfield will contain.
11610 llvm::APSInt TruncatedValue = Value.trunc(width: FieldWidth);
11611 TruncatedValue.setIsSigned(BitfieldType->isSignedIntegerType());
11612
11613 // Check whether the stored value is equal to the original value.
11614 TruncatedValue = TruncatedValue.extend(width: OriginalWidth);
11615 if (llvm::APSInt::isSameValue(I1: Value, I2: TruncatedValue))
11616 return false;
11617
11618 std::string PrettyValue = toString(I: Value, Radix: 10);
11619 std::string PrettyTrunc = toString(I: TruncatedValue, Radix: 10);
11620
11621 S.Diag(Loc: InitLoc, DiagID: OneAssignedToOneBitBitfield
11622 ? diag::warn_impcast_single_bit_bitield_precision_constant
11623 : diag::warn_impcast_bitfield_precision_constant)
11624 << PrettyValue << PrettyTrunc << OriginalInit->getType()
11625 << Init->getSourceRange();
11626
11627 return true;
11628}
11629
11630/// Analyze the given simple or compound assignment for warning-worthy
11631/// operations.
11632static void AnalyzeAssignment(Sema &S, BinaryOperator *E) {
11633 // Just recurse on the LHS.
11634 AnalyzeImplicitConversions(S, E: E->getLHS(), CC: E->getOperatorLoc());
11635
11636 // We want to recurse on the RHS as normal unless we're assigning to
11637 // a bitfield.
11638 if (FieldDecl *Bitfield = E->getLHS()->getSourceBitField()) {
11639 if (AnalyzeBitFieldAssignment(S, Bitfield, Init: E->getRHS(),
11640 InitLoc: E->getOperatorLoc())) {
11641 // Recurse, ignoring any implicit conversions on the RHS.
11642 return AnalyzeImplicitConversions(S, E: E->getRHS()->IgnoreParenImpCasts(),
11643 CC: E->getOperatorLoc());
11644 }
11645 }
11646
11647 AnalyzeImplicitConversions(S, E: E->getRHS(), CC: E->getOperatorLoc());
11648
11649 // Diagnose implicitly sequentially-consistent atomic assignment.
11650 if (E->getLHS()->getType()->isAtomicType())
11651 S.Diag(Loc: E->getRHS()->getBeginLoc(), DiagID: diag::warn_atomic_implicit_seq_cst);
11652}
11653
11654/// Diagnose an implicit cast; purely a helper for CheckImplicitConversion.
11655static void DiagnoseImpCast(Sema &S, const Expr *E, QualType SourceType,
11656 QualType T, SourceLocation CContext, unsigned diag,
11657 bool PruneControlFlow = false) {
11658 // For languages like HLSL and OpenCL, implicit conversion diagnostics listing
11659 // address space annotations isn't really useful. The warnings aren't because
11660 // you're converting a `private int` to `unsigned int`, it is because you're
11661 // conerting `int` to `unsigned int`.
11662 if (SourceType.hasAddressSpace())
11663 SourceType = S.getASTContext().removeAddrSpaceQualType(T: SourceType);
11664 if (T.hasAddressSpace())
11665 T = S.getASTContext().removeAddrSpaceQualType(T);
11666 if (PruneControlFlow) {
11667 S.DiagRuntimeBehavior(Loc: E->getExprLoc(), Statement: E,
11668 PD: S.PDiag(DiagID: diag)
11669 << SourceType << T << E->getSourceRange()
11670 << SourceRange(CContext));
11671 return;
11672 }
11673 S.Diag(Loc: E->getExprLoc(), DiagID: diag)
11674 << SourceType << T << E->getSourceRange() << SourceRange(CContext);
11675}
11676
11677/// Diagnose an implicit cast; purely a helper for CheckImplicitConversion.
11678static void DiagnoseImpCast(Sema &S, const Expr *E, QualType T,
11679 SourceLocation CContext, unsigned diag,
11680 bool PruneControlFlow = false) {
11681 DiagnoseImpCast(S, E, SourceType: E->getType(), T, CContext, diag, PruneControlFlow);
11682}
11683
11684/// Diagnose an implicit cast from a floating point value to an integer value.
11685static void DiagnoseFloatingImpCast(Sema &S, const Expr *E, QualType T,
11686 SourceLocation CContext) {
11687 bool IsBool = T->isSpecificBuiltinType(K: BuiltinType::Bool);
11688 bool PruneWarnings = S.inTemplateInstantiation();
11689
11690 const Expr *InnerE = E->IgnoreParenImpCasts();
11691 // We also want to warn on, e.g., "int i = -1.234"
11692 if (const auto *UOp = dyn_cast<UnaryOperator>(Val: InnerE))
11693 if (UOp->getOpcode() == UO_Minus || UOp->getOpcode() == UO_Plus)
11694 InnerE = UOp->getSubExpr()->IgnoreParenImpCasts();
11695
11696 bool IsLiteral = isa<FloatingLiteral>(Val: E) || isa<FloatingLiteral>(Val: InnerE);
11697
11698 llvm::APFloat Value(0.0);
11699 bool IsConstant =
11700 E->EvaluateAsFloat(Result&: Value, Ctx: S.Context, AllowSideEffects: Expr::SE_AllowSideEffects);
11701 if (!IsConstant) {
11702 if (S.ObjC().isSignedCharBool(Ty: T)) {
11703 return S.ObjC().adornBoolConversionDiagWithTernaryFixit(
11704 SourceExpr: E, Builder: S.Diag(Loc: CContext, DiagID: diag::warn_impcast_float_to_objc_signed_char_bool)
11705 << E->getType());
11706 }
11707
11708 return DiagnoseImpCast(S, E, T, CContext,
11709 diag: diag::warn_impcast_float_integer, PruneControlFlow: PruneWarnings);
11710 }
11711
11712 bool isExact = false;
11713
11714 llvm::APSInt IntegerValue(S.Context.getIntWidth(T),
11715 T->hasUnsignedIntegerRepresentation());
11716 llvm::APFloat::opStatus Result = Value.convertToInteger(
11717 Result&: IntegerValue, RM: llvm::APFloat::rmTowardZero, IsExact: &isExact);
11718
11719 // FIXME: Force the precision of the source value down so we don't print
11720 // digits which are usually useless (we don't really care here if we
11721 // truncate a digit by accident in edge cases). Ideally, APFloat::toString
11722 // would automatically print the shortest representation, but it's a bit
11723 // tricky to implement.
11724 SmallString<16> PrettySourceValue;
11725 unsigned precision = llvm::APFloat::semanticsPrecision(Value.getSemantics());
11726 precision = (precision * 59 + 195) / 196;
11727 Value.toString(Str&: PrettySourceValue, FormatPrecision: precision);
11728
11729 if (S.ObjC().isSignedCharBool(Ty: T) && IntegerValue != 0 && IntegerValue != 1) {
11730 return S.ObjC().adornBoolConversionDiagWithTernaryFixit(
11731 SourceExpr: E, Builder: S.Diag(Loc: CContext, DiagID: diag::warn_impcast_constant_value_to_objc_bool)
11732 << PrettySourceValue);
11733 }
11734
11735 if (Result == llvm::APFloat::opOK && isExact) {
11736 if (IsLiteral) return;
11737 return DiagnoseImpCast(S, E, T, CContext, diag: diag::warn_impcast_float_integer,
11738 PruneControlFlow: PruneWarnings);
11739 }
11740
11741 // Conversion of a floating-point value to a non-bool integer where the
11742 // integral part cannot be represented by the integer type is undefined.
11743 if (!IsBool && Result == llvm::APFloat::opInvalidOp)
11744 return DiagnoseImpCast(
11745 S, E, T, CContext,
11746 diag: IsLiteral ? diag::warn_impcast_literal_float_to_integer_out_of_range
11747 : diag::warn_impcast_float_to_integer_out_of_range,
11748 PruneControlFlow: PruneWarnings);
11749
11750 unsigned DiagID = 0;
11751 if (IsLiteral) {
11752 // Warn on floating point literal to integer.
11753 DiagID = diag::warn_impcast_literal_float_to_integer;
11754 } else if (IntegerValue == 0) {
11755 if (Value.isZero()) { // Skip -0.0 to 0 conversion.
11756 return DiagnoseImpCast(S, E, T, CContext,
11757 diag: diag::warn_impcast_float_integer, PruneControlFlow: PruneWarnings);
11758 }
11759 // Warn on non-zero to zero conversion.
11760 DiagID = diag::warn_impcast_float_to_integer_zero;
11761 } else {
11762 if (IntegerValue.isUnsigned()) {
11763 if (!IntegerValue.isMaxValue()) {
11764 return DiagnoseImpCast(S, E, T, CContext,
11765 diag: diag::warn_impcast_float_integer, PruneControlFlow: PruneWarnings);
11766 }
11767 } else { // IntegerValue.isSigned()
11768 if (!IntegerValue.isMaxSignedValue() &&
11769 !IntegerValue.isMinSignedValue()) {
11770 return DiagnoseImpCast(S, E, T, CContext,
11771 diag: diag::warn_impcast_float_integer, PruneControlFlow: PruneWarnings);
11772 }
11773 }
11774 // Warn on evaluatable floating point expression to integer conversion.
11775 DiagID = diag::warn_impcast_float_to_integer;
11776 }
11777
11778 SmallString<16> PrettyTargetValue;
11779 if (IsBool)
11780 PrettyTargetValue = Value.isZero() ? "false" : "true";
11781 else
11782 IntegerValue.toString(Str&: PrettyTargetValue);
11783
11784 if (PruneWarnings) {
11785 S.DiagRuntimeBehavior(Loc: E->getExprLoc(), Statement: E,
11786 PD: S.PDiag(DiagID)
11787 << E->getType() << T.getUnqualifiedType()
11788 << PrettySourceValue << PrettyTargetValue
11789 << E->getSourceRange() << SourceRange(CContext));
11790 } else {
11791 S.Diag(Loc: E->getExprLoc(), DiagID)
11792 << E->getType() << T.getUnqualifiedType() << PrettySourceValue
11793 << PrettyTargetValue << E->getSourceRange() << SourceRange(CContext);
11794 }
11795}
11796
11797/// Analyze the given compound assignment for the possible losing of
11798/// floating-point precision.
11799static void AnalyzeCompoundAssignment(Sema &S, BinaryOperator *E) {
11800 assert(isa<CompoundAssignOperator>(E) &&
11801 "Must be compound assignment operation");
11802 // Recurse on the LHS and RHS in here
11803 AnalyzeImplicitConversions(S, E: E->getLHS(), CC: E->getOperatorLoc());
11804 AnalyzeImplicitConversions(S, E: E->getRHS(), CC: E->getOperatorLoc());
11805
11806 if (E->getLHS()->getType()->isAtomicType())
11807 S.Diag(Loc: E->getOperatorLoc(), DiagID: diag::warn_atomic_implicit_seq_cst);
11808
11809 // Now check the outermost expression
11810 const auto *ResultBT = E->getLHS()->getType()->getAs<BuiltinType>();
11811 const auto *RBT = cast<CompoundAssignOperator>(Val: E)
11812 ->getComputationResultType()
11813 ->getAs<BuiltinType>();
11814
11815 // The below checks assume source is floating point.
11816 if (!ResultBT || !RBT || !RBT->isFloatingPoint()) return;
11817
11818 // If source is floating point but target is an integer.
11819 if (ResultBT->isInteger())
11820 return DiagnoseImpCast(S, E, SourceType: E->getRHS()->getType(), T: E->getLHS()->getType(),
11821 CContext: E->getExprLoc(), diag: diag::warn_impcast_float_integer);
11822
11823 if (!ResultBT->isFloatingPoint())
11824 return;
11825
11826 // If both source and target are floating points, warn about losing precision.
11827 int Order = S.getASTContext().getFloatingTypeSemanticOrder(
11828 LHS: QualType(ResultBT, 0), RHS: QualType(RBT, 0));
11829 if (Order < 0 && !S.SourceMgr.isInSystemMacro(loc: E->getOperatorLoc()))
11830 // warn about dropping FP rank.
11831 DiagnoseImpCast(S, E: E->getRHS(), T: E->getLHS()->getType(), CContext: E->getOperatorLoc(),
11832 diag: diag::warn_impcast_float_result_precision);
11833}
11834
11835static std::string PrettyPrintInRange(const llvm::APSInt &Value,
11836 IntRange Range) {
11837 if (!Range.Width) return "0";
11838
11839 llvm::APSInt ValueInRange = Value;
11840 ValueInRange.setIsSigned(!Range.NonNegative);
11841 ValueInRange = ValueInRange.trunc(width: Range.Width);
11842 return toString(I: ValueInRange, Radix: 10);
11843}
11844
11845static bool IsImplicitBoolFloatConversion(Sema &S, const Expr *Ex,
11846 bool ToBool) {
11847 if (!isa<ImplicitCastExpr>(Val: Ex))
11848 return false;
11849
11850 const Expr *InnerE = Ex->IgnoreParenImpCasts();
11851 const Type *Target = S.Context.getCanonicalType(T: Ex->getType()).getTypePtr();
11852 const Type *Source =
11853 S.Context.getCanonicalType(T: InnerE->getType()).getTypePtr();
11854 if (Target->isDependentType())
11855 return false;
11856
11857 const auto *FloatCandidateBT =
11858 dyn_cast<BuiltinType>(Val: ToBool ? Source : Target);
11859 const Type *BoolCandidateType = ToBool ? Target : Source;
11860
11861 return (BoolCandidateType->isSpecificBuiltinType(K: BuiltinType::Bool) &&
11862 FloatCandidateBT && (FloatCandidateBT->isFloatingPoint()));
11863}
11864
11865static void CheckImplicitArgumentConversions(Sema &S, const CallExpr *TheCall,
11866 SourceLocation CC) {
11867 for (unsigned I = 0, N = TheCall->getNumArgs(); I < N; ++I) {
11868 const Expr *CurrA = TheCall->getArg(Arg: I);
11869 if (!IsImplicitBoolFloatConversion(S, Ex: CurrA, ToBool: true))
11870 continue;
11871
11872 bool IsSwapped = ((I > 0) && IsImplicitBoolFloatConversion(
11873 S, Ex: TheCall->getArg(Arg: I - 1), ToBool: false));
11874 IsSwapped |= ((I < (N - 1)) && IsImplicitBoolFloatConversion(
11875 S, Ex: TheCall->getArg(Arg: I + 1), ToBool: false));
11876 if (IsSwapped) {
11877 // Warn on this floating-point to bool conversion.
11878 DiagnoseImpCast(S, E: CurrA->IgnoreParenImpCasts(),
11879 T: CurrA->getType(), CContext: CC,
11880 diag: diag::warn_impcast_floating_point_to_bool);
11881 }
11882 }
11883}
11884
11885static void DiagnoseNullConversion(Sema &S, Expr *E, QualType T,
11886 SourceLocation CC) {
11887 // Don't warn on functions which have return type nullptr_t.
11888 if (isa<CallExpr>(Val: E))
11889 return;
11890
11891 // Check for NULL (GNUNull) or nullptr (CXX11_nullptr).
11892 const Expr *NewE = E->IgnoreParenImpCasts();
11893 bool IsGNUNullExpr = isa<GNUNullExpr>(Val: NewE);
11894 bool HasNullPtrType = NewE->getType()->isNullPtrType();
11895 if (!IsGNUNullExpr && !HasNullPtrType)
11896 return;
11897
11898 // Return if target type is a safe conversion.
11899 if (T->isAnyPointerType() || T->isBlockPointerType() ||
11900 T->isMemberPointerType() || !T->isScalarType() || T->isNullPtrType())
11901 return;
11902
11903 if (S.Diags.isIgnored(DiagID: diag::warn_impcast_null_pointer_to_integer,
11904 Loc: E->getExprLoc()))
11905 return;
11906
11907 SourceLocation Loc = E->getSourceRange().getBegin();
11908
11909 // Venture through the macro stacks to get to the source of macro arguments.
11910 // The new location is a better location than the complete location that was
11911 // passed in.
11912 Loc = S.SourceMgr.getTopMacroCallerLoc(Loc);
11913 CC = S.SourceMgr.getTopMacroCallerLoc(Loc: CC);
11914
11915 // __null is usually wrapped in a macro. Go up a macro if that is the case.
11916 if (IsGNUNullExpr && Loc.isMacroID()) {
11917 StringRef MacroName = Lexer::getImmediateMacroNameForDiagnostics(
11918 Loc, SM: S.SourceMgr, LangOpts: S.getLangOpts());
11919 if (MacroName == "NULL")
11920 Loc = S.SourceMgr.getImmediateExpansionRange(Loc).getBegin();
11921 }
11922
11923 // Only warn if the null and context location are in the same macro expansion.
11924 if (S.SourceMgr.getFileID(SpellingLoc: Loc) != S.SourceMgr.getFileID(SpellingLoc: CC))
11925 return;
11926
11927 S.Diag(Loc, DiagID: diag::warn_impcast_null_pointer_to_integer)
11928 << HasNullPtrType << T << SourceRange(CC)
11929 << FixItHint::CreateReplacement(RemoveRange: Loc,
11930 Code: S.getFixItZeroLiteralForType(T, Loc));
11931}
11932
11933// Helper function to filter out cases for constant width constant conversion.
11934// Don't warn on char array initialization or for non-decimal values.
11935static bool isSameWidthConstantConversion(Sema &S, Expr *E, QualType T,
11936 SourceLocation CC) {
11937 // If initializing from a constant, and the constant starts with '0',
11938 // then it is a binary, octal, or hexadecimal. Allow these constants
11939 // to fill all the bits, even if there is a sign change.
11940 if (auto *IntLit = dyn_cast<IntegerLiteral>(Val: E->IgnoreParenImpCasts())) {
11941 const char FirstLiteralCharacter =
11942 S.getSourceManager().getCharacterData(SL: IntLit->getBeginLoc())[0];
11943 if (FirstLiteralCharacter == '0')
11944 return false;
11945 }
11946
11947 // If the CC location points to a '{', and the type is char, then assume
11948 // assume it is an array initialization.
11949 if (CC.isValid() && T->isCharType()) {
11950 const char FirstContextCharacter =
11951 S.getSourceManager().getCharacterData(SL: CC)[0];
11952 if (FirstContextCharacter == '{')
11953 return false;
11954 }
11955
11956 return true;
11957}
11958
11959static const IntegerLiteral *getIntegerLiteral(Expr *E) {
11960 const auto *IL = dyn_cast<IntegerLiteral>(Val: E);
11961 if (!IL) {
11962 if (auto *UO = dyn_cast<UnaryOperator>(Val: E)) {
11963 if (UO->getOpcode() == UO_Minus)
11964 return dyn_cast<IntegerLiteral>(Val: UO->getSubExpr());
11965 }
11966 }
11967
11968 return IL;
11969}
11970
11971static void DiagnoseIntInBoolContext(Sema &S, Expr *E) {
11972 E = E->IgnoreParenImpCasts();
11973 SourceLocation ExprLoc = E->getExprLoc();
11974
11975 if (const auto *BO = dyn_cast<BinaryOperator>(Val: E)) {
11976 BinaryOperator::Opcode Opc = BO->getOpcode();
11977 Expr::EvalResult Result;
11978 // Do not diagnose unsigned shifts.
11979 if (Opc == BO_Shl) {
11980 const auto *LHS = getIntegerLiteral(E: BO->getLHS());
11981 const auto *RHS = getIntegerLiteral(E: BO->getRHS());
11982 if (LHS && LHS->getValue() == 0)
11983 S.Diag(Loc: ExprLoc, DiagID: diag::warn_left_shift_always) << 0;
11984 else if (!E->isValueDependent() && LHS && RHS &&
11985 RHS->getValue().isNonNegative() &&
11986 E->EvaluateAsInt(Result, Ctx: S.Context, AllowSideEffects: Expr::SE_AllowSideEffects))
11987 S.Diag(Loc: ExprLoc, DiagID: diag::warn_left_shift_always)
11988 << (Result.Val.getInt() != 0);
11989 else if (E->getType()->isSignedIntegerType())
11990 S.Diag(Loc: ExprLoc, DiagID: diag::warn_left_shift_in_bool_context)
11991 << FixItHint::CreateInsertion(InsertionLoc: E->getBeginLoc(), Code: "(")
11992 << FixItHint::CreateInsertion(InsertionLoc: S.getLocForEndOfToken(Loc: E->getEndLoc()),
11993 Code: ") != 0");
11994 }
11995 }
11996
11997 if (const auto *CO = dyn_cast<ConditionalOperator>(Val: E)) {
11998 const auto *LHS = getIntegerLiteral(E: CO->getTrueExpr());
11999 const auto *RHS = getIntegerLiteral(E: CO->getFalseExpr());
12000 if (!LHS || !RHS)
12001 return;
12002 if ((LHS->getValue() == 0 || LHS->getValue() == 1) &&
12003 (RHS->getValue() == 0 || RHS->getValue() == 1))
12004 // Do not diagnose common idioms.
12005 return;
12006 if (LHS->getValue() != 0 && RHS->getValue() != 0)
12007 S.Diag(Loc: ExprLoc, DiagID: diag::warn_integer_constants_in_conditional_always_true);
12008 }
12009}
12010
12011static void DiagnoseMixedUnicodeImplicitConversion(Sema &S, const Type *Source,
12012 const Type *Target, Expr *E,
12013 QualType T,
12014 SourceLocation CC) {
12015 assert(Source->isUnicodeCharacterType() && Target->isUnicodeCharacterType() &&
12016 Source != Target);
12017 Expr::EvalResult Result;
12018 if (E->EvaluateAsInt(Result, Ctx: S.getASTContext(), AllowSideEffects: Expr::SE_AllowSideEffects,
12019 InConstantContext: S.isConstantEvaluatedContext())) {
12020 llvm::APSInt Value(32);
12021 Value = Result.Val.getInt();
12022 bool IsASCII = Value <= 0x7F;
12023 bool IsBMP = Value <= 0xD7FF || (Value >= 0xE000 && Value <= 0xFFFF);
12024 bool ConversionPreservesSemantics =
12025 IsASCII || (!Source->isChar8Type() && !Target->isChar8Type() && IsBMP);
12026
12027 if (!ConversionPreservesSemantics) {
12028 auto IsSingleCodeUnitCP = [](const QualType &T,
12029 const llvm::APSInt &Value) {
12030 if (T->isChar8Type())
12031 return llvm::IsSingleCodeUnitUTF8Codepoint(Value.getExtValue());
12032 if (T->isChar16Type())
12033 return llvm::IsSingleCodeUnitUTF16Codepoint(Value.getExtValue());
12034 assert(T->isChar32Type());
12035 return llvm::IsSingleCodeUnitUTF32Codepoint(Value.getExtValue());
12036 };
12037
12038 S.Diag(Loc: CC, DiagID: diag::warn_impcast_unicode_char_type_constant)
12039 << E->getType() << T
12040 << IsSingleCodeUnitCP(E->getType().getUnqualifiedType(), Value)
12041 << FormatUTFCodeUnitAsCodepoint(Value: Value.getExtValue(), T: E->getType());
12042 }
12043 } else {
12044 bool LosesPrecision = S.getASTContext().getIntWidth(T: E->getType()) >
12045 S.getASTContext().getIntWidth(T);
12046 DiagnoseImpCast(S, E, T, CContext: CC,
12047 diag: LosesPrecision ? diag::warn_impcast_unicode_precision
12048 : diag::warn_impcast_unicode_char_type);
12049 }
12050}
12051
12052enum CFIUncheckedCalleeChange {
12053 None,
12054 Adding,
12055 Discarding,
12056};
12057
12058static CFIUncheckedCalleeChange AdjustingCFIUncheckedCallee(QualType From,
12059 QualType To) {
12060 QualType MaybePointee = From->getPointeeType();
12061 if (!MaybePointee.isNull() && MaybePointee->getAs<FunctionType>())
12062 From = MaybePointee;
12063 MaybePointee = To->getPointeeType();
12064 if (!MaybePointee.isNull() && MaybePointee->getAs<FunctionType>())
12065 To = MaybePointee;
12066
12067 if (const auto *FromFn = From->getAs<FunctionType>()) {
12068 if (const auto *ToFn = To->getAs<FunctionType>()) {
12069 if (FromFn->getCFIUncheckedCalleeAttr() &&
12070 !ToFn->getCFIUncheckedCalleeAttr())
12071 return Discarding;
12072 if (!FromFn->getCFIUncheckedCalleeAttr() &&
12073 ToFn->getCFIUncheckedCalleeAttr())
12074 return Adding;
12075 }
12076 }
12077 return None;
12078}
12079
12080bool Sema::DiscardingCFIUncheckedCallee(QualType From, QualType To) const {
12081 From = Context.getCanonicalType(T: From);
12082 To = Context.getCanonicalType(T: To);
12083 return ::AdjustingCFIUncheckedCallee(From, To) == Discarding;
12084}
12085
12086bool Sema::AddingCFIUncheckedCallee(QualType From, QualType To) const {
12087 From = Context.getCanonicalType(T: From);
12088 To = Context.getCanonicalType(T: To);
12089 return ::AdjustingCFIUncheckedCallee(From, To) == Adding;
12090}
12091
12092void Sema::CheckImplicitConversion(Expr *E, QualType T, SourceLocation CC,
12093 bool *ICContext, bool IsListInit) {
12094 if (E->isTypeDependent() || E->isValueDependent()) return;
12095
12096 const Type *Source = Context.getCanonicalType(T: E->getType()).getTypePtr();
12097 const Type *Target = Context.getCanonicalType(T).getTypePtr();
12098 if (Source == Target) return;
12099 if (Target->isDependentType()) return;
12100
12101 // If the conversion context location is invalid don't complain. We also
12102 // don't want to emit a warning if the issue occurs from the expansion of
12103 // a system macro. The problem is that 'getSpellingLoc()' is slow, so we
12104 // delay this check as long as possible. Once we detect we are in that
12105 // scenario, we just return.
12106 if (CC.isInvalid())
12107 return;
12108
12109 if (Source->isAtomicType())
12110 Diag(Loc: E->getExprLoc(), DiagID: diag::warn_atomic_implicit_seq_cst);
12111
12112 // Diagnose implicit casts to bool.
12113 if (Target->isSpecificBuiltinType(K: BuiltinType::Bool)) {
12114 if (isa<StringLiteral>(Val: E))
12115 // Warn on string literal to bool. Checks for string literals in logical
12116 // and expressions, for instance, assert(0 && "error here"), are
12117 // prevented by a check in AnalyzeImplicitConversions().
12118 return DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12119 diag: diag::warn_impcast_string_literal_to_bool);
12120 if (isa<ObjCStringLiteral>(Val: E) || isa<ObjCArrayLiteral>(Val: E) ||
12121 isa<ObjCDictionaryLiteral>(Val: E) || isa<ObjCBoxedExpr>(Val: E)) {
12122 // This covers the literal expressions that evaluate to Objective-C
12123 // objects.
12124 return DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12125 diag: diag::warn_impcast_objective_c_literal_to_bool);
12126 }
12127 if (Source->isPointerType() || Source->canDecayToPointerType()) {
12128 // Warn on pointer to bool conversion that is always true.
12129 DiagnoseAlwaysNonNullPointer(E, NullType: Expr::NPCK_NotNull, /*IsEqual*/ false,
12130 Range: SourceRange(CC));
12131 }
12132 }
12133
12134 // If the we're converting a constant to an ObjC BOOL on a platform where BOOL
12135 // is a typedef for signed char (macOS), then that constant value has to be 1
12136 // or 0.
12137 if (ObjC().isSignedCharBool(Ty: T) && Source->isIntegralType(Ctx: Context)) {
12138 Expr::EvalResult Result;
12139 if (E->EvaluateAsInt(Result, Ctx: getASTContext(), AllowSideEffects: Expr::SE_AllowSideEffects)) {
12140 if (Result.Val.getInt() != 1 && Result.Val.getInt() != 0) {
12141 ObjC().adornBoolConversionDiagWithTernaryFixit(
12142 SourceExpr: E, Builder: Diag(Loc: CC, DiagID: diag::warn_impcast_constant_value_to_objc_bool)
12143 << toString(I: Result.Val.getInt(), Radix: 10));
12144 }
12145 return;
12146 }
12147 }
12148
12149 // Check implicit casts from Objective-C collection literals to specialized
12150 // collection types, e.g., NSArray<NSString *> *.
12151 if (auto *ArrayLiteral = dyn_cast<ObjCArrayLiteral>(Val: E))
12152 ObjC().checkArrayLiteral(TargetType: QualType(Target, 0), ArrayLiteral);
12153 else if (auto *DictionaryLiteral = dyn_cast<ObjCDictionaryLiteral>(Val: E))
12154 ObjC().checkDictionaryLiteral(TargetType: QualType(Target, 0), DictionaryLiteral);
12155
12156 // Strip vector types.
12157 if (isa<VectorType>(Val: Source)) {
12158 if (Target->isSveVLSBuiltinType() &&
12159 (ARM().areCompatibleSveTypes(FirstType: QualType(Target, 0),
12160 SecondType: QualType(Source, 0)) ||
12161 ARM().areLaxCompatibleSveTypes(FirstType: QualType(Target, 0),
12162 SecondType: QualType(Source, 0))))
12163 return;
12164
12165 if (Target->isRVVVLSBuiltinType() &&
12166 (Context.areCompatibleRVVTypes(FirstType: QualType(Target, 0),
12167 SecondType: QualType(Source, 0)) ||
12168 Context.areLaxCompatibleRVVTypes(FirstType: QualType(Target, 0),
12169 SecondType: QualType(Source, 0))))
12170 return;
12171
12172 if (!isa<VectorType>(Val: Target)) {
12173 if (SourceMgr.isInSystemMacro(loc: CC))
12174 return;
12175 return DiagnoseImpCast(S&: *this, E, T, CContext: CC, diag: diag::warn_impcast_vector_scalar);
12176 } else if (getLangOpts().HLSL &&
12177 Target->castAs<VectorType>()->getNumElements() <
12178 Source->castAs<VectorType>()->getNumElements()) {
12179 // Diagnose vector truncation but don't return. We may also want to
12180 // diagnose an element conversion.
12181 DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12182 diag: diag::warn_hlsl_impcast_vector_truncation);
12183 }
12184
12185 // If the vector cast is cast between two vectors of the same size, it is
12186 // a bitcast, not a conversion, except under HLSL where it is a conversion.
12187 if (!getLangOpts().HLSL &&
12188 Context.getTypeSize(T: Source) == Context.getTypeSize(T: Target))
12189 return;
12190
12191 Source = cast<VectorType>(Val: Source)->getElementType().getTypePtr();
12192 Target = cast<VectorType>(Val: Target)->getElementType().getTypePtr();
12193 }
12194 if (auto VecTy = dyn_cast<VectorType>(Val: Target))
12195 Target = VecTy->getElementType().getTypePtr();
12196
12197 // Strip complex types.
12198 if (isa<ComplexType>(Val: Source)) {
12199 if (!isa<ComplexType>(Val: Target)) {
12200 if (SourceMgr.isInSystemMacro(loc: CC) || Target->isBooleanType())
12201 return;
12202
12203 return DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12204 diag: getLangOpts().CPlusPlus
12205 ? diag::err_impcast_complex_scalar
12206 : diag::warn_impcast_complex_scalar);
12207 }
12208
12209 Source = cast<ComplexType>(Val: Source)->getElementType().getTypePtr();
12210 Target = cast<ComplexType>(Val: Target)->getElementType().getTypePtr();
12211 }
12212
12213 const BuiltinType *SourceBT = dyn_cast<BuiltinType>(Val: Source);
12214 const BuiltinType *TargetBT = dyn_cast<BuiltinType>(Val: Target);
12215
12216 // Strip SVE vector types
12217 if (SourceBT && SourceBT->isSveVLSBuiltinType()) {
12218 // Need the original target type for vector type checks
12219 const Type *OriginalTarget = Context.getCanonicalType(T).getTypePtr();
12220 // Handle conversion from scalable to fixed when msve-vector-bits is
12221 // specified
12222 if (ARM().areCompatibleSveTypes(FirstType: QualType(OriginalTarget, 0),
12223 SecondType: QualType(Source, 0)) ||
12224 ARM().areLaxCompatibleSveTypes(FirstType: QualType(OriginalTarget, 0),
12225 SecondType: QualType(Source, 0)))
12226 return;
12227
12228 // If the vector cast is cast between two vectors of the same size, it is
12229 // a bitcast, not a conversion.
12230 if (Context.getTypeSize(T: Source) == Context.getTypeSize(T: Target))
12231 return;
12232
12233 Source = SourceBT->getSveEltType(Ctx: Context).getTypePtr();
12234 }
12235
12236 if (TargetBT && TargetBT->isSveVLSBuiltinType())
12237 Target = TargetBT->getSveEltType(Ctx: Context).getTypePtr();
12238
12239 // If the source is floating point...
12240 if (SourceBT && SourceBT->isFloatingPoint()) {
12241 // ...and the target is floating point...
12242 if (TargetBT && TargetBT->isFloatingPoint()) {
12243 // ...then warn if we're dropping FP rank.
12244
12245 int Order = getASTContext().getFloatingTypeSemanticOrder(
12246 LHS: QualType(SourceBT, 0), RHS: QualType(TargetBT, 0));
12247 if (Order > 0) {
12248 // Don't warn about float constants that are precisely
12249 // representable in the target type.
12250 Expr::EvalResult result;
12251 if (E->EvaluateAsRValue(Result&: result, Ctx: Context)) {
12252 // Value might be a float, a float vector, or a float complex.
12253 if (IsSameFloatAfterCast(
12254 value: result.Val,
12255 Src: Context.getFloatTypeSemantics(T: QualType(TargetBT, 0)),
12256 Tgt: Context.getFloatTypeSemantics(T: QualType(SourceBT, 0))))
12257 return;
12258 }
12259
12260 if (SourceMgr.isInSystemMacro(loc: CC))
12261 return;
12262
12263 DiagnoseImpCast(S&: *this, E, T, CContext: CC, diag: diag::warn_impcast_float_precision);
12264 }
12265 // ... or possibly if we're increasing rank, too
12266 else if (Order < 0) {
12267 if (SourceMgr.isInSystemMacro(loc: CC))
12268 return;
12269
12270 DiagnoseImpCast(S&: *this, E, T, CContext: CC, diag: diag::warn_impcast_double_promotion);
12271 }
12272 return;
12273 }
12274
12275 // If the target is integral, always warn.
12276 if (TargetBT && TargetBT->isInteger()) {
12277 if (SourceMgr.isInSystemMacro(loc: CC))
12278 return;
12279
12280 DiagnoseFloatingImpCast(S&: *this, E, T, CContext: CC);
12281 }
12282
12283 // Detect the case where a call result is converted from floating-point to
12284 // to bool, and the final argument to the call is converted from bool, to
12285 // discover this typo:
12286 //
12287 // bool b = fabs(x < 1.0); // should be "bool b = fabs(x) < 1.0;"
12288 //
12289 // FIXME: This is an incredibly special case; is there some more general
12290 // way to detect this class of misplaced-parentheses bug?
12291 if (Target->isBooleanType() && isa<CallExpr>(Val: E)) {
12292 // Check last argument of function call to see if it is an
12293 // implicit cast from a type matching the type the result
12294 // is being cast to.
12295 CallExpr *CEx = cast<CallExpr>(Val: E);
12296 if (unsigned NumArgs = CEx->getNumArgs()) {
12297 Expr *LastA = CEx->getArg(Arg: NumArgs - 1);
12298 Expr *InnerE = LastA->IgnoreParenImpCasts();
12299 if (isa<ImplicitCastExpr>(Val: LastA) &&
12300 InnerE->getType()->isBooleanType()) {
12301 // Warn on this floating-point to bool conversion
12302 DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12303 diag: diag::warn_impcast_floating_point_to_bool);
12304 }
12305 }
12306 }
12307 return;
12308 }
12309
12310 // Valid casts involving fixed point types should be accounted for here.
12311 if (Source->isFixedPointType()) {
12312 if (Target->isUnsaturatedFixedPointType()) {
12313 Expr::EvalResult Result;
12314 if (E->EvaluateAsFixedPoint(Result, Ctx: Context, AllowSideEffects: Expr::SE_AllowSideEffects,
12315 InConstantContext: isConstantEvaluatedContext())) {
12316 llvm::APFixedPoint Value = Result.Val.getFixedPoint();
12317 llvm::APFixedPoint MaxVal = Context.getFixedPointMax(Ty: T);
12318 llvm::APFixedPoint MinVal = Context.getFixedPointMin(Ty: T);
12319 if (Value > MaxVal || Value < MinVal) {
12320 DiagRuntimeBehavior(Loc: E->getExprLoc(), Statement: E,
12321 PD: PDiag(DiagID: diag::warn_impcast_fixed_point_range)
12322 << Value.toString() << T
12323 << E->getSourceRange()
12324 << clang::SourceRange(CC));
12325 return;
12326 }
12327 }
12328 } else if (Target->isIntegerType()) {
12329 Expr::EvalResult Result;
12330 if (!isConstantEvaluatedContext() &&
12331 E->EvaluateAsFixedPoint(Result, Ctx: Context, AllowSideEffects: Expr::SE_AllowSideEffects)) {
12332 llvm::APFixedPoint FXResult = Result.Val.getFixedPoint();
12333
12334 bool Overflowed;
12335 llvm::APSInt IntResult = FXResult.convertToInt(
12336 DstWidth: Context.getIntWidth(T), DstSign: Target->isSignedIntegerOrEnumerationType(),
12337 Overflow: &Overflowed);
12338
12339 if (Overflowed) {
12340 DiagRuntimeBehavior(Loc: E->getExprLoc(), Statement: E,
12341 PD: PDiag(DiagID: diag::warn_impcast_fixed_point_range)
12342 << FXResult.toString() << T
12343 << E->getSourceRange()
12344 << clang::SourceRange(CC));
12345 return;
12346 }
12347 }
12348 }
12349 } else if (Target->isUnsaturatedFixedPointType()) {
12350 if (Source->isIntegerType()) {
12351 Expr::EvalResult Result;
12352 if (!isConstantEvaluatedContext() &&
12353 E->EvaluateAsInt(Result, Ctx: Context, AllowSideEffects: Expr::SE_AllowSideEffects)) {
12354 llvm::APSInt Value = Result.Val.getInt();
12355
12356 bool Overflowed;
12357 llvm::APFixedPoint IntResult = llvm::APFixedPoint::getFromIntValue(
12358 Value, DstFXSema: Context.getFixedPointSemantics(Ty: T), Overflow: &Overflowed);
12359
12360 if (Overflowed) {
12361 DiagRuntimeBehavior(Loc: E->getExprLoc(), Statement: E,
12362 PD: PDiag(DiagID: diag::warn_impcast_fixed_point_range)
12363 << toString(I: Value, /*Radix=*/10) << T
12364 << E->getSourceRange()
12365 << clang::SourceRange(CC));
12366 return;
12367 }
12368 }
12369 }
12370 }
12371
12372 // If we are casting an integer type to a floating point type without
12373 // initialization-list syntax, we might lose accuracy if the floating
12374 // point type has a narrower significand than the integer type.
12375 if (SourceBT && TargetBT && SourceBT->isIntegerType() &&
12376 TargetBT->isFloatingType() && !IsListInit) {
12377 // Determine the number of precision bits in the source integer type.
12378 std::optional<IntRange> SourceRange =
12379 TryGetExprRange(C&: Context, E, InConstantContext: isConstantEvaluatedContext(),
12380 /*Approximate=*/true);
12381 if (!SourceRange)
12382 return;
12383 unsigned int SourcePrecision = SourceRange->Width;
12384
12385 // Determine the number of precision bits in the
12386 // target floating point type.
12387 unsigned int TargetPrecision = llvm::APFloatBase::semanticsPrecision(
12388 Context.getFloatTypeSemantics(T: QualType(TargetBT, 0)));
12389
12390 if (SourcePrecision > 0 && TargetPrecision > 0 &&
12391 SourcePrecision > TargetPrecision) {
12392
12393 if (std::optional<llvm::APSInt> SourceInt =
12394 E->getIntegerConstantExpr(Ctx: Context)) {
12395 // If the source integer is a constant, convert it to the target
12396 // floating point type. Issue a warning if the value changes
12397 // during the whole conversion.
12398 llvm::APFloat TargetFloatValue(
12399 Context.getFloatTypeSemantics(T: QualType(TargetBT, 0)));
12400 llvm::APFloat::opStatus ConversionStatus =
12401 TargetFloatValue.convertFromAPInt(
12402 Input: *SourceInt, IsSigned: SourceBT->isSignedInteger(),
12403 RM: llvm::APFloat::rmNearestTiesToEven);
12404
12405 if (ConversionStatus != llvm::APFloat::opOK) {
12406 SmallString<32> PrettySourceValue;
12407 SourceInt->toString(Str&: PrettySourceValue, Radix: 10);
12408 SmallString<32> PrettyTargetValue;
12409 TargetFloatValue.toString(Str&: PrettyTargetValue, FormatPrecision: TargetPrecision);
12410
12411 DiagRuntimeBehavior(
12412 Loc: E->getExprLoc(), Statement: E,
12413 PD: PDiag(DiagID: diag::warn_impcast_integer_float_precision_constant)
12414 << PrettySourceValue << PrettyTargetValue << E->getType() << T
12415 << E->getSourceRange() << clang::SourceRange(CC));
12416 }
12417 } else {
12418 // Otherwise, the implicit conversion may lose precision.
12419 DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12420 diag: diag::warn_impcast_integer_float_precision);
12421 }
12422 }
12423 }
12424
12425 DiagnoseNullConversion(S&: *this, E, T, CC);
12426
12427 DiscardMisalignedMemberAddress(T: Target, E);
12428
12429 if (Source->isUnicodeCharacterType() && Target->isUnicodeCharacterType()) {
12430 DiagnoseMixedUnicodeImplicitConversion(S&: *this, Source, Target, E, T, CC);
12431 return;
12432 }
12433
12434 if (Target->isBooleanType())
12435 DiagnoseIntInBoolContext(S&: *this, E);
12436
12437 if (DiscardingCFIUncheckedCallee(From: QualType(Source, 0), To: QualType(Target, 0))) {
12438 Diag(Loc: CC, DiagID: diag::warn_cast_discards_cfi_unchecked_callee)
12439 << QualType(Source, 0) << QualType(Target, 0);
12440 }
12441
12442 if (!Source->isIntegerType() || !Target->isIntegerType())
12443 return;
12444
12445 // TODO: remove this early return once the false positives for constant->bool
12446 // in templates, macros, etc, are reduced or removed.
12447 if (Target->isSpecificBuiltinType(K: BuiltinType::Bool))
12448 return;
12449
12450 if (ObjC().isSignedCharBool(Ty: T) && !Source->isCharType() &&
12451 !E->isKnownToHaveBooleanValue(/*Semantic=*/false)) {
12452 return ObjC().adornBoolConversionDiagWithTernaryFixit(
12453 SourceExpr: E, Builder: Diag(Loc: CC, DiagID: diag::warn_impcast_int_to_objc_signed_char_bool)
12454 << E->getType());
12455 }
12456 std::optional<IntRange> LikelySourceRange = TryGetExprRange(
12457 C&: Context, E, InConstantContext: isConstantEvaluatedContext(), /*Approximate=*/true);
12458 if (!LikelySourceRange)
12459 return;
12460
12461 IntRange SourceTypeRange =
12462 IntRange::forTargetOfCanonicalType(C&: Context, T: Source);
12463 IntRange TargetRange = IntRange::forTargetOfCanonicalType(C&: Context, T: Target);
12464
12465 if (LikelySourceRange->Width > TargetRange.Width) {
12466 // If the source is a constant, use a default-on diagnostic.
12467 // TODO: this should happen for bitfield stores, too.
12468 Expr::EvalResult Result;
12469 if (E->EvaluateAsInt(Result, Ctx: Context, AllowSideEffects: Expr::SE_AllowSideEffects,
12470 InConstantContext: isConstantEvaluatedContext())) {
12471 llvm::APSInt Value(32);
12472 Value = Result.Val.getInt();
12473
12474 if (SourceMgr.isInSystemMacro(loc: CC))
12475 return;
12476
12477 std::string PrettySourceValue = toString(I: Value, Radix: 10);
12478 std::string PrettyTargetValue = PrettyPrintInRange(Value, Range: TargetRange);
12479
12480 DiagRuntimeBehavior(Loc: E->getExprLoc(), Statement: E,
12481 PD: PDiag(DiagID: diag::warn_impcast_integer_precision_constant)
12482 << PrettySourceValue << PrettyTargetValue
12483 << E->getType() << T << E->getSourceRange()
12484 << SourceRange(CC));
12485 return;
12486 }
12487
12488 // People want to build with -Wshorten-64-to-32 and not -Wconversion.
12489 if (SourceMgr.isInSystemMacro(loc: CC))
12490 return;
12491
12492 if (const auto *UO = dyn_cast<UnaryOperator>(Val: E)) {
12493 if (UO->getOpcode() == UO_Minus)
12494 return DiagnoseImpCast(
12495 S&: *this, E, T, CContext: CC, diag: diag::warn_impcast_integer_precision_on_negation);
12496 }
12497
12498 if (TargetRange.Width == 32 && Context.getIntWidth(T: E->getType()) == 64)
12499 return DiagnoseImpCast(S&: *this, E, T, CContext: CC, diag: diag::warn_impcast_integer_64_32,
12500 /* pruneControlFlow */ PruneControlFlow: true);
12501 return DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12502 diag: diag::warn_impcast_integer_precision);
12503 }
12504
12505 if (TargetRange.Width > SourceTypeRange.Width) {
12506 if (auto *UO = dyn_cast<UnaryOperator>(Val: E))
12507 if (UO->getOpcode() == UO_Minus)
12508 if (Source->isUnsignedIntegerType()) {
12509 if (Target->isUnsignedIntegerType())
12510 return DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12511 diag: diag::warn_impcast_high_order_zero_bits);
12512 if (Target->isSignedIntegerType())
12513 return DiagnoseImpCast(S&: *this, E, T, CContext: CC,
12514 diag: diag::warn_impcast_nonnegative_result);
12515 }
12516 }
12517
12518 if (TargetRange.Width == LikelySourceRange->Width &&
12519 !TargetRange.NonNegative && LikelySourceRange->NonNegative &&
12520 Source->isSignedIntegerType()) {
12521 // Warn when doing a signed to signed conversion, warn if the positive
12522 // source value is exactly the width of the target type, which will
12523 // cause a negative value to be stored.
12524
12525 Expr::EvalResult Result;
12526 if (E->EvaluateAsInt(Result, Ctx: Context, AllowSideEffects: Expr::SE_AllowSideEffects) &&
12527 !SourceMgr.isInSystemMacro(loc: CC)) {
12528 llvm::APSInt Value = Result.Val.getInt();
12529 if (isSameWidthConstantConversion(S&: *this, E, T, CC)) {
12530 std::string PrettySourceValue = toString(I: Value, Radix: 10);
12531 std::string PrettyTargetValue = PrettyPrintInRange(Value, Range: TargetRange);
12532
12533 Diag(Loc: E->getExprLoc(),
12534 PD: PDiag(DiagID: diag::warn_impcast_integer_precision_constant)
12535 << PrettySourceValue << PrettyTargetValue << E->getType() << T
12536 << E->getSourceRange() << SourceRange(CC));
12537 return;
12538 }
12539 }
12540
12541 // Fall through for non-constants to give a sign conversion warning.
12542 }
12543
12544 if ((!isa<EnumType>(Val: Target) || !isa<EnumType>(Val: Source)) &&
12545 ((TargetRange.NonNegative && !LikelySourceRange->NonNegative) ||
12546 (!TargetRange.NonNegative && LikelySourceRange->NonNegative &&
12547 LikelySourceRange->Width == TargetRange.Width))) {
12548 if (SourceMgr.isInSystemMacro(loc: CC))
12549 return;
12550
12551 if (SourceBT && SourceBT->isInteger() && TargetBT &&
12552 TargetBT->isInteger() &&
12553 Source->isSignedIntegerType() == Target->isSignedIntegerType()) {
12554 return;
12555 }
12556
12557 unsigned DiagID = diag::warn_impcast_integer_sign;
12558
12559 // Traditionally, gcc has warned about this under -Wsign-compare.
12560 // We also want to warn about it in -Wconversion.
12561 // So if -Wconversion is off, use a completely identical diagnostic
12562 // in the sign-compare group.
12563 // The conditional-checking code will
12564 if (ICContext) {
12565 DiagID = diag::warn_impcast_integer_sign_conditional;
12566 *ICContext = true;
12567 }
12568
12569 DiagnoseImpCast(S&: *this, E, T, CContext: CC, diag: DiagID);
12570 }
12571
12572 // If we're implicitly converting from an integer into an enumeration, that
12573 // is valid in C but invalid in C++.
12574 QualType SourceType = E->getEnumCoercedType(Ctx: Context);
12575 const BuiltinType *CoercedSourceBT = SourceType->getAs<BuiltinType>();
12576 if (CoercedSourceBT && CoercedSourceBT->isInteger() && isa<EnumType>(Val: Target))
12577 return DiagnoseImpCast(S&: *this, E, T, CContext: CC, diag: diag::warn_impcast_int_to_enum);
12578
12579 // Diagnose conversions between different enumeration types.
12580 // In C, we pretend that the type of an EnumConstantDecl is its enumeration
12581 // type, to give us better diagnostics.
12582 Source = Context.getCanonicalType(T: SourceType).getTypePtr();
12583
12584 if (const EnumType *SourceEnum = Source->getAs<EnumType>())
12585 if (const EnumType *TargetEnum = Target->getAs<EnumType>())
12586 if (SourceEnum->getDecl()->hasNameForLinkage() &&
12587 TargetEnum->getDecl()->hasNameForLinkage() &&
12588 SourceEnum != TargetEnum) {
12589 if (SourceMgr.isInSystemMacro(loc: CC))
12590 return;
12591
12592 return DiagnoseImpCast(S&: *this, E, SourceType, T, CContext: CC,
12593 diag: diag::warn_impcast_different_enum_types);
12594 }
12595}
12596
12597static void CheckConditionalOperator(Sema &S, AbstractConditionalOperator *E,
12598 SourceLocation CC, QualType T);
12599
12600static void CheckConditionalOperand(Sema &S, Expr *E, QualType T,
12601 SourceLocation CC, bool &ICContext) {
12602 E = E->IgnoreParenImpCasts();
12603 // Diagnose incomplete type for second or third operand in C.
12604 if (!S.getLangOpts().CPlusPlus && E->getType()->isRecordType())
12605 S.RequireCompleteExprType(E, DiagID: diag::err_incomplete_type);
12606
12607 if (auto *CO = dyn_cast<AbstractConditionalOperator>(Val: E))
12608 return CheckConditionalOperator(S, E: CO, CC, T);
12609
12610 AnalyzeImplicitConversions(S, E, CC);
12611 if (E->getType() != T)
12612 return S.CheckImplicitConversion(E, T, CC, ICContext: &ICContext);
12613}
12614
12615static void CheckConditionalOperator(Sema &S, AbstractConditionalOperator *E,
12616 SourceLocation CC, QualType T) {
12617 AnalyzeImplicitConversions(S, E: E->getCond(), CC: E->getQuestionLoc());
12618
12619 Expr *TrueExpr = E->getTrueExpr();
12620 if (auto *BCO = dyn_cast<BinaryConditionalOperator>(Val: E))
12621 TrueExpr = BCO->getCommon();
12622
12623 bool Suspicious = false;
12624 CheckConditionalOperand(S, E: TrueExpr, T, CC, ICContext&: Suspicious);
12625 CheckConditionalOperand(S, E: E->getFalseExpr(), T, CC, ICContext&: Suspicious);
12626
12627 if (T->isBooleanType())
12628 DiagnoseIntInBoolContext(S, E);
12629
12630 // If -Wconversion would have warned about either of the candidates
12631 // for a signedness conversion to the context type...
12632 if (!Suspicious) return;
12633
12634 // ...but it's currently ignored...
12635 if (!S.Diags.isIgnored(DiagID: diag::warn_impcast_integer_sign_conditional, Loc: CC))
12636 return;
12637
12638 // ...then check whether it would have warned about either of the
12639 // candidates for a signedness conversion to the condition type.
12640 if (E->getType() == T) return;
12641
12642 Suspicious = false;
12643 S.CheckImplicitConversion(E: TrueExpr->IgnoreParenImpCasts(), T: E->getType(), CC,
12644 ICContext: &Suspicious);
12645 if (!Suspicious)
12646 S.CheckImplicitConversion(E: E->getFalseExpr()->IgnoreParenImpCasts(),
12647 T: E->getType(), CC, ICContext: &Suspicious);
12648}
12649
12650/// Check conversion of given expression to boolean.
12651/// Input argument E is a logical expression.
12652static void CheckBoolLikeConversion(Sema &S, Expr *E, SourceLocation CC) {
12653 // Run the bool-like conversion checks only for C since there bools are
12654 // still not used as the return type from "boolean" operators or as the input
12655 // type for conditional operators.
12656 if (S.getLangOpts().CPlusPlus)
12657 return;
12658 if (E->IgnoreParenImpCasts()->getType()->isAtomicType())
12659 return;
12660 S.CheckImplicitConversion(E: E->IgnoreParenImpCasts(), T: S.Context.BoolTy, CC);
12661}
12662
12663namespace {
12664struct AnalyzeImplicitConversionsWorkItem {
12665 Expr *E;
12666 SourceLocation CC;
12667 bool IsListInit;
12668};
12669}
12670
12671static void CheckCommaOperand(
12672 Sema &S, Expr *E, QualType T, SourceLocation CC,
12673 bool ExtraCheckForImplicitConversion,
12674 llvm::SmallVectorImpl<AnalyzeImplicitConversionsWorkItem> &WorkList) {
12675 E = E->IgnoreParenImpCasts();
12676 WorkList.push_back(Elt: {.E: E, .CC: CC, .IsListInit: false});
12677
12678 if (ExtraCheckForImplicitConversion && E->getType() != T)
12679 S.CheckImplicitConversion(E, T, CC);
12680}
12681
12682/// Data recursive variant of AnalyzeImplicitConversions. Subexpressions
12683/// that should be visited are added to WorkList.
12684static void AnalyzeImplicitConversions(
12685 Sema &S, AnalyzeImplicitConversionsWorkItem Item,
12686 llvm::SmallVectorImpl<AnalyzeImplicitConversionsWorkItem> &WorkList) {
12687 Expr *OrigE = Item.E;
12688 SourceLocation CC = Item.CC;
12689
12690 QualType T = OrigE->getType();
12691 Expr *E = OrigE->IgnoreParenImpCasts();
12692
12693 // Propagate whether we are in a C++ list initialization expression.
12694 // If so, we do not issue warnings for implicit int-float conversion
12695 // precision loss, because C++11 narrowing already handles it.
12696 //
12697 // HLSL's initialization lists are special, so they shouldn't observe the C++
12698 // behavior here.
12699 bool IsListInit =
12700 Item.IsListInit || (isa<InitListExpr>(Val: OrigE) &&
12701 S.getLangOpts().CPlusPlus && !S.getLangOpts().HLSL);
12702
12703 if (E->isTypeDependent() || E->isValueDependent())
12704 return;
12705
12706 Expr *SourceExpr = E;
12707 // Examine, but don't traverse into the source expression of an
12708 // OpaqueValueExpr, since it may have multiple parents and we don't want to
12709 // emit duplicate diagnostics. Its fine to examine the form or attempt to
12710 // evaluate it in the context of checking the specific conversion to T though.
12711 if (auto *OVE = dyn_cast<OpaqueValueExpr>(Val: E))
12712 if (auto *Src = OVE->getSourceExpr())
12713 SourceExpr = Src;
12714
12715 if (const auto *UO = dyn_cast<UnaryOperator>(Val: SourceExpr))
12716 if (UO->getOpcode() == UO_Not &&
12717 UO->getSubExpr()->isKnownToHaveBooleanValue())
12718 S.Diag(Loc: UO->getBeginLoc(), DiagID: diag::warn_bitwise_negation_bool)
12719 << OrigE->getSourceRange() << T->isBooleanType()
12720 << FixItHint::CreateReplacement(RemoveRange: UO->getBeginLoc(), Code: "!");
12721
12722 if (auto *BO = dyn_cast<BinaryOperator>(Val: SourceExpr)) {
12723 if ((BO->getOpcode() == BO_And || BO->getOpcode() == BO_Or) &&
12724 BO->getLHS()->isKnownToHaveBooleanValue() &&
12725 BO->getRHS()->isKnownToHaveBooleanValue() &&
12726 BO->getLHS()->HasSideEffects(Ctx: S.Context) &&
12727 BO->getRHS()->HasSideEffects(Ctx: S.Context)) {
12728 SourceManager &SM = S.getSourceManager();
12729 const LangOptions &LO = S.getLangOpts();
12730 SourceLocation BLoc = BO->getOperatorLoc();
12731 SourceLocation ELoc = Lexer::getLocForEndOfToken(Loc: BLoc, Offset: 0, SM, LangOpts: LO);
12732 StringRef SR = clang::Lexer::getSourceText(
12733 Range: clang::CharSourceRange::getTokenRange(B: BLoc, E: ELoc), SM, LangOpts: LO);
12734 // To reduce false positives, only issue the diagnostic if the operator
12735 // is explicitly spelled as a punctuator. This suppresses the diagnostic
12736 // when using 'bitand' or 'bitor' either as keywords in C++ or as macros
12737 // in C, along with other macro spellings the user might invent.
12738 if (SR.str() == "&" || SR.str() == "|") {
12739
12740 S.Diag(Loc: BO->getBeginLoc(), DiagID: diag::warn_bitwise_instead_of_logical)
12741 << (BO->getOpcode() == BO_And ? "&" : "|")
12742 << OrigE->getSourceRange()
12743 << FixItHint::CreateReplacement(
12744 RemoveRange: BO->getOperatorLoc(),
12745 Code: (BO->getOpcode() == BO_And ? "&&" : "||"));
12746 S.Diag(Loc: BO->getBeginLoc(), DiagID: diag::note_cast_operand_to_int);
12747 }
12748 } else if (BO->isCommaOp() && !S.getLangOpts().CPlusPlus) {
12749 /// Analyze the given comma operator. The basic idea behind the analysis
12750 /// is to analyze the left and right operands slightly differently. The
12751 /// left operand needs to check whether the operand itself has an implicit
12752 /// conversion, but not whether the left operand induces an implicit
12753 /// conversion for the entire comma expression itself. This is similar to
12754 /// how CheckConditionalOperand behaves; it's as-if the correct operand
12755 /// were directly used for the implicit conversion check.
12756 CheckCommaOperand(S, E: BO->getLHS(), T, CC: BO->getOperatorLoc(),
12757 /*ExtraCheckForImplicitConversion=*/false, WorkList);
12758 CheckCommaOperand(S, E: BO->getRHS(), T, CC: BO->getOperatorLoc(),
12759 /*ExtraCheckForImplicitConversion=*/true, WorkList);
12760 return;
12761 }
12762 }
12763
12764 // For conditional operators, we analyze the arguments as if they
12765 // were being fed directly into the output.
12766 if (auto *CO = dyn_cast<AbstractConditionalOperator>(Val: SourceExpr)) {
12767 CheckConditionalOperator(S, E: CO, CC, T);
12768 return;
12769 }
12770
12771 // Check implicit argument conversions for function calls.
12772 if (const auto *Call = dyn_cast<CallExpr>(Val: SourceExpr))
12773 CheckImplicitArgumentConversions(S, TheCall: Call, CC);
12774
12775 // Go ahead and check any implicit conversions we might have skipped.
12776 // The non-canonical typecheck is just an optimization;
12777 // CheckImplicitConversion will filter out dead implicit conversions.
12778 if (SourceExpr->getType() != T)
12779 S.CheckImplicitConversion(E: SourceExpr, T, CC, ICContext: nullptr, IsListInit);
12780
12781 // Now continue drilling into this expression.
12782
12783 if (PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(Val: E)) {
12784 // The bound subexpressions in a PseudoObjectExpr are not reachable
12785 // as transitive children.
12786 // FIXME: Use a more uniform representation for this.
12787 for (auto *SE : POE->semantics())
12788 if (auto *OVE = dyn_cast<OpaqueValueExpr>(Val: SE))
12789 WorkList.push_back(Elt: {.E: OVE->getSourceExpr(), .CC: CC, .IsListInit: IsListInit});
12790 }
12791
12792 // Skip past explicit casts.
12793 if (auto *CE = dyn_cast<ExplicitCastExpr>(Val: E)) {
12794 E = CE->getSubExpr()->IgnoreParenImpCasts();
12795 if (!CE->getType()->isVoidType() && E->getType()->isAtomicType())
12796 S.Diag(Loc: E->getBeginLoc(), DiagID: diag::warn_atomic_implicit_seq_cst);
12797 WorkList.push_back(Elt: {.E: E, .CC: CC, .IsListInit: IsListInit});
12798 return;
12799 }
12800
12801 if (auto *OutArgE = dyn_cast<HLSLOutArgExpr>(Val: E)) {
12802 WorkList.push_back(Elt: {.E: OutArgE->getArgLValue(), .CC: CC, .IsListInit: IsListInit});
12803 // The base expression is only used to initialize the parameter for
12804 // arguments to `inout` parameters, so we only traverse down the base
12805 // expression for `inout` cases.
12806 if (OutArgE->isInOut())
12807 WorkList.push_back(
12808 Elt: {.E: OutArgE->getCastedTemporary()->getSourceExpr(), .CC: CC, .IsListInit: IsListInit});
12809 WorkList.push_back(Elt: {.E: OutArgE->getWritebackCast(), .CC: CC, .IsListInit: IsListInit});
12810 return;
12811 }
12812
12813 if (BinaryOperator *BO = dyn_cast<BinaryOperator>(Val: E)) {
12814 // Do a somewhat different check with comparison operators.
12815 if (BO->isComparisonOp())
12816 return AnalyzeComparison(S, E: BO);
12817
12818 // And with simple assignments.
12819 if (BO->getOpcode() == BO_Assign)
12820 return AnalyzeAssignment(S, E: BO);
12821 // And with compound assignments.
12822 if (BO->isAssignmentOp())
12823 return AnalyzeCompoundAssignment(S, E: BO);
12824 }
12825
12826 // These break the otherwise-useful invariant below. Fortunately,
12827 // we don't really need to recurse into them, because any internal
12828 // expressions should have been analyzed already when they were
12829 // built into statements.
12830 if (isa<StmtExpr>(Val: E)) return;
12831
12832 // Don't descend into unevaluated contexts.
12833 if (isa<UnaryExprOrTypeTraitExpr>(Val: E)) return;
12834
12835 // Now just recurse over the expression's children.
12836 CC = E->getExprLoc();
12837 BinaryOperator *BO = dyn_cast<BinaryOperator>(Val: E);
12838 bool IsLogicalAndOperator = BO && BO->getOpcode() == BO_LAnd;
12839 for (Stmt *SubStmt : E->children()) {
12840 Expr *ChildExpr = dyn_cast_or_null<Expr>(Val: SubStmt);
12841 if (!ChildExpr)
12842 continue;
12843
12844 if (auto *CSE = dyn_cast<CoroutineSuspendExpr>(Val: E))
12845 if (ChildExpr == CSE->getOperand())
12846 // Do not recurse over a CoroutineSuspendExpr's operand.
12847 // The operand is also a subexpression of getCommonExpr(), and
12848 // recursing into it directly would produce duplicate diagnostics.
12849 continue;
12850
12851 if (IsLogicalAndOperator &&
12852 isa<StringLiteral>(Val: ChildExpr->IgnoreParenImpCasts()))
12853 // Ignore checking string literals that are in logical and operators.
12854 // This is a common pattern for asserts.
12855 continue;
12856 WorkList.push_back(Elt: {.E: ChildExpr, .CC: CC, .IsListInit: IsListInit});
12857 }
12858
12859 if (BO && BO->isLogicalOp()) {
12860 Expr *SubExpr = BO->getLHS()->IgnoreParenImpCasts();
12861 if (!IsLogicalAndOperator || !isa<StringLiteral>(Val: SubExpr))
12862 ::CheckBoolLikeConversion(S, E: SubExpr, CC: BO->getExprLoc());
12863
12864 SubExpr = BO->getRHS()->IgnoreParenImpCasts();
12865 if (!IsLogicalAndOperator || !isa<StringLiteral>(Val: SubExpr))
12866 ::CheckBoolLikeConversion(S, E: SubExpr, CC: BO->getExprLoc());
12867 }
12868
12869 if (const UnaryOperator *U = dyn_cast<UnaryOperator>(Val: E)) {
12870 if (U->getOpcode() == UO_LNot) {
12871 ::CheckBoolLikeConversion(S, E: U->getSubExpr(), CC);
12872 } else if (U->getOpcode() != UO_AddrOf) {
12873 if (U->getSubExpr()->getType()->isAtomicType())
12874 S.Diag(Loc: U->getSubExpr()->getBeginLoc(),
12875 DiagID: diag::warn_atomic_implicit_seq_cst);
12876 }
12877 }
12878}
12879
12880/// AnalyzeImplicitConversions - Find and report any interesting
12881/// implicit conversions in the given expression. There are a couple
12882/// of competing diagnostics here, -Wconversion and -Wsign-compare.
12883static void AnalyzeImplicitConversions(Sema &S, Expr *OrigE, SourceLocation CC,
12884 bool IsListInit/*= false*/) {
12885 llvm::SmallVector<AnalyzeImplicitConversionsWorkItem, 16> WorkList;
12886 WorkList.push_back(Elt: {.E: OrigE, .CC: CC, .IsListInit: IsListInit});
12887 while (!WorkList.empty())
12888 AnalyzeImplicitConversions(S, Item: WorkList.pop_back_val(), WorkList);
12889}
12890
12891// Helper function for Sema::DiagnoseAlwaysNonNullPointer.
12892// Returns true when emitting a warning about taking the address of a reference.
12893static bool CheckForReference(Sema &SemaRef, const Expr *E,
12894 const PartialDiagnostic &PD) {
12895 E = E->IgnoreParenImpCasts();
12896
12897 const FunctionDecl *FD = nullptr;
12898
12899 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Val: E)) {
12900 if (!DRE->getDecl()->getType()->isReferenceType())
12901 return false;
12902 } else if (const MemberExpr *M = dyn_cast<MemberExpr>(Val: E)) {
12903 if (!M->getMemberDecl()->getType()->isReferenceType())
12904 return false;
12905 } else if (const CallExpr *Call = dyn_cast<CallExpr>(Val: E)) {
12906 if (!Call->getCallReturnType(Ctx: SemaRef.Context)->isReferenceType())
12907 return false;
12908 FD = Call->getDirectCallee();
12909 } else {
12910 return false;
12911 }
12912
12913 SemaRef.Diag(Loc: E->getExprLoc(), PD);
12914
12915 // If possible, point to location of function.
12916 if (FD) {
12917 SemaRef.Diag(Loc: FD->getLocation(), DiagID: diag::note_reference_is_return_value) << FD;
12918 }
12919
12920 return true;
12921}
12922
12923// Returns true if the SourceLocation is expanded from any macro body.
12924// Returns false if the SourceLocation is invalid, is from not in a macro
12925// expansion, or is from expanded from a top-level macro argument.
12926static bool IsInAnyMacroBody(const SourceManager &SM, SourceLocation Loc) {
12927 if (Loc.isInvalid())
12928 return false;
12929
12930 while (Loc.isMacroID()) {
12931 if (SM.isMacroBodyExpansion(Loc))
12932 return true;
12933 Loc = SM.getImmediateMacroCallerLoc(Loc);
12934 }
12935
12936 return false;
12937}
12938
12939void Sema::DiagnoseAlwaysNonNullPointer(Expr *E,
12940 Expr::NullPointerConstantKind NullKind,
12941 bool IsEqual, SourceRange Range) {
12942 if (!E)
12943 return;
12944
12945 // Don't warn inside macros.
12946 if (E->getExprLoc().isMacroID()) {
12947 const SourceManager &SM = getSourceManager();
12948 if (IsInAnyMacroBody(SM, Loc: E->getExprLoc()) ||
12949 IsInAnyMacroBody(SM, Loc: Range.getBegin()))
12950 return;
12951 }
12952 E = E->IgnoreImpCasts();
12953
12954 const bool IsCompare = NullKind != Expr::NPCK_NotNull;
12955
12956 if (isa<CXXThisExpr>(Val: E)) {
12957 unsigned DiagID = IsCompare ? diag::warn_this_null_compare
12958 : diag::warn_this_bool_conversion;
12959 Diag(Loc: E->getExprLoc(), DiagID) << E->getSourceRange() << Range << IsEqual;
12960 return;
12961 }
12962
12963 bool IsAddressOf = false;
12964
12965 if (auto *UO = dyn_cast<UnaryOperator>(Val: E->IgnoreParens())) {
12966 if (UO->getOpcode() != UO_AddrOf)
12967 return;
12968 IsAddressOf = true;
12969 E = UO->getSubExpr();
12970 }
12971
12972 if (IsAddressOf) {
12973 unsigned DiagID = IsCompare
12974 ? diag::warn_address_of_reference_null_compare
12975 : diag::warn_address_of_reference_bool_conversion;
12976 PartialDiagnostic PD = PDiag(DiagID) << E->getSourceRange() << Range
12977 << IsEqual;
12978 if (CheckForReference(SemaRef&: *this, E, PD)) {
12979 return;
12980 }
12981 }
12982
12983 auto ComplainAboutNonnullParamOrCall = [&](const Attr *NonnullAttr) {
12984 bool IsParam = isa<NonNullAttr>(Val: NonnullAttr);
12985 std::string Str;
12986 llvm::raw_string_ostream S(Str);
12987 E->printPretty(OS&: S, Helper: nullptr, Policy: getPrintingPolicy());
12988 unsigned DiagID = IsCompare ? diag::warn_nonnull_expr_compare
12989 : diag::warn_cast_nonnull_to_bool;
12990 Diag(Loc: E->getExprLoc(), DiagID) << IsParam << S.str()
12991 << E->getSourceRange() << Range << IsEqual;
12992 Diag(Loc: NonnullAttr->getLocation(), DiagID: diag::note_declared_nonnull) << IsParam;
12993 };
12994
12995 // If we have a CallExpr that is tagged with returns_nonnull, we can complain.
12996 if (auto *Call = dyn_cast<CallExpr>(Val: E->IgnoreParenImpCasts())) {
12997 if (auto *Callee = Call->getDirectCallee()) {
12998 if (const Attr *A = Callee->getAttr<ReturnsNonNullAttr>()) {
12999 ComplainAboutNonnullParamOrCall(A);
13000 return;
13001 }
13002 }
13003 }
13004
13005 // Complain if we are converting a lambda expression to a boolean value
13006 // outside of instantiation.
13007 if (!inTemplateInstantiation()) {
13008 if (const auto *MCallExpr = dyn_cast<CXXMemberCallExpr>(Val: E)) {
13009 if (const auto *MRecordDecl = MCallExpr->getRecordDecl();
13010 MRecordDecl && MRecordDecl->isLambda()) {
13011 Diag(Loc: E->getExprLoc(), DiagID: diag::warn_impcast_pointer_to_bool)
13012 << /*LambdaPointerConversionOperatorType=*/3
13013 << MRecordDecl->getSourceRange() << Range << IsEqual;
13014 return;
13015 }
13016 }
13017 }
13018
13019 // Expect to find a single Decl. Skip anything more complicated.
13020 ValueDecl *D = nullptr;
13021 if (DeclRefExpr *R = dyn_cast<DeclRefExpr>(Val: E)) {
13022 D = R->getDecl();
13023 } else if (MemberExpr *M = dyn_cast<MemberExpr>(Val: E)) {
13024 D = M->getMemberDecl();
13025 }
13026
13027 // Weak Decls can be null.
13028 if (!D || D->isWeak())
13029 return;
13030
13031 // Check for parameter decl with nonnull attribute
13032 if (const auto* PV = dyn_cast<ParmVarDecl>(Val: D)) {
13033 if (getCurFunction() &&
13034 !getCurFunction()->ModifiedNonNullParams.count(Ptr: PV)) {
13035 if (const Attr *A = PV->getAttr<NonNullAttr>()) {
13036 ComplainAboutNonnullParamOrCall(A);
13037 return;
13038 }
13039
13040 if (const auto *FD = dyn_cast<FunctionDecl>(Val: PV->getDeclContext())) {
13041 // Skip function template not specialized yet.
13042 if (FD->getTemplatedKind() == FunctionDecl::TK_FunctionTemplate)
13043 return;
13044 auto ParamIter = llvm::find(Range: FD->parameters(), Val: PV);
13045 assert(ParamIter != FD->param_end());
13046 unsigned ParamNo = std::distance(first: FD->param_begin(), last: ParamIter);
13047
13048 for (const auto *NonNull : FD->specific_attrs<NonNullAttr>()) {
13049 if (!NonNull->args_size()) {
13050 ComplainAboutNonnullParamOrCall(NonNull);
13051 return;
13052 }
13053
13054 for (const ParamIdx &ArgNo : NonNull->args()) {
13055 if (ArgNo.getASTIndex() == ParamNo) {
13056 ComplainAboutNonnullParamOrCall(NonNull);
13057 return;
13058 }
13059 }
13060 }
13061 }
13062 }
13063 }
13064
13065 QualType T = D->getType();
13066 const bool IsArray = T->isArrayType();
13067 const bool IsFunction = T->isFunctionType();
13068
13069 // Address of function is used to silence the function warning.
13070 if (IsAddressOf && IsFunction) {
13071 return;
13072 }
13073
13074 // Found nothing.
13075 if (!IsAddressOf && !IsFunction && !IsArray)
13076 return;
13077
13078 // Pretty print the expression for the diagnostic.
13079 std::string Str;
13080 llvm::raw_string_ostream S(Str);
13081 E->printPretty(OS&: S, Helper: nullptr, Policy: getPrintingPolicy());
13082
13083 unsigned DiagID = IsCompare ? diag::warn_null_pointer_compare
13084 : diag::warn_impcast_pointer_to_bool;
13085 enum {
13086 AddressOf,
13087 FunctionPointer,
13088 ArrayPointer
13089 } DiagType;
13090 if (IsAddressOf)
13091 DiagType = AddressOf;
13092 else if (IsFunction)
13093 DiagType = FunctionPointer;
13094 else if (IsArray)
13095 DiagType = ArrayPointer;
13096 else
13097 llvm_unreachable("Could not determine diagnostic.");
13098 Diag(Loc: E->getExprLoc(), DiagID) << DiagType << S.str() << E->getSourceRange()
13099 << Range << IsEqual;
13100
13101 if (!IsFunction)
13102 return;
13103
13104 // Suggest '&' to silence the function warning.
13105 Diag(Loc: E->getExprLoc(), DiagID: diag::note_function_warning_silence)
13106 << FixItHint::CreateInsertion(InsertionLoc: E->getBeginLoc(), Code: "&");
13107
13108 // Check to see if '()' fixit should be emitted.
13109 QualType ReturnType;
13110 UnresolvedSet<4> NonTemplateOverloads;
13111 tryExprAsCall(E&: *E, ZeroArgCallReturnTy&: ReturnType, NonTemplateOverloads);
13112 if (ReturnType.isNull())
13113 return;
13114
13115 if (IsCompare) {
13116 // There are two cases here. If there is null constant, the only suggest
13117 // for a pointer return type. If the null is 0, then suggest if the return
13118 // type is a pointer or an integer type.
13119 if (!ReturnType->isPointerType()) {
13120 if (NullKind == Expr::NPCK_ZeroExpression ||
13121 NullKind == Expr::NPCK_ZeroLiteral) {
13122 if (!ReturnType->isIntegerType())
13123 return;
13124 } else {
13125 return;
13126 }
13127 }
13128 } else { // !IsCompare
13129 // For function to bool, only suggest if the function pointer has bool
13130 // return type.
13131 if (!ReturnType->isSpecificBuiltinType(K: BuiltinType::Bool))
13132 return;
13133 }
13134 Diag(Loc: E->getExprLoc(), DiagID: diag::note_function_to_function_call)
13135 << FixItHint::CreateInsertion(InsertionLoc: getLocForEndOfToken(Loc: E->getEndLoc()), Code: "()");
13136}
13137
13138void Sema::CheckImplicitConversions(Expr *E, SourceLocation CC) {
13139 // Don't diagnose in unevaluated contexts.
13140 if (isUnevaluatedContext())
13141 return;
13142
13143 // Don't diagnose for value- or type-dependent expressions.
13144 if (E->isTypeDependent() || E->isValueDependent())
13145 return;
13146
13147 // Check for array bounds violations in cases where the check isn't triggered
13148 // elsewhere for other Expr types (like BinaryOperators), e.g. when an
13149 // ArraySubscriptExpr is on the RHS of a variable initialization.
13150 CheckArrayAccess(E);
13151
13152 // This is not the right CC for (e.g.) a variable initialization.
13153 AnalyzeImplicitConversions(S&: *this, OrigE: E, CC);
13154}
13155
13156void Sema::CheckBoolLikeConversion(Expr *E, SourceLocation CC) {
13157 ::CheckBoolLikeConversion(S&: *this, E, CC);
13158}
13159
13160void Sema::CheckForIntOverflow (const Expr *E) {
13161 // Use a work list to deal with nested struct initializers.
13162 SmallVector<const Expr *, 2> Exprs(1, E);
13163
13164 do {
13165 const Expr *OriginalE = Exprs.pop_back_val();
13166 const Expr *E = OriginalE->IgnoreParenCasts();
13167
13168 if (isa<BinaryOperator, UnaryOperator>(Val: E)) {
13169 E->EvaluateForOverflow(Ctx: Context);
13170 continue;
13171 }
13172
13173 if (const auto *InitList = dyn_cast<InitListExpr>(Val: OriginalE))
13174 Exprs.append(in_start: InitList->inits().begin(), in_end: InitList->inits().end());
13175 else if (isa<ObjCBoxedExpr>(Val: OriginalE))
13176 E->EvaluateForOverflow(Ctx: Context);
13177 else if (const auto *Call = dyn_cast<CallExpr>(Val: E))
13178 Exprs.append(in_start: Call->arg_begin(), in_end: Call->arg_end());
13179 else if (const auto *Message = dyn_cast<ObjCMessageExpr>(Val: E))
13180 Exprs.append(in_start: Message->arg_begin(), in_end: Message->arg_end());
13181 else if (const auto *Construct = dyn_cast<CXXConstructExpr>(Val: E))
13182 Exprs.append(in_start: Construct->arg_begin(), in_end: Construct->arg_end());
13183 else if (const auto *Temporary = dyn_cast<CXXBindTemporaryExpr>(Val: E))
13184 Exprs.push_back(Elt: Temporary->getSubExpr());
13185 else if (const auto *Array = dyn_cast<ArraySubscriptExpr>(Val: E))
13186 Exprs.push_back(Elt: Array->getIdx());
13187 else if (const auto *Compound = dyn_cast<CompoundLiteralExpr>(Val: E))
13188 Exprs.push_back(Elt: Compound->getInitializer());
13189 else if (const auto *New = dyn_cast<CXXNewExpr>(Val: E);
13190 New && New->isArray()) {
13191 if (auto ArraySize = New->getArraySize())
13192 Exprs.push_back(Elt: *ArraySize);
13193 } else if (const auto *MTE = dyn_cast<MaterializeTemporaryExpr>(Val: OriginalE))
13194 Exprs.push_back(Elt: MTE->getSubExpr());
13195 } while (!Exprs.empty());
13196}
13197
13198namespace {
13199
13200/// Visitor for expressions which looks for unsequenced operations on the
13201/// same object.
13202class SequenceChecker : public ConstEvaluatedExprVisitor<SequenceChecker> {
13203 using Base = ConstEvaluatedExprVisitor<SequenceChecker>;
13204
13205 /// A tree of sequenced regions within an expression. Two regions are
13206 /// unsequenced if one is an ancestor or a descendent of the other. When we
13207 /// finish processing an expression with sequencing, such as a comma
13208 /// expression, we fold its tree nodes into its parent, since they are
13209 /// unsequenced with respect to nodes we will visit later.
13210 class SequenceTree {
13211 struct Value {
13212 explicit Value(unsigned Parent) : Parent(Parent), Merged(false) {}
13213 unsigned Parent : 31;
13214 LLVM_PREFERRED_TYPE(bool)
13215 unsigned Merged : 1;
13216 };
13217 SmallVector<Value, 8> Values;
13218
13219 public:
13220 /// A region within an expression which may be sequenced with respect
13221 /// to some other region.
13222 class Seq {
13223 friend class SequenceTree;
13224
13225 unsigned Index;
13226
13227 explicit Seq(unsigned N) : Index(N) {}
13228
13229 public:
13230 Seq() : Index(0) {}
13231 };
13232
13233 SequenceTree() { Values.push_back(Elt: Value(0)); }
13234 Seq root() const { return Seq(0); }
13235
13236 /// Create a new sequence of operations, which is an unsequenced
13237 /// subset of \p Parent. This sequence of operations is sequenced with
13238 /// respect to other children of \p Parent.
13239 Seq allocate(Seq Parent) {
13240 Values.push_back(Elt: Value(Parent.Index));
13241 return Seq(Values.size() - 1);
13242 }
13243
13244 /// Merge a sequence of operations into its parent.
13245 void merge(Seq S) {
13246 Values[S.Index].Merged = true;
13247 }
13248
13249 /// Determine whether two operations are unsequenced. This operation
13250 /// is asymmetric: \p Cur should be the more recent sequence, and \p Old
13251 /// should have been merged into its parent as appropriate.
13252 bool isUnsequenced(Seq Cur, Seq Old) {
13253 unsigned C = representative(K: Cur.Index);
13254 unsigned Target = representative(K: Old.Index);
13255 while (C >= Target) {
13256 if (C == Target)
13257 return true;
13258 C = Values[C].Parent;
13259 }
13260 return false;
13261 }
13262
13263 private:
13264 /// Pick a representative for a sequence.
13265 unsigned representative(unsigned K) {
13266 if (Values[K].Merged)
13267 // Perform path compression as we go.
13268 return Values[K].Parent = representative(K: Values[K].Parent);
13269 return K;
13270 }
13271 };
13272
13273 /// An object for which we can track unsequenced uses.
13274 using Object = const NamedDecl *;
13275
13276 /// Different flavors of object usage which we track. We only track the
13277 /// least-sequenced usage of each kind.
13278 enum UsageKind {
13279 /// A read of an object. Multiple unsequenced reads are OK.
13280 UK_Use,
13281
13282 /// A modification of an object which is sequenced before the value
13283 /// computation of the expression, such as ++n in C++.
13284 UK_ModAsValue,
13285
13286 /// A modification of an object which is not sequenced before the value
13287 /// computation of the expression, such as n++.
13288 UK_ModAsSideEffect,
13289
13290 UK_Count = UK_ModAsSideEffect + 1
13291 };
13292
13293 /// Bundle together a sequencing region and the expression corresponding
13294 /// to a specific usage. One Usage is stored for each usage kind in UsageInfo.
13295 struct Usage {
13296 const Expr *UsageExpr = nullptr;
13297 SequenceTree::Seq Seq;
13298
13299 Usage() = default;
13300 };
13301
13302 struct UsageInfo {
13303 Usage Uses[UK_Count];
13304
13305 /// Have we issued a diagnostic for this object already?
13306 bool Diagnosed = false;
13307
13308 UsageInfo();
13309 };
13310 using UsageInfoMap = llvm::SmallDenseMap<Object, UsageInfo, 16>;
13311
13312 Sema &SemaRef;
13313
13314 /// Sequenced regions within the expression.
13315 SequenceTree Tree;
13316
13317 /// Declaration modifications and references which we have seen.
13318 UsageInfoMap UsageMap;
13319
13320 /// The region we are currently within.
13321 SequenceTree::Seq Region;
13322
13323 /// Filled in with declarations which were modified as a side-effect
13324 /// (that is, post-increment operations).
13325 SmallVectorImpl<std::pair<Object, Usage>> *ModAsSideEffect = nullptr;
13326
13327 /// Expressions to check later. We defer checking these to reduce
13328 /// stack usage.
13329 SmallVectorImpl<const Expr *> &WorkList;
13330
13331 /// RAII object wrapping the visitation of a sequenced subexpression of an
13332 /// expression. At the end of this process, the side-effects of the evaluation
13333 /// become sequenced with respect to the value computation of the result, so
13334 /// we downgrade any UK_ModAsSideEffect within the evaluation to
13335 /// UK_ModAsValue.
13336 struct SequencedSubexpression {
13337 SequencedSubexpression(SequenceChecker &Self)
13338 : Self(Self), OldModAsSideEffect(Self.ModAsSideEffect) {
13339 Self.ModAsSideEffect = &ModAsSideEffect;
13340 }
13341
13342 ~SequencedSubexpression() {
13343 for (const std::pair<Object, Usage> &M : llvm::reverse(C&: ModAsSideEffect)) {
13344 // Add a new usage with usage kind UK_ModAsValue, and then restore
13345 // the previous usage with UK_ModAsSideEffect (thus clearing it if
13346 // the previous one was empty).
13347 UsageInfo &UI = Self.UsageMap[M.first];
13348 auto &SideEffectUsage = UI.Uses[UK_ModAsSideEffect];
13349 Self.addUsage(O: M.first, UI, UsageExpr: SideEffectUsage.UsageExpr, UK: UK_ModAsValue);
13350 SideEffectUsage = M.second;
13351 }
13352 Self.ModAsSideEffect = OldModAsSideEffect;
13353 }
13354
13355 SequenceChecker &Self;
13356 SmallVector<std::pair<Object, Usage>, 4> ModAsSideEffect;
13357 SmallVectorImpl<std::pair<Object, Usage>> *OldModAsSideEffect;
13358 };
13359
13360 /// RAII object wrapping the visitation of a subexpression which we might
13361 /// choose to evaluate as a constant. If any subexpression is evaluated and
13362 /// found to be non-constant, this allows us to suppress the evaluation of
13363 /// the outer expression.
13364 class EvaluationTracker {
13365 public:
13366 EvaluationTracker(SequenceChecker &Self)
13367 : Self(Self), Prev(Self.EvalTracker) {
13368 Self.EvalTracker = this;
13369 }
13370
13371 ~EvaluationTracker() {
13372 Self.EvalTracker = Prev;
13373 if (Prev)
13374 Prev->EvalOK &= EvalOK;
13375 }
13376
13377 bool evaluate(const Expr *E, bool &Result) {
13378 if (!EvalOK || E->isValueDependent())
13379 return false;
13380 EvalOK = E->EvaluateAsBooleanCondition(
13381 Result, Ctx: Self.SemaRef.Context,
13382 InConstantContext: Self.SemaRef.isConstantEvaluatedContext());
13383 return EvalOK;
13384 }
13385
13386 private:
13387 SequenceChecker &Self;
13388 EvaluationTracker *Prev;
13389 bool EvalOK = true;
13390 } *EvalTracker = nullptr;
13391
13392 /// Find the object which is produced by the specified expression,
13393 /// if any.
13394 Object getObject(const Expr *E, bool Mod) const {
13395 E = E->IgnoreParenCasts();
13396 if (const UnaryOperator *UO = dyn_cast<UnaryOperator>(Val: E)) {
13397 if (Mod && (UO->getOpcode() == UO_PreInc || UO->getOpcode() == UO_PreDec))
13398 return getObject(E: UO->getSubExpr(), Mod);
13399 } else if (const BinaryOperator *BO = dyn_cast<BinaryOperator>(Val: E)) {
13400 if (BO->getOpcode() == BO_Comma)
13401 return getObject(E: BO->getRHS(), Mod);
13402 if (Mod && BO->isAssignmentOp())
13403 return getObject(E: BO->getLHS(), Mod);
13404 } else if (const MemberExpr *ME = dyn_cast<MemberExpr>(Val: E)) {
13405 // FIXME: Check for more interesting cases, like "x.n = ++x.n".
13406 if (isa<CXXThisExpr>(Val: ME->getBase()->IgnoreParenCasts()))
13407 return ME->getMemberDecl();
13408 } else if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Val: E))
13409 // FIXME: If this is a reference, map through to its value.
13410 return DRE->getDecl();
13411 return nullptr;
13412 }
13413
13414 /// Note that an object \p O was modified or used by an expression
13415 /// \p UsageExpr with usage kind \p UK. \p UI is the \p UsageInfo for
13416 /// the object \p O as obtained via the \p UsageMap.
13417 void addUsage(Object O, UsageInfo &UI, const Expr *UsageExpr, UsageKind UK) {
13418 // Get the old usage for the given object and usage kind.
13419 Usage &U = UI.Uses[UK];
13420 if (!U.UsageExpr || !Tree.isUnsequenced(Cur: Region, Old: U.Seq)) {
13421 // If we have a modification as side effect and are in a sequenced
13422 // subexpression, save the old Usage so that we can restore it later
13423 // in SequencedSubexpression::~SequencedSubexpression.
13424 if (UK == UK_ModAsSideEffect && ModAsSideEffect)
13425 ModAsSideEffect->push_back(Elt: std::make_pair(x&: O, y&: U));
13426 // Then record the new usage with the current sequencing region.
13427 U.UsageExpr = UsageExpr;
13428 U.Seq = Region;
13429 }
13430 }
13431
13432 /// Check whether a modification or use of an object \p O in an expression
13433 /// \p UsageExpr conflicts with a prior usage of kind \p OtherKind. \p UI is
13434 /// the \p UsageInfo for the object \p O as obtained via the \p UsageMap.
13435 /// \p IsModMod is true when we are checking for a mod-mod unsequenced
13436 /// usage and false we are checking for a mod-use unsequenced usage.
13437 void checkUsage(Object O, UsageInfo &UI, const Expr *UsageExpr,
13438 UsageKind OtherKind, bool IsModMod) {
13439 if (UI.Diagnosed)
13440 return;
13441
13442 const Usage &U = UI.Uses[OtherKind];
13443 if (!U.UsageExpr || !Tree.isUnsequenced(Cur: Region, Old: U.Seq))
13444 return;
13445
13446 const Expr *Mod = U.UsageExpr;
13447 const Expr *ModOrUse = UsageExpr;
13448 if (OtherKind == UK_Use)
13449 std::swap(a&: Mod, b&: ModOrUse);
13450
13451 SemaRef.DiagRuntimeBehavior(
13452 Loc: Mod->getExprLoc(), Stmts: {Mod, ModOrUse},
13453 PD: SemaRef.PDiag(DiagID: IsModMod ? diag::warn_unsequenced_mod_mod
13454 : diag::warn_unsequenced_mod_use)
13455 << O << SourceRange(ModOrUse->getExprLoc()));
13456 UI.Diagnosed = true;
13457 }
13458
13459 // A note on note{Pre, Post}{Use, Mod}:
13460 //
13461 // (It helps to follow the algorithm with an expression such as
13462 // "((++k)++, k) = k" or "k = (k++, k++)". Both contain unsequenced
13463 // operations before C++17 and both are well-defined in C++17).
13464 //
13465 // When visiting a node which uses/modify an object we first call notePreUse
13466 // or notePreMod before visiting its sub-expression(s). At this point the
13467 // children of the current node have not yet been visited and so the eventual
13468 // uses/modifications resulting from the children of the current node have not
13469 // been recorded yet.
13470 //
13471 // We then visit the children of the current node. After that notePostUse or
13472 // notePostMod is called. These will 1) detect an unsequenced modification
13473 // as side effect (as in "k++ + k") and 2) add a new usage with the
13474 // appropriate usage kind.
13475 //
13476 // We also have to be careful that some operation sequences modification as
13477 // side effect as well (for example: || or ,). To account for this we wrap
13478 // the visitation of such a sub-expression (for example: the LHS of || or ,)
13479 // with SequencedSubexpression. SequencedSubexpression is an RAII object
13480 // which record usages which are modifications as side effect, and then
13481 // downgrade them (or more accurately restore the previous usage which was a
13482 // modification as side effect) when exiting the scope of the sequenced
13483 // subexpression.
13484
13485 void notePreUse(Object O, const Expr *UseExpr) {
13486 UsageInfo &UI = UsageMap[O];
13487 // Uses conflict with other modifications.
13488 checkUsage(O, UI, UsageExpr: UseExpr, /*OtherKind=*/UK_ModAsValue, /*IsModMod=*/false);
13489 }
13490
13491 void notePostUse(Object O, const Expr *UseExpr) {
13492 UsageInfo &UI = UsageMap[O];
13493 checkUsage(O, UI, UsageExpr: UseExpr, /*OtherKind=*/UK_ModAsSideEffect,
13494 /*IsModMod=*/false);
13495 addUsage(O, UI, UsageExpr: UseExpr, /*UsageKind=*/UK: UK_Use);
13496 }
13497
13498 void notePreMod(Object O, const Expr *ModExpr) {
13499 UsageInfo &UI = UsageMap[O];
13500 // Modifications conflict with other modifications and with uses.
13501 checkUsage(O, UI, UsageExpr: ModExpr, /*OtherKind=*/UK_ModAsValue, /*IsModMod=*/true);
13502 checkUsage(O, UI, UsageExpr: ModExpr, /*OtherKind=*/UK_Use, /*IsModMod=*/false);
13503 }
13504
13505 void notePostMod(Object O, const Expr *ModExpr, UsageKind UK) {
13506 UsageInfo &UI = UsageMap[O];
13507 checkUsage(O, UI, UsageExpr: ModExpr, /*OtherKind=*/UK_ModAsSideEffect,
13508 /*IsModMod=*/true);
13509 addUsage(O, UI, UsageExpr: ModExpr, /*UsageKind=*/UK);
13510 }
13511
13512public:
13513 SequenceChecker(Sema &S, const Expr *E,
13514 SmallVectorImpl<const Expr *> &WorkList)
13515 : Base(S.Context), SemaRef(S), Region(Tree.root()), WorkList(WorkList) {
13516 Visit(S: E);
13517 // Silence a -Wunused-private-field since WorkList is now unused.
13518 // TODO: Evaluate if it can be used, and if not remove it.
13519 (void)this->WorkList;
13520 }
13521
13522 void VisitStmt(const Stmt *S) {
13523 // Skip all statements which aren't expressions for now.
13524 }
13525
13526 void VisitExpr(const Expr *E) {
13527 // By default, just recurse to evaluated subexpressions.
13528 Base::VisitStmt(S: E);
13529 }
13530
13531 void VisitCoroutineSuspendExpr(const CoroutineSuspendExpr *CSE) {
13532 for (auto *Sub : CSE->children()) {
13533 const Expr *ChildExpr = dyn_cast_or_null<Expr>(Val: Sub);
13534 if (!ChildExpr)
13535 continue;
13536
13537 if (ChildExpr == CSE->getOperand())
13538 // Do not recurse over a CoroutineSuspendExpr's operand.
13539 // The operand is also a subexpression of getCommonExpr(), and
13540 // recursing into it directly could confuse object management
13541 // for the sake of sequence tracking.
13542 continue;
13543
13544 Visit(S: Sub);
13545 }
13546 }
13547
13548 void VisitCastExpr(const CastExpr *E) {
13549 Object O = Object();
13550 if (E->getCastKind() == CK_LValueToRValue)
13551 O = getObject(E: E->getSubExpr(), Mod: false);
13552
13553 if (O)
13554 notePreUse(O, UseExpr: E);
13555 VisitExpr(E);
13556 if (O)
13557 notePostUse(O, UseExpr: E);
13558 }
13559
13560 void VisitSequencedExpressions(const Expr *SequencedBefore,
13561 const Expr *SequencedAfter) {
13562 SequenceTree::Seq BeforeRegion = Tree.allocate(Parent: Region);
13563 SequenceTree::Seq AfterRegion = Tree.allocate(Parent: Region);
13564 SequenceTree::Seq OldRegion = Region;
13565
13566 {
13567 SequencedSubexpression SeqBefore(*this);
13568 Region = BeforeRegion;
13569 Visit(S: SequencedBefore);
13570 }
13571
13572 Region = AfterRegion;
13573 Visit(S: SequencedAfter);
13574
13575 Region = OldRegion;
13576
13577 Tree.merge(S: BeforeRegion);
13578 Tree.merge(S: AfterRegion);
13579 }
13580
13581 void VisitArraySubscriptExpr(const ArraySubscriptExpr *ASE) {
13582 // C++17 [expr.sub]p1:
13583 // The expression E1[E2] is identical (by definition) to *((E1)+(E2)). The
13584 // expression E1 is sequenced before the expression E2.
13585 if (SemaRef.getLangOpts().CPlusPlus17)
13586 VisitSequencedExpressions(SequencedBefore: ASE->getLHS(), SequencedAfter: ASE->getRHS());
13587 else {
13588 Visit(S: ASE->getLHS());
13589 Visit(S: ASE->getRHS());
13590 }
13591 }
13592
13593 void VisitBinPtrMemD(const BinaryOperator *BO) { VisitBinPtrMem(BO); }
13594 void VisitBinPtrMemI(const BinaryOperator *BO) { VisitBinPtrMem(BO); }
13595 void VisitBinPtrMem(const BinaryOperator *BO) {
13596 // C++17 [expr.mptr.oper]p4:
13597 // Abbreviating pm-expression.*cast-expression as E1.*E2, [...]
13598 // the expression E1 is sequenced before the expression E2.
13599 if (SemaRef.getLangOpts().CPlusPlus17)
13600 VisitSequencedExpressions(SequencedBefore: BO->getLHS(), SequencedAfter: BO->getRHS());
13601 else {
13602 Visit(S: BO->getLHS());
13603 Visit(S: BO->getRHS());
13604 }
13605 }
13606
13607 void VisitBinShl(const BinaryOperator *BO) { VisitBinShlShr(BO); }
13608 void VisitBinShr(const BinaryOperator *BO) { VisitBinShlShr(BO); }
13609 void VisitBinShlShr(const BinaryOperator *BO) {
13610 // C++17 [expr.shift]p4:
13611 // The expression E1 is sequenced before the expression E2.
13612 if (SemaRef.getLangOpts().CPlusPlus17)
13613 VisitSequencedExpressions(SequencedBefore: BO->getLHS(), SequencedAfter: BO->getRHS());
13614 else {
13615 Visit(S: BO->getLHS());
13616 Visit(S: BO->getRHS());
13617 }
13618 }
13619
13620 void VisitBinComma(const BinaryOperator *BO) {
13621 // C++11 [expr.comma]p1:
13622 // Every value computation and side effect associated with the left
13623 // expression is sequenced before every value computation and side
13624 // effect associated with the right expression.
13625 VisitSequencedExpressions(SequencedBefore: BO->getLHS(), SequencedAfter: BO->getRHS());
13626 }
13627
13628 void VisitBinAssign(const BinaryOperator *BO) {
13629 SequenceTree::Seq RHSRegion;
13630 SequenceTree::Seq LHSRegion;
13631 if (SemaRef.getLangOpts().CPlusPlus17) {
13632 RHSRegion = Tree.allocate(Parent: Region);
13633 LHSRegion = Tree.allocate(Parent: Region);
13634 } else {
13635 RHSRegion = Region;
13636 LHSRegion = Region;
13637 }
13638 SequenceTree::Seq OldRegion = Region;
13639
13640 // C++11 [expr.ass]p1:
13641 // [...] the assignment is sequenced after the value computation
13642 // of the right and left operands, [...]
13643 //
13644 // so check it before inspecting the operands and update the
13645 // map afterwards.
13646 Object O = getObject(E: BO->getLHS(), /*Mod=*/true);
13647 if (O)
13648 notePreMod(O, ModExpr: BO);
13649
13650 if (SemaRef.getLangOpts().CPlusPlus17) {
13651 // C++17 [expr.ass]p1:
13652 // [...] The right operand is sequenced before the left operand. [...]
13653 {
13654 SequencedSubexpression SeqBefore(*this);
13655 Region = RHSRegion;
13656 Visit(S: BO->getRHS());
13657 }
13658
13659 Region = LHSRegion;
13660 Visit(S: BO->getLHS());
13661
13662 if (O && isa<CompoundAssignOperator>(Val: BO))
13663 notePostUse(O, UseExpr: BO);
13664
13665 } else {
13666 // C++11 does not specify any sequencing between the LHS and RHS.
13667 Region = LHSRegion;
13668 Visit(S: BO->getLHS());
13669
13670 if (O && isa<CompoundAssignOperator>(Val: BO))
13671 notePostUse(O, UseExpr: BO);
13672
13673 Region = RHSRegion;
13674 Visit(S: BO->getRHS());
13675 }
13676
13677 // C++11 [expr.ass]p1:
13678 // the assignment is sequenced [...] before the value computation of the
13679 // assignment expression.
13680 // C11 6.5.16/3 has no such rule.
13681 Region = OldRegion;
13682 if (O)
13683 notePostMod(O, ModExpr: BO,
13684 UK: SemaRef.getLangOpts().CPlusPlus ? UK_ModAsValue
13685 : UK_ModAsSideEffect);
13686 if (SemaRef.getLangOpts().CPlusPlus17) {
13687 Tree.merge(S: RHSRegion);
13688 Tree.merge(S: LHSRegion);
13689 }
13690 }
13691
13692 void VisitCompoundAssignOperator(const CompoundAssignOperator *CAO) {
13693 VisitBinAssign(BO: CAO);
13694 }
13695
13696 void VisitUnaryPreInc(const UnaryOperator *UO) { VisitUnaryPreIncDec(UO); }
13697 void VisitUnaryPreDec(const UnaryOperator *UO) { VisitUnaryPreIncDec(UO); }
13698 void VisitUnaryPreIncDec(const UnaryOperator *UO) {
13699 Object O = getObject(E: UO->getSubExpr(), Mod: true);
13700 if (!O)
13701 return VisitExpr(E: UO);
13702
13703 notePreMod(O, ModExpr: UO);
13704 Visit(S: UO->getSubExpr());
13705 // C++11 [expr.pre.incr]p1:
13706 // the expression ++x is equivalent to x+=1
13707 notePostMod(O, ModExpr: UO,
13708 UK: SemaRef.getLangOpts().CPlusPlus ? UK_ModAsValue
13709 : UK_ModAsSideEffect);
13710 }
13711
13712 void VisitUnaryPostInc(const UnaryOperator *UO) { VisitUnaryPostIncDec(UO); }
13713 void VisitUnaryPostDec(const UnaryOperator *UO) { VisitUnaryPostIncDec(UO); }
13714 void VisitUnaryPostIncDec(const UnaryOperator *UO) {
13715 Object O = getObject(E: UO->getSubExpr(), Mod: true);
13716 if (!O)
13717 return VisitExpr(E: UO);
13718
13719 notePreMod(O, ModExpr: UO);
13720 Visit(S: UO->getSubExpr());
13721 notePostMod(O, ModExpr: UO, UK: UK_ModAsSideEffect);
13722 }
13723
13724 void VisitBinLOr(const BinaryOperator *BO) {
13725 // C++11 [expr.log.or]p2:
13726 // If the second expression is evaluated, every value computation and
13727 // side effect associated with the first expression is sequenced before
13728 // every value computation and side effect associated with the
13729 // second expression.
13730 SequenceTree::Seq LHSRegion = Tree.allocate(Parent: Region);
13731 SequenceTree::Seq RHSRegion = Tree.allocate(Parent: Region);
13732 SequenceTree::Seq OldRegion = Region;
13733
13734 EvaluationTracker Eval(*this);
13735 {
13736 SequencedSubexpression Sequenced(*this);
13737 Region = LHSRegion;
13738 Visit(S: BO->getLHS());
13739 }
13740
13741 // C++11 [expr.log.or]p1:
13742 // [...] the second operand is not evaluated if the first operand
13743 // evaluates to true.
13744 bool EvalResult = false;
13745 bool EvalOK = Eval.evaluate(E: BO->getLHS(), Result&: EvalResult);
13746 bool ShouldVisitRHS = !EvalOK || !EvalResult;
13747 if (ShouldVisitRHS) {
13748 Region = RHSRegion;
13749 Visit(S: BO->getRHS());
13750 }
13751
13752 Region = OldRegion;
13753 Tree.merge(S: LHSRegion);
13754 Tree.merge(S: RHSRegion);
13755 }
13756
13757 void VisitBinLAnd(const BinaryOperator *BO) {
13758 // C++11 [expr.log.and]p2:
13759 // If the second expression is evaluated, every value computation and
13760 // side effect associated with the first expression is sequenced before
13761 // every value computation and side effect associated with the
13762 // second expression.
13763 SequenceTree::Seq LHSRegion = Tree.allocate(Parent: Region);
13764 SequenceTree::Seq RHSRegion = Tree.allocate(Parent: Region);
13765 SequenceTree::Seq OldRegion = Region;
13766
13767 EvaluationTracker Eval(*this);
13768 {
13769 SequencedSubexpression Sequenced(*this);
13770 Region = LHSRegion;
13771 Visit(S: BO->getLHS());
13772 }
13773
13774 // C++11 [expr.log.and]p1:
13775 // [...] the second operand is not evaluated if the first operand is false.
13776 bool EvalResult = false;
13777 bool EvalOK = Eval.evaluate(E: BO->getLHS(), Result&: EvalResult);
13778 bool ShouldVisitRHS = !EvalOK || EvalResult;
13779 if (ShouldVisitRHS) {
13780 Region = RHSRegion;
13781 Visit(S: BO->getRHS());
13782 }
13783
13784 Region = OldRegion;
13785 Tree.merge(S: LHSRegion);
13786 Tree.merge(S: RHSRegion);
13787 }
13788
13789 void VisitAbstractConditionalOperator(const AbstractConditionalOperator *CO) {
13790 // C++11 [expr.cond]p1:
13791 // [...] Every value computation and side effect associated with the first
13792 // expression is sequenced before every value computation and side effect
13793 // associated with the second or third expression.
13794 SequenceTree::Seq ConditionRegion = Tree.allocate(Parent: Region);
13795
13796 // No sequencing is specified between the true and false expression.
13797 // However since exactly one of both is going to be evaluated we can
13798 // consider them to be sequenced. This is needed to avoid warning on
13799 // something like "x ? y+= 1 : y += 2;" in the case where we will visit
13800 // both the true and false expressions because we can't evaluate x.
13801 // This will still allow us to detect an expression like (pre C++17)
13802 // "(x ? y += 1 : y += 2) = y".
13803 //
13804 // We don't wrap the visitation of the true and false expression with
13805 // SequencedSubexpression because we don't want to downgrade modifications
13806 // as side effect in the true and false expressions after the visition
13807 // is done. (for example in the expression "(x ? y++ : y++) + y" we should
13808 // not warn between the two "y++", but we should warn between the "y++"
13809 // and the "y".
13810 SequenceTree::Seq TrueRegion = Tree.allocate(Parent: Region);
13811 SequenceTree::Seq FalseRegion = Tree.allocate(Parent: Region);
13812 SequenceTree::Seq OldRegion = Region;
13813
13814 EvaluationTracker Eval(*this);
13815 {
13816 SequencedSubexpression Sequenced(*this);
13817 Region = ConditionRegion;
13818 Visit(S: CO->getCond());
13819 }
13820
13821 // C++11 [expr.cond]p1:
13822 // [...] The first expression is contextually converted to bool (Clause 4).
13823 // It is evaluated and if it is true, the result of the conditional
13824 // expression is the value of the second expression, otherwise that of the
13825 // third expression. Only one of the second and third expressions is
13826 // evaluated. [...]
13827 bool EvalResult = false;
13828 bool EvalOK = Eval.evaluate(E: CO->getCond(), Result&: EvalResult);
13829 bool ShouldVisitTrueExpr = !EvalOK || EvalResult;
13830 bool ShouldVisitFalseExpr = !EvalOK || !EvalResult;
13831 if (ShouldVisitTrueExpr) {
13832 Region = TrueRegion;
13833 Visit(S: CO->getTrueExpr());
13834 }
13835 if (ShouldVisitFalseExpr) {
13836 Region = FalseRegion;
13837 Visit(S: CO->getFalseExpr());
13838 }
13839
13840 Region = OldRegion;
13841 Tree.merge(S: ConditionRegion);
13842 Tree.merge(S: TrueRegion);
13843 Tree.merge(S: FalseRegion);
13844 }
13845
13846 void VisitCallExpr(const CallExpr *CE) {
13847 // FIXME: CXXNewExpr and CXXDeleteExpr implicitly call functions.
13848
13849 if (CE->isUnevaluatedBuiltinCall(Ctx: Context))
13850 return;
13851
13852 // C++11 [intro.execution]p15:
13853 // When calling a function [...], every value computation and side effect
13854 // associated with any argument expression, or with the postfix expression
13855 // designating the called function, is sequenced before execution of every
13856 // expression or statement in the body of the function [and thus before
13857 // the value computation of its result].
13858 SequencedSubexpression Sequenced(*this);
13859 SemaRef.runWithSufficientStackSpace(Loc: CE->getExprLoc(), Fn: [&] {
13860 // C++17 [expr.call]p5
13861 // The postfix-expression is sequenced before each expression in the
13862 // expression-list and any default argument. [...]
13863 SequenceTree::Seq CalleeRegion;
13864 SequenceTree::Seq OtherRegion;
13865 if (SemaRef.getLangOpts().CPlusPlus17) {
13866 CalleeRegion = Tree.allocate(Parent: Region);
13867 OtherRegion = Tree.allocate(Parent: Region);
13868 } else {
13869 CalleeRegion = Region;
13870 OtherRegion = Region;
13871 }
13872 SequenceTree::Seq OldRegion = Region;
13873
13874 // Visit the callee expression first.
13875 Region = CalleeRegion;
13876 if (SemaRef.getLangOpts().CPlusPlus17) {
13877 SequencedSubexpression Sequenced(*this);
13878 Visit(S: CE->getCallee());
13879 } else {
13880 Visit(S: CE->getCallee());
13881 }
13882
13883 // Then visit the argument expressions.
13884 Region = OtherRegion;
13885 for (const Expr *Argument : CE->arguments())
13886 Visit(S: Argument);
13887
13888 Region = OldRegion;
13889 if (SemaRef.getLangOpts().CPlusPlus17) {
13890 Tree.merge(S: CalleeRegion);
13891 Tree.merge(S: OtherRegion);
13892 }
13893 });
13894 }
13895
13896 void VisitCXXOperatorCallExpr(const CXXOperatorCallExpr *CXXOCE) {
13897 // C++17 [over.match.oper]p2:
13898 // [...] the operator notation is first transformed to the equivalent
13899 // function-call notation as summarized in Table 12 (where @ denotes one
13900 // of the operators covered in the specified subclause). However, the
13901 // operands are sequenced in the order prescribed for the built-in
13902 // operator (Clause 8).
13903 //
13904 // From the above only overloaded binary operators and overloaded call
13905 // operators have sequencing rules in C++17 that we need to handle
13906 // separately.
13907 if (!SemaRef.getLangOpts().CPlusPlus17 ||
13908 (CXXOCE->getNumArgs() != 2 && CXXOCE->getOperator() != OO_Call))
13909 return VisitCallExpr(CE: CXXOCE);
13910
13911 enum {
13912 NoSequencing,
13913 LHSBeforeRHS,
13914 RHSBeforeLHS,
13915 LHSBeforeRest
13916 } SequencingKind;
13917 switch (CXXOCE->getOperator()) {
13918 case OO_Equal:
13919 case OO_PlusEqual:
13920 case OO_MinusEqual:
13921 case OO_StarEqual:
13922 case OO_SlashEqual:
13923 case OO_PercentEqual:
13924 case OO_CaretEqual:
13925 case OO_AmpEqual:
13926 case OO_PipeEqual:
13927 case OO_LessLessEqual:
13928 case OO_GreaterGreaterEqual:
13929 SequencingKind = RHSBeforeLHS;
13930 break;
13931
13932 case OO_LessLess:
13933 case OO_GreaterGreater:
13934 case OO_AmpAmp:
13935 case OO_PipePipe:
13936 case OO_Comma:
13937 case OO_ArrowStar:
13938 case OO_Subscript:
13939 SequencingKind = LHSBeforeRHS;
13940 break;
13941
13942 case OO_Call:
13943 SequencingKind = LHSBeforeRest;
13944 break;
13945
13946 default:
13947 SequencingKind = NoSequencing;
13948 break;
13949 }
13950
13951 if (SequencingKind == NoSequencing)
13952 return VisitCallExpr(CE: CXXOCE);
13953
13954 // This is a call, so all subexpressions are sequenced before the result.
13955 SequencedSubexpression Sequenced(*this);
13956
13957 SemaRef.runWithSufficientStackSpace(Loc: CXXOCE->getExprLoc(), Fn: [&] {
13958 assert(SemaRef.getLangOpts().CPlusPlus17 &&
13959 "Should only get there with C++17 and above!");
13960 assert((CXXOCE->getNumArgs() == 2 || CXXOCE->getOperator() == OO_Call) &&
13961 "Should only get there with an overloaded binary operator"
13962 " or an overloaded call operator!");
13963
13964 if (SequencingKind == LHSBeforeRest) {
13965 assert(CXXOCE->getOperator() == OO_Call &&
13966 "We should only have an overloaded call operator here!");
13967
13968 // This is very similar to VisitCallExpr, except that we only have the
13969 // C++17 case. The postfix-expression is the first argument of the
13970 // CXXOperatorCallExpr. The expressions in the expression-list, if any,
13971 // are in the following arguments.
13972 //
13973 // Note that we intentionally do not visit the callee expression since
13974 // it is just a decayed reference to a function.
13975 SequenceTree::Seq PostfixExprRegion = Tree.allocate(Parent: Region);
13976 SequenceTree::Seq ArgsRegion = Tree.allocate(Parent: Region);
13977 SequenceTree::Seq OldRegion = Region;
13978
13979 assert(CXXOCE->getNumArgs() >= 1 &&
13980 "An overloaded call operator must have at least one argument"
13981 " for the postfix-expression!");
13982 const Expr *PostfixExpr = CXXOCE->getArgs()[0];
13983 llvm::ArrayRef<const Expr *> Args(CXXOCE->getArgs() + 1,
13984 CXXOCE->getNumArgs() - 1);
13985
13986 // Visit the postfix-expression first.
13987 {
13988 Region = PostfixExprRegion;
13989 SequencedSubexpression Sequenced(*this);
13990 Visit(S: PostfixExpr);
13991 }
13992
13993 // Then visit the argument expressions.
13994 Region = ArgsRegion;
13995 for (const Expr *Arg : Args)
13996 Visit(S: Arg);
13997
13998 Region = OldRegion;
13999 Tree.merge(S: PostfixExprRegion);
14000 Tree.merge(S: ArgsRegion);
14001 } else {
14002 assert(CXXOCE->getNumArgs() == 2 &&
14003 "Should only have two arguments here!");
14004 assert((SequencingKind == LHSBeforeRHS ||
14005 SequencingKind == RHSBeforeLHS) &&
14006 "Unexpected sequencing kind!");
14007
14008 // We do not visit the callee expression since it is just a decayed
14009 // reference to a function.
14010 const Expr *E1 = CXXOCE->getArg(Arg: 0);
14011 const Expr *E2 = CXXOCE->getArg(Arg: 1);
14012 if (SequencingKind == RHSBeforeLHS)
14013 std::swap(a&: E1, b&: E2);
14014
14015 return VisitSequencedExpressions(SequencedBefore: E1, SequencedAfter: E2);
14016 }
14017 });
14018 }
14019
14020 void VisitCXXConstructExpr(const CXXConstructExpr *CCE) {
14021 // This is a call, so all subexpressions are sequenced before the result.
14022 SequencedSubexpression Sequenced(*this);
14023
14024 if (!CCE->isListInitialization())
14025 return VisitExpr(E: CCE);
14026
14027 // In C++11, list initializations are sequenced.
14028 SequenceExpressionsInOrder(
14029 ExpressionList: llvm::ArrayRef(CCE->getArgs(), CCE->getNumArgs()));
14030 }
14031
14032 void VisitInitListExpr(const InitListExpr *ILE) {
14033 if (!SemaRef.getLangOpts().CPlusPlus11)
14034 return VisitExpr(E: ILE);
14035
14036 // In C++11, list initializations are sequenced.
14037 SequenceExpressionsInOrder(ExpressionList: ILE->inits());
14038 }
14039
14040 void VisitCXXParenListInitExpr(const CXXParenListInitExpr *PLIE) {
14041 // C++20 parenthesized list initializations are sequenced. See C++20
14042 // [decl.init.general]p16.5 and [decl.init.general]p16.6.2.2.
14043 SequenceExpressionsInOrder(ExpressionList: PLIE->getInitExprs());
14044 }
14045
14046private:
14047 void SequenceExpressionsInOrder(ArrayRef<const Expr *> ExpressionList) {
14048 SmallVector<SequenceTree::Seq, 32> Elts;
14049 SequenceTree::Seq Parent = Region;
14050 for (const Expr *E : ExpressionList) {
14051 if (!E)
14052 continue;
14053 Region = Tree.allocate(Parent);
14054 Elts.push_back(Elt: Region);
14055 Visit(S: E);
14056 }
14057
14058 // Forget that the initializers are sequenced.
14059 Region = Parent;
14060 for (unsigned I = 0; I < Elts.size(); ++I)
14061 Tree.merge(S: Elts[I]);
14062 }
14063};
14064
14065SequenceChecker::UsageInfo::UsageInfo() = default;
14066
14067} // namespace
14068
14069void Sema::CheckUnsequencedOperations(const Expr *E) {
14070 SmallVector<const Expr *, 8> WorkList;
14071 WorkList.push_back(Elt: E);
14072 while (!WorkList.empty()) {
14073 const Expr *Item = WorkList.pop_back_val();
14074 SequenceChecker(*this, Item, WorkList);
14075 }
14076}
14077
14078void Sema::CheckCompletedExpr(Expr *E, SourceLocation CheckLoc,
14079 bool IsConstexpr) {
14080 llvm::SaveAndRestore ConstantContext(isConstantEvaluatedOverride,
14081 IsConstexpr || isa<ConstantExpr>(Val: E));
14082 CheckImplicitConversions(E, CC: CheckLoc);
14083 if (!E->isInstantiationDependent())
14084 CheckUnsequencedOperations(E);
14085 if (!IsConstexpr && !E->isValueDependent())
14086 CheckForIntOverflow(E);
14087 DiagnoseMisalignedMembers();
14088}
14089
14090void Sema::CheckBitFieldInitialization(SourceLocation InitLoc,
14091 FieldDecl *BitField,
14092 Expr *Init) {
14093 (void) AnalyzeBitFieldAssignment(S&: *this, Bitfield: BitField, Init, InitLoc);
14094}
14095
14096static void diagnoseArrayStarInParamType(Sema &S, QualType PType,
14097 SourceLocation Loc) {
14098 if (!PType->isVariablyModifiedType())
14099 return;
14100 if (const auto *PointerTy = dyn_cast<PointerType>(Val&: PType)) {
14101 diagnoseArrayStarInParamType(S, PType: PointerTy->getPointeeType(), Loc);
14102 return;
14103 }
14104 if (const auto *ReferenceTy = dyn_cast<ReferenceType>(Val&: PType)) {
14105 diagnoseArrayStarInParamType(S, PType: ReferenceTy->getPointeeType(), Loc);
14106 return;
14107 }
14108 if (const auto *ParenTy = dyn_cast<ParenType>(Val&: PType)) {
14109 diagnoseArrayStarInParamType(S, PType: ParenTy->getInnerType(), Loc);
14110 return;
14111 }
14112
14113 const ArrayType *AT = S.Context.getAsArrayType(T: PType);
14114 if (!AT)
14115 return;
14116
14117 if (AT->getSizeModifier() != ArraySizeModifier::Star) {
14118 diagnoseArrayStarInParamType(S, PType: AT->getElementType(), Loc);
14119 return;
14120 }
14121
14122 S.Diag(Loc, DiagID: diag::err_array_star_in_function_definition);
14123}
14124
14125bool Sema::CheckParmsForFunctionDef(ArrayRef<ParmVarDecl *> Parameters,
14126 bool CheckParameterNames) {
14127 bool HasInvalidParm = false;
14128 for (ParmVarDecl *Param : Parameters) {
14129 assert(Param && "null in a parameter list");
14130 // C99 6.7.5.3p4: the parameters in a parameter type list in a
14131 // function declarator that is part of a function definition of
14132 // that function shall not have incomplete type.
14133 //
14134 // C++23 [dcl.fct.def.general]/p2
14135 // The type of a parameter [...] for a function definition
14136 // shall not be a (possibly cv-qualified) class type that is incomplete
14137 // or abstract within the function body unless the function is deleted.
14138 if (!Param->isInvalidDecl() &&
14139 (RequireCompleteType(Loc: Param->getLocation(), T: Param->getType(),
14140 DiagID: diag::err_typecheck_decl_incomplete_type) ||
14141 RequireNonAbstractType(Loc: Param->getBeginLoc(), T: Param->getOriginalType(),
14142 DiagID: diag::err_abstract_type_in_decl,
14143 Args: AbstractParamType))) {
14144 Param->setInvalidDecl();
14145 HasInvalidParm = true;
14146 }
14147
14148 // C99 6.9.1p5: If the declarator includes a parameter type list, the
14149 // declaration of each parameter shall include an identifier.
14150 if (CheckParameterNames && Param->getIdentifier() == nullptr &&
14151 !Param->isImplicit() && !getLangOpts().CPlusPlus) {
14152 // Diagnose this as an extension in C17 and earlier.
14153 if (!getLangOpts().C23)
14154 Diag(Loc: Param->getLocation(), DiagID: diag::ext_parameter_name_omitted_c23);
14155 }
14156
14157 // C99 6.7.5.3p12:
14158 // If the function declarator is not part of a definition of that
14159 // function, parameters may have incomplete type and may use the [*]
14160 // notation in their sequences of declarator specifiers to specify
14161 // variable length array types.
14162 QualType PType = Param->getOriginalType();
14163 // FIXME: This diagnostic should point the '[*]' if source-location
14164 // information is added for it.
14165 diagnoseArrayStarInParamType(S&: *this, PType, Loc: Param->getLocation());
14166
14167 // If the parameter is a c++ class type and it has to be destructed in the
14168 // callee function, declare the destructor so that it can be called by the
14169 // callee function. Do not perform any direct access check on the dtor here.
14170 if (!Param->isInvalidDecl()) {
14171 if (CXXRecordDecl *ClassDecl = Param->getType()->getAsCXXRecordDecl()) {
14172 if (!ClassDecl->isInvalidDecl() &&
14173 !ClassDecl->hasIrrelevantDestructor() &&
14174 !ClassDecl->isDependentContext() &&
14175 ClassDecl->isParamDestroyedInCallee()) {
14176 CXXDestructorDecl *Destructor = LookupDestructor(Class: ClassDecl);
14177 MarkFunctionReferenced(Loc: Param->getLocation(), Func: Destructor);
14178 DiagnoseUseOfDecl(D: Destructor, Locs: Param->getLocation());
14179 }
14180 }
14181 }
14182
14183 // Parameters with the pass_object_size attribute only need to be marked
14184 // constant at function definitions. Because we lack information about
14185 // whether we're on a declaration or definition when we're instantiating the
14186 // attribute, we need to check for constness here.
14187 if (const auto *Attr = Param->getAttr<PassObjectSizeAttr>())
14188 if (!Param->getType().isConstQualified())
14189 Diag(Loc: Param->getLocation(), DiagID: diag::err_attribute_pointers_only)
14190 << Attr->getSpelling() << 1;
14191
14192 // Check for parameter names shadowing fields from the class.
14193 if (LangOpts.CPlusPlus && !Param->isInvalidDecl()) {
14194 // The owning context for the parameter should be the function, but we
14195 // want to see if this function's declaration context is a record.
14196 DeclContext *DC = Param->getDeclContext();
14197 if (DC && DC->isFunctionOrMethod()) {
14198 if (auto *RD = dyn_cast<CXXRecordDecl>(Val: DC->getParent()))
14199 CheckShadowInheritedFields(Loc: Param->getLocation(), FieldName: Param->getDeclName(),
14200 RD, /*DeclIsField*/ false);
14201 }
14202 }
14203
14204 if (!Param->isInvalidDecl() &&
14205 Param->getOriginalType()->isWebAssemblyTableType()) {
14206 Param->setInvalidDecl();
14207 HasInvalidParm = true;
14208 Diag(Loc: Param->getLocation(), DiagID: diag::err_wasm_table_as_function_parameter);
14209 }
14210 }
14211
14212 return HasInvalidParm;
14213}
14214
14215std::optional<std::pair<
14216 CharUnits, CharUnits>> static getBaseAlignmentAndOffsetFromPtr(const Expr
14217 *E,
14218 ASTContext
14219 &Ctx);
14220
14221/// Compute the alignment and offset of the base class object given the
14222/// derived-to-base cast expression and the alignment and offset of the derived
14223/// class object.
14224static std::pair<CharUnits, CharUnits>
14225getDerivedToBaseAlignmentAndOffset(const CastExpr *CE, QualType DerivedType,
14226 CharUnits BaseAlignment, CharUnits Offset,
14227 ASTContext &Ctx) {
14228 for (auto PathI = CE->path_begin(), PathE = CE->path_end(); PathI != PathE;
14229 ++PathI) {
14230 const CXXBaseSpecifier *Base = *PathI;
14231 const CXXRecordDecl *BaseDecl = Base->getType()->getAsCXXRecordDecl();
14232 if (Base->isVirtual()) {
14233 // The complete object may have a lower alignment than the non-virtual
14234 // alignment of the base, in which case the base may be misaligned. Choose
14235 // the smaller of the non-virtual alignment and BaseAlignment, which is a
14236 // conservative lower bound of the complete object alignment.
14237 CharUnits NonVirtualAlignment =
14238 Ctx.getASTRecordLayout(D: BaseDecl).getNonVirtualAlignment();
14239 BaseAlignment = std::min(a: BaseAlignment, b: NonVirtualAlignment);
14240 Offset = CharUnits::Zero();
14241 } else {
14242 const ASTRecordLayout &RL =
14243 Ctx.getASTRecordLayout(D: DerivedType->getAsCXXRecordDecl());
14244 Offset += RL.getBaseClassOffset(Base: BaseDecl);
14245 }
14246 DerivedType = Base->getType();
14247 }
14248
14249 return std::make_pair(x&: BaseAlignment, y&: Offset);
14250}
14251
14252/// Compute the alignment and offset of a binary additive operator.
14253static std::optional<std::pair<CharUnits, CharUnits>>
14254getAlignmentAndOffsetFromBinAddOrSub(const Expr *PtrE, const Expr *IntE,
14255 bool IsSub, ASTContext &Ctx) {
14256 QualType PointeeType = PtrE->getType()->getPointeeType();
14257
14258 if (!PointeeType->isConstantSizeType())
14259 return std::nullopt;
14260
14261 auto P = getBaseAlignmentAndOffsetFromPtr(E: PtrE, Ctx);
14262
14263 if (!P)
14264 return std::nullopt;
14265
14266 CharUnits EltSize = Ctx.getTypeSizeInChars(T: PointeeType);
14267 if (std::optional<llvm::APSInt> IdxRes = IntE->getIntegerConstantExpr(Ctx)) {
14268 CharUnits Offset = EltSize * IdxRes->getExtValue();
14269 if (IsSub)
14270 Offset = -Offset;
14271 return std::make_pair(x&: P->first, y: P->second + Offset);
14272 }
14273
14274 // If the integer expression isn't a constant expression, compute the lower
14275 // bound of the alignment using the alignment and offset of the pointer
14276 // expression and the element size.
14277 return std::make_pair(
14278 x: P->first.alignmentAtOffset(offset: P->second).alignmentAtOffset(offset: EltSize),
14279 y: CharUnits::Zero());
14280}
14281
14282/// This helper function takes an lvalue expression and returns the alignment of
14283/// a VarDecl and a constant offset from the VarDecl.
14284std::optional<std::pair<
14285 CharUnits,
14286 CharUnits>> static getBaseAlignmentAndOffsetFromLValue(const Expr *E,
14287 ASTContext &Ctx) {
14288 E = E->IgnoreParens();
14289 switch (E->getStmtClass()) {
14290 default:
14291 break;
14292 case Stmt::CStyleCastExprClass:
14293 case Stmt::CXXStaticCastExprClass:
14294 case Stmt::ImplicitCastExprClass: {
14295 auto *CE = cast<CastExpr>(Val: E);
14296 const Expr *From = CE->getSubExpr();
14297 switch (CE->getCastKind()) {
14298 default:
14299 break;
14300 case CK_NoOp:
14301 return getBaseAlignmentAndOffsetFromLValue(E: From, Ctx);
14302 case CK_UncheckedDerivedToBase:
14303 case CK_DerivedToBase: {
14304 auto P = getBaseAlignmentAndOffsetFromLValue(E: From, Ctx);
14305 if (!P)
14306 break;
14307 return getDerivedToBaseAlignmentAndOffset(CE, DerivedType: From->getType(), BaseAlignment: P->first,
14308 Offset: P->second, Ctx);
14309 }
14310 }
14311 break;
14312 }
14313 case Stmt::ArraySubscriptExprClass: {
14314 auto *ASE = cast<ArraySubscriptExpr>(Val: E);
14315 return getAlignmentAndOffsetFromBinAddOrSub(PtrE: ASE->getBase(), IntE: ASE->getIdx(),
14316 IsSub: false, Ctx);
14317 }
14318 case Stmt::DeclRefExprClass: {
14319 if (auto *VD = dyn_cast<VarDecl>(Val: cast<DeclRefExpr>(Val: E)->getDecl())) {
14320 // FIXME: If VD is captured by copy or is an escaping __block variable,
14321 // use the alignment of VD's type.
14322 if (!VD->getType()->isReferenceType()) {
14323 // Dependent alignment cannot be resolved -> bail out.
14324 if (VD->hasDependentAlignment())
14325 break;
14326 return std::make_pair(x: Ctx.getDeclAlign(D: VD), y: CharUnits::Zero());
14327 }
14328 if (VD->hasInit())
14329 return getBaseAlignmentAndOffsetFromLValue(E: VD->getInit(), Ctx);
14330 }
14331 break;
14332 }
14333 case Stmt::MemberExprClass: {
14334 auto *ME = cast<MemberExpr>(Val: E);
14335 auto *FD = dyn_cast<FieldDecl>(Val: ME->getMemberDecl());
14336 if (!FD || FD->getType()->isReferenceType() ||
14337 FD->getParent()->isInvalidDecl())
14338 break;
14339 std::optional<std::pair<CharUnits, CharUnits>> P;
14340 if (ME->isArrow())
14341 P = getBaseAlignmentAndOffsetFromPtr(E: ME->getBase(), Ctx);
14342 else
14343 P = getBaseAlignmentAndOffsetFromLValue(E: ME->getBase(), Ctx);
14344 if (!P)
14345 break;
14346 const ASTRecordLayout &Layout = Ctx.getASTRecordLayout(D: FD->getParent());
14347 uint64_t Offset = Layout.getFieldOffset(FieldNo: FD->getFieldIndex());
14348 return std::make_pair(x&: P->first,
14349 y: P->second + CharUnits::fromQuantity(Quantity: Offset));
14350 }
14351 case Stmt::UnaryOperatorClass: {
14352 auto *UO = cast<UnaryOperator>(Val: E);
14353 switch (UO->getOpcode()) {
14354 default:
14355 break;
14356 case UO_Deref:
14357 return getBaseAlignmentAndOffsetFromPtr(E: UO->getSubExpr(), Ctx);
14358 }
14359 break;
14360 }
14361 case Stmt::BinaryOperatorClass: {
14362 auto *BO = cast<BinaryOperator>(Val: E);
14363 auto Opcode = BO->getOpcode();
14364 switch (Opcode) {
14365 default:
14366 break;
14367 case BO_Comma:
14368 return getBaseAlignmentAndOffsetFromLValue(E: BO->getRHS(), Ctx);
14369 }
14370 break;
14371 }
14372 }
14373 return std::nullopt;
14374}
14375
14376/// This helper function takes a pointer expression and returns the alignment of
14377/// a VarDecl and a constant offset from the VarDecl.
14378std::optional<std::pair<
14379 CharUnits, CharUnits>> static getBaseAlignmentAndOffsetFromPtr(const Expr
14380 *E,
14381 ASTContext
14382 &Ctx) {
14383 E = E->IgnoreParens();
14384 switch (E->getStmtClass()) {
14385 default:
14386 break;
14387 case Stmt::CStyleCastExprClass:
14388 case Stmt::CXXStaticCastExprClass:
14389 case Stmt::ImplicitCastExprClass: {
14390 auto *CE = cast<CastExpr>(Val: E);
14391 const Expr *From = CE->getSubExpr();
14392 switch (CE->getCastKind()) {
14393 default:
14394 break;
14395 case CK_NoOp:
14396 return getBaseAlignmentAndOffsetFromPtr(E: From, Ctx);
14397 case CK_ArrayToPointerDecay:
14398 return getBaseAlignmentAndOffsetFromLValue(E: From, Ctx);
14399 case CK_UncheckedDerivedToBase:
14400 case CK_DerivedToBase: {
14401 auto P = getBaseAlignmentAndOffsetFromPtr(E: From, Ctx);
14402 if (!P)
14403 break;
14404 return getDerivedToBaseAlignmentAndOffset(
14405 CE, DerivedType: From->getType()->getPointeeType(), BaseAlignment: P->first, Offset: P->second, Ctx);
14406 }
14407 }
14408 break;
14409 }
14410 case Stmt::CXXThisExprClass: {
14411 auto *RD = E->getType()->getPointeeType()->getAsCXXRecordDecl();
14412 CharUnits Alignment = Ctx.getASTRecordLayout(D: RD).getNonVirtualAlignment();
14413 return std::make_pair(x&: Alignment, y: CharUnits::Zero());
14414 }
14415 case Stmt::UnaryOperatorClass: {
14416 auto *UO = cast<UnaryOperator>(Val: E);
14417 if (UO->getOpcode() == UO_AddrOf)
14418 return getBaseAlignmentAndOffsetFromLValue(E: UO->getSubExpr(), Ctx);
14419 break;
14420 }
14421 case Stmt::BinaryOperatorClass: {
14422 auto *BO = cast<BinaryOperator>(Val: E);
14423 auto Opcode = BO->getOpcode();
14424 switch (Opcode) {
14425 default:
14426 break;
14427 case BO_Add:
14428 case BO_Sub: {
14429 const Expr *LHS = BO->getLHS(), *RHS = BO->getRHS();
14430 if (Opcode == BO_Add && !RHS->getType()->isIntegralOrEnumerationType())
14431 std::swap(a&: LHS, b&: RHS);
14432 return getAlignmentAndOffsetFromBinAddOrSub(PtrE: LHS, IntE: RHS, IsSub: Opcode == BO_Sub,
14433 Ctx);
14434 }
14435 case BO_Comma:
14436 return getBaseAlignmentAndOffsetFromPtr(E: BO->getRHS(), Ctx);
14437 }
14438 break;
14439 }
14440 }
14441 return std::nullopt;
14442}
14443
14444static CharUnits getPresumedAlignmentOfPointer(const Expr *E, Sema &S) {
14445 // See if we can compute the alignment of a VarDecl and an offset from it.
14446 std::optional<std::pair<CharUnits, CharUnits>> P =
14447 getBaseAlignmentAndOffsetFromPtr(E, Ctx&: S.Context);
14448
14449 if (P)
14450 return P->first.alignmentAtOffset(offset: P->second);
14451
14452 // If that failed, return the type's alignment.
14453 return S.Context.getTypeAlignInChars(T: E->getType()->getPointeeType());
14454}
14455
14456void Sema::CheckCastAlign(Expr *Op, QualType T, SourceRange TRange) {
14457 // This is actually a lot of work to potentially be doing on every
14458 // cast; don't do it if we're ignoring -Wcast_align (as is the default).
14459 if (getDiagnostics().isIgnored(DiagID: diag::warn_cast_align, Loc: TRange.getBegin()))
14460 return;
14461
14462 // Ignore dependent types.
14463 if (T->isDependentType() || Op->getType()->isDependentType())
14464 return;
14465
14466 // Require that the destination be a pointer type.
14467 const PointerType *DestPtr = T->getAs<PointerType>();
14468 if (!DestPtr) return;
14469
14470 // If the destination has alignment 1, we're done.
14471 QualType DestPointee = DestPtr->getPointeeType();
14472 if (DestPointee->isIncompleteType()) return;
14473 CharUnits DestAlign = Context.getTypeAlignInChars(T: DestPointee);
14474 if (DestAlign.isOne()) return;
14475
14476 // Require that the source be a pointer type.
14477 const PointerType *SrcPtr = Op->getType()->getAs<PointerType>();
14478 if (!SrcPtr) return;
14479 QualType SrcPointee = SrcPtr->getPointeeType();
14480
14481 // Explicitly allow casts from cv void*. We already implicitly
14482 // allowed casts to cv void*, since they have alignment 1.
14483 // Also allow casts involving incomplete types, which implicitly
14484 // includes 'void'.
14485 if (SrcPointee->isIncompleteType()) return;
14486
14487 CharUnits SrcAlign = getPresumedAlignmentOfPointer(E: Op, S&: *this);
14488
14489 if (SrcAlign >= DestAlign) return;
14490
14491 Diag(Loc: TRange.getBegin(), DiagID: diag::warn_cast_align)
14492 << Op->getType() << T
14493 << static_cast<unsigned>(SrcAlign.getQuantity())
14494 << static_cast<unsigned>(DestAlign.getQuantity())
14495 << TRange << Op->getSourceRange();
14496}
14497
14498void Sema::CheckArrayAccess(const Expr *BaseExpr, const Expr *IndexExpr,
14499 const ArraySubscriptExpr *ASE,
14500 bool AllowOnePastEnd, bool IndexNegated) {
14501 // Already diagnosed by the constant evaluator.
14502 if (isConstantEvaluatedContext())
14503 return;
14504
14505 IndexExpr = IndexExpr->IgnoreParenImpCasts();
14506 if (IndexExpr->isValueDependent())
14507 return;
14508
14509 const Type *EffectiveType =
14510 BaseExpr->getType()->getPointeeOrArrayElementType();
14511 BaseExpr = BaseExpr->IgnoreParenCasts();
14512 const ConstantArrayType *ArrayTy =
14513 Context.getAsConstantArrayType(T: BaseExpr->getType());
14514
14515 LangOptions::StrictFlexArraysLevelKind
14516 StrictFlexArraysLevel = getLangOpts().getStrictFlexArraysLevel();
14517
14518 const Type *BaseType =
14519 ArrayTy == nullptr ? nullptr : ArrayTy->getElementType().getTypePtr();
14520 bool IsUnboundedArray =
14521 BaseType == nullptr || BaseExpr->isFlexibleArrayMemberLike(
14522 Context, StrictFlexArraysLevel,
14523 /*IgnoreTemplateOrMacroSubstitution=*/true);
14524 if (EffectiveType->isDependentType() ||
14525 (!IsUnboundedArray && BaseType->isDependentType()))
14526 return;
14527
14528 Expr::EvalResult Result;
14529 if (!IndexExpr->EvaluateAsInt(Result, Ctx: Context, AllowSideEffects: Expr::SE_AllowSideEffects))
14530 return;
14531
14532 llvm::APSInt index = Result.Val.getInt();
14533 if (IndexNegated) {
14534 index.setIsUnsigned(false);
14535 index = -index;
14536 }
14537
14538 if (IsUnboundedArray) {
14539 if (EffectiveType->isFunctionType())
14540 return;
14541 if (index.isUnsigned() || !index.isNegative()) {
14542 const auto &ASTC = getASTContext();
14543 unsigned AddrBits = ASTC.getTargetInfo().getPointerWidth(
14544 AddrSpace: EffectiveType->getCanonicalTypeInternal().getAddressSpace());
14545 if (index.getBitWidth() < AddrBits)
14546 index = index.zext(width: AddrBits);
14547 std::optional<CharUnits> ElemCharUnits =
14548 ASTC.getTypeSizeInCharsIfKnown(Ty: EffectiveType);
14549 // PR50741 - If EffectiveType has unknown size (e.g., if it's a void
14550 // pointer) bounds-checking isn't meaningful.
14551 if (!ElemCharUnits || ElemCharUnits->isZero())
14552 return;
14553 llvm::APInt ElemBytes(index.getBitWidth(), ElemCharUnits->getQuantity());
14554 // If index has more active bits than address space, we already know
14555 // we have a bounds violation to warn about. Otherwise, compute
14556 // address of (index + 1)th element, and warn about bounds violation
14557 // only if that address exceeds address space.
14558 if (index.getActiveBits() <= AddrBits) {
14559 bool Overflow;
14560 llvm::APInt Product(index);
14561 Product += 1;
14562 Product = Product.umul_ov(RHS: ElemBytes, Overflow);
14563 if (!Overflow && Product.getActiveBits() <= AddrBits)
14564 return;
14565 }
14566
14567 // Need to compute max possible elements in address space, since that
14568 // is included in diag message.
14569 llvm::APInt MaxElems = llvm::APInt::getMaxValue(numBits: AddrBits);
14570 MaxElems = MaxElems.zext(width: std::max(a: AddrBits + 1, b: ElemBytes.getBitWidth()));
14571 MaxElems += 1;
14572 ElemBytes = ElemBytes.zextOrTrunc(width: MaxElems.getBitWidth());
14573 MaxElems = MaxElems.udiv(RHS: ElemBytes);
14574
14575 unsigned DiagID =
14576 ASE ? diag::warn_array_index_exceeds_max_addressable_bounds
14577 : diag::warn_ptr_arith_exceeds_max_addressable_bounds;
14578
14579 // Diag message shows element size in bits and in "bytes" (platform-
14580 // dependent CharUnits)
14581 DiagRuntimeBehavior(Loc: BaseExpr->getBeginLoc(), Statement: BaseExpr,
14582 PD: PDiag(DiagID)
14583 << toString(I: index, Radix: 10, Signed: true) << AddrBits
14584 << (unsigned)ASTC.toBits(CharSize: *ElemCharUnits)
14585 << toString(I: ElemBytes, Radix: 10, Signed: false)
14586 << toString(I: MaxElems, Radix: 10, Signed: false)
14587 << (unsigned)MaxElems.getLimitedValue(Limit: ~0U)
14588 << IndexExpr->getSourceRange());
14589
14590 const NamedDecl *ND = nullptr;
14591 // Try harder to find a NamedDecl to point at in the note.
14592 while (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Val: BaseExpr))
14593 BaseExpr = ASE->getBase()->IgnoreParenCasts();
14594 if (const auto *DRE = dyn_cast<DeclRefExpr>(Val: BaseExpr))
14595 ND = DRE->getDecl();
14596 if (const auto *ME = dyn_cast<MemberExpr>(Val: BaseExpr))
14597 ND = ME->getMemberDecl();
14598
14599 if (ND)
14600 DiagRuntimeBehavior(Loc: ND->getBeginLoc(), Statement: BaseExpr,
14601 PD: PDiag(DiagID: diag::note_array_declared_here) << ND);
14602 }
14603 return;
14604 }
14605
14606 if (index.isUnsigned() || !index.isNegative()) {
14607 // It is possible that the type of the base expression after
14608 // IgnoreParenCasts is incomplete, even though the type of the base
14609 // expression before IgnoreParenCasts is complete (see PR39746 for an
14610 // example). In this case we have no information about whether the array
14611 // access exceeds the array bounds. However we can still diagnose an array
14612 // access which precedes the array bounds.
14613 if (BaseType->isIncompleteType())
14614 return;
14615
14616 llvm::APInt size = ArrayTy->getSize();
14617
14618 if (BaseType != EffectiveType) {
14619 // Make sure we're comparing apples to apples when comparing index to
14620 // size.
14621 uint64_t ptrarith_typesize = Context.getTypeSize(T: EffectiveType);
14622 uint64_t array_typesize = Context.getTypeSize(T: BaseType);
14623
14624 // Handle ptrarith_typesize being zero, such as when casting to void*.
14625 // Use the size in bits (what "getTypeSize()" returns) rather than bytes.
14626 if (!ptrarith_typesize)
14627 ptrarith_typesize = Context.getCharWidth();
14628
14629 if (ptrarith_typesize != array_typesize) {
14630 // There's a cast to a different size type involved.
14631 uint64_t ratio = array_typesize / ptrarith_typesize;
14632
14633 // TODO: Be smarter about handling cases where array_typesize is not a
14634 // multiple of ptrarith_typesize.
14635 if (ptrarith_typesize * ratio == array_typesize)
14636 size *= llvm::APInt(size.getBitWidth(), ratio);
14637 }
14638 }
14639
14640 if (size.getBitWidth() > index.getBitWidth())
14641 index = index.zext(width: size.getBitWidth());
14642 else if (size.getBitWidth() < index.getBitWidth())
14643 size = size.zext(width: index.getBitWidth());
14644
14645 // For array subscripting the index must be less than size, but for pointer
14646 // arithmetic also allow the index (offset) to be equal to size since
14647 // computing the next address after the end of the array is legal and
14648 // commonly done e.g. in C++ iterators and range-based for loops.
14649 if (AllowOnePastEnd ? index.ule(RHS: size) : index.ult(RHS: size))
14650 return;
14651
14652 // Suppress the warning if the subscript expression (as identified by the
14653 // ']' location) and the index expression are both from macro expansions
14654 // within a system header.
14655 if (ASE) {
14656 SourceLocation RBracketLoc = SourceMgr.getSpellingLoc(
14657 Loc: ASE->getRBracketLoc());
14658 if (SourceMgr.isInSystemHeader(Loc: RBracketLoc)) {
14659 SourceLocation IndexLoc =
14660 SourceMgr.getSpellingLoc(Loc: IndexExpr->getBeginLoc());
14661 if (SourceMgr.isWrittenInSameFile(Loc1: RBracketLoc, Loc2: IndexLoc))
14662 return;
14663 }
14664 }
14665
14666 unsigned DiagID = ASE ? diag::warn_array_index_exceeds_bounds
14667 : diag::warn_ptr_arith_exceeds_bounds;
14668 unsigned CastMsg = (!ASE || BaseType == EffectiveType) ? 0 : 1;
14669 QualType CastMsgTy = ASE ? ASE->getLHS()->getType() : QualType();
14670
14671 DiagRuntimeBehavior(
14672 Loc: BaseExpr->getBeginLoc(), Statement: BaseExpr,
14673 PD: PDiag(DiagID) << toString(I: index, Radix: 10, Signed: true) << ArrayTy->desugar()
14674 << CastMsg << CastMsgTy << IndexExpr->getSourceRange());
14675 } else {
14676 unsigned DiagID = diag::warn_array_index_precedes_bounds;
14677 if (!ASE) {
14678 DiagID = diag::warn_ptr_arith_precedes_bounds;
14679 if (index.isNegative()) index = -index;
14680 }
14681
14682 DiagRuntimeBehavior(Loc: BaseExpr->getBeginLoc(), Statement: BaseExpr,
14683 PD: PDiag(DiagID) << toString(I: index, Radix: 10, Signed: true)
14684 << IndexExpr->getSourceRange());
14685 }
14686
14687 const NamedDecl *ND = nullptr;
14688 // Try harder to find a NamedDecl to point at in the note.
14689 while (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Val: BaseExpr))
14690 BaseExpr = ASE->getBase()->IgnoreParenCasts();
14691 if (const auto *DRE = dyn_cast<DeclRefExpr>(Val: BaseExpr))
14692 ND = DRE->getDecl();
14693 if (const auto *ME = dyn_cast<MemberExpr>(Val: BaseExpr))
14694 ND = ME->getMemberDecl();
14695
14696 if (ND)
14697 DiagRuntimeBehavior(Loc: ND->getBeginLoc(), Statement: BaseExpr,
14698 PD: PDiag(DiagID: diag::note_array_declared_here) << ND);
14699}
14700
14701void Sema::CheckArrayAccess(const Expr *expr) {
14702 int AllowOnePastEnd = 0;
14703 while (expr) {
14704 expr = expr->IgnoreParenImpCasts();
14705 switch (expr->getStmtClass()) {
14706 case Stmt::ArraySubscriptExprClass: {
14707 const ArraySubscriptExpr *ASE = cast<ArraySubscriptExpr>(Val: expr);
14708 CheckArrayAccess(BaseExpr: ASE->getBase(), IndexExpr: ASE->getIdx(), ASE,
14709 AllowOnePastEnd: AllowOnePastEnd > 0);
14710 expr = ASE->getBase();
14711 break;
14712 }
14713 case Stmt::MemberExprClass: {
14714 expr = cast<MemberExpr>(Val: expr)->getBase();
14715 break;
14716 }
14717 case Stmt::ArraySectionExprClass: {
14718 const ArraySectionExpr *ASE = cast<ArraySectionExpr>(Val: expr);
14719 // FIXME: We should probably be checking all of the elements to the
14720 // 'length' here as well.
14721 if (ASE->getLowerBound())
14722 CheckArrayAccess(BaseExpr: ASE->getBase(), IndexExpr: ASE->getLowerBound(),
14723 /*ASE=*/nullptr, AllowOnePastEnd: AllowOnePastEnd > 0);
14724 return;
14725 }
14726 case Stmt::UnaryOperatorClass: {
14727 // Only unwrap the * and & unary operators
14728 const UnaryOperator *UO = cast<UnaryOperator>(Val: expr);
14729 expr = UO->getSubExpr();
14730 switch (UO->getOpcode()) {
14731 case UO_AddrOf:
14732 AllowOnePastEnd++;
14733 break;
14734 case UO_Deref:
14735 AllowOnePastEnd--;
14736 break;
14737 default:
14738 return;
14739 }
14740 break;
14741 }
14742 case Stmt::ConditionalOperatorClass: {
14743 const ConditionalOperator *cond = cast<ConditionalOperator>(Val: expr);
14744 if (const Expr *lhs = cond->getLHS())
14745 CheckArrayAccess(expr: lhs);
14746 if (const Expr *rhs = cond->getRHS())
14747 CheckArrayAccess(expr: rhs);
14748 return;
14749 }
14750 case Stmt::CXXOperatorCallExprClass: {
14751 const auto *OCE = cast<CXXOperatorCallExpr>(Val: expr);
14752 for (const auto *Arg : OCE->arguments())
14753 CheckArrayAccess(expr: Arg);
14754 return;
14755 }
14756 default:
14757 return;
14758 }
14759 }
14760}
14761
14762static bool checkUnsafeAssignLiteral(Sema &S, SourceLocation Loc,
14763 Expr *RHS, bool isProperty) {
14764 // Check if RHS is an Objective-C object literal, which also can get
14765 // immediately zapped in a weak reference. Note that we explicitly
14766 // allow ObjCStringLiterals, since those are designed to never really die.
14767 RHS = RHS->IgnoreParenImpCasts();
14768
14769 // This enum needs to match with the 'select' in
14770 // warn_objc_arc_literal_assign (off-by-1).
14771 SemaObjC::ObjCLiteralKind Kind = S.ObjC().CheckLiteralKind(FromE: RHS);
14772 if (Kind == SemaObjC::LK_String || Kind == SemaObjC::LK_None)
14773 return false;
14774
14775 S.Diag(Loc, DiagID: diag::warn_arc_literal_assign)
14776 << (unsigned) Kind
14777 << (isProperty ? 0 : 1)
14778 << RHS->getSourceRange();
14779
14780 return true;
14781}
14782
14783static bool checkUnsafeAssignObject(Sema &S, SourceLocation Loc,
14784 Qualifiers::ObjCLifetime LT,
14785 Expr *RHS, bool isProperty) {
14786 // Strip off any implicit cast added to get to the one ARC-specific.
14787 while (ImplicitCastExpr *cast = dyn_cast<ImplicitCastExpr>(Val: RHS)) {
14788 if (cast->getCastKind() == CK_ARCConsumeObject) {
14789 S.Diag(Loc, DiagID: diag::warn_arc_retained_assign)
14790 << (LT == Qualifiers::OCL_ExplicitNone)
14791 << (isProperty ? 0 : 1)
14792 << RHS->getSourceRange();
14793 return true;
14794 }
14795 RHS = cast->getSubExpr();
14796 }
14797
14798 if (LT == Qualifiers::OCL_Weak &&
14799 checkUnsafeAssignLiteral(S, Loc, RHS, isProperty))
14800 return true;
14801
14802 return false;
14803}
14804
14805bool Sema::checkUnsafeAssigns(SourceLocation Loc,
14806 QualType LHS, Expr *RHS) {
14807 Qualifiers::ObjCLifetime LT = LHS.getObjCLifetime();
14808
14809 if (LT != Qualifiers::OCL_Weak && LT != Qualifiers::OCL_ExplicitNone)
14810 return false;
14811
14812 if (checkUnsafeAssignObject(S&: *this, Loc, LT, RHS, isProperty: false))
14813 return true;
14814
14815 return false;
14816}
14817
14818void Sema::checkUnsafeExprAssigns(SourceLocation Loc,
14819 Expr *LHS, Expr *RHS) {
14820 QualType LHSType;
14821 // PropertyRef on LHS type need be directly obtained from
14822 // its declaration as it has a PseudoType.
14823 ObjCPropertyRefExpr *PRE
14824 = dyn_cast<ObjCPropertyRefExpr>(Val: LHS->IgnoreParens());
14825 if (PRE && !PRE->isImplicitProperty()) {
14826 const ObjCPropertyDecl *PD = PRE->getExplicitProperty();
14827 if (PD)
14828 LHSType = PD->getType();
14829 }
14830
14831 if (LHSType.isNull())
14832 LHSType = LHS->getType();
14833
14834 Qualifiers::ObjCLifetime LT = LHSType.getObjCLifetime();
14835
14836 if (LT == Qualifiers::OCL_Weak) {
14837 if (!Diags.isIgnored(DiagID: diag::warn_arc_repeated_use_of_weak, Loc))
14838 getCurFunction()->markSafeWeakUse(E: LHS);
14839 }
14840
14841 if (checkUnsafeAssigns(Loc, LHS: LHSType, RHS))
14842 return;
14843
14844 // FIXME. Check for other life times.
14845 if (LT != Qualifiers::OCL_None)
14846 return;
14847
14848 if (PRE) {
14849 if (PRE->isImplicitProperty())
14850 return;
14851 const ObjCPropertyDecl *PD = PRE->getExplicitProperty();
14852 if (!PD)
14853 return;
14854
14855 unsigned Attributes = PD->getPropertyAttributes();
14856 if (Attributes & ObjCPropertyAttribute::kind_assign) {
14857 // when 'assign' attribute was not explicitly specified
14858 // by user, ignore it and rely on property type itself
14859 // for lifetime info.
14860 unsigned AsWrittenAttr = PD->getPropertyAttributesAsWritten();
14861 if (!(AsWrittenAttr & ObjCPropertyAttribute::kind_assign) &&
14862 LHSType->isObjCRetainableType())
14863 return;
14864
14865 while (ImplicitCastExpr *cast = dyn_cast<ImplicitCastExpr>(Val: RHS)) {
14866 if (cast->getCastKind() == CK_ARCConsumeObject) {
14867 Diag(Loc, DiagID: diag::warn_arc_retained_property_assign)
14868 << RHS->getSourceRange();
14869 return;
14870 }
14871 RHS = cast->getSubExpr();
14872 }
14873 } else if (Attributes & ObjCPropertyAttribute::kind_weak) {
14874 if (checkUnsafeAssignObject(S&: *this, Loc, LT: Qualifiers::OCL_Weak, RHS, isProperty: true))
14875 return;
14876 }
14877 }
14878}
14879
14880//===--- CHECK: Empty statement body (-Wempty-body) ---------------------===//
14881
14882static bool ShouldDiagnoseEmptyStmtBody(const SourceManager &SourceMgr,
14883 SourceLocation StmtLoc,
14884 const NullStmt *Body) {
14885 // Do not warn if the body is a macro that expands to nothing, e.g:
14886 //
14887 // #define CALL(x)
14888 // if (condition)
14889 // CALL(0);
14890 if (Body->hasLeadingEmptyMacro())
14891 return false;
14892
14893 // Get line numbers of statement and body.
14894 bool StmtLineInvalid;
14895 unsigned StmtLine = SourceMgr.getPresumedLineNumber(Loc: StmtLoc,
14896 Invalid: &StmtLineInvalid);
14897 if (StmtLineInvalid)
14898 return false;
14899
14900 bool BodyLineInvalid;
14901 unsigned BodyLine = SourceMgr.getSpellingLineNumber(Loc: Body->getSemiLoc(),
14902 Invalid: &BodyLineInvalid);
14903 if (BodyLineInvalid)
14904 return false;
14905
14906 // Warn if null statement and body are on the same line.
14907 if (StmtLine != BodyLine)
14908 return false;
14909
14910 return true;
14911}
14912
14913void Sema::DiagnoseEmptyStmtBody(SourceLocation StmtLoc,
14914 const Stmt *Body,
14915 unsigned DiagID) {
14916 // Since this is a syntactic check, don't emit diagnostic for template
14917 // instantiations, this just adds noise.
14918 if (CurrentInstantiationScope)
14919 return;
14920
14921 // The body should be a null statement.
14922 const NullStmt *NBody = dyn_cast<NullStmt>(Val: Body);
14923 if (!NBody)
14924 return;
14925
14926 // Do the usual checks.
14927 if (!ShouldDiagnoseEmptyStmtBody(SourceMgr, StmtLoc, Body: NBody))
14928 return;
14929
14930 Diag(Loc: NBody->getSemiLoc(), DiagID);
14931 Diag(Loc: NBody->getSemiLoc(), DiagID: diag::note_empty_body_on_separate_line);
14932}
14933
14934void Sema::DiagnoseEmptyLoopBody(const Stmt *S,
14935 const Stmt *PossibleBody) {
14936 assert(!CurrentInstantiationScope); // Ensured by caller
14937
14938 SourceLocation StmtLoc;
14939 const Stmt *Body;
14940 unsigned DiagID;
14941 if (const ForStmt *FS = dyn_cast<ForStmt>(Val: S)) {
14942 StmtLoc = FS->getRParenLoc();
14943 Body = FS->getBody();
14944 DiagID = diag::warn_empty_for_body;
14945 } else if (const WhileStmt *WS = dyn_cast<WhileStmt>(Val: S)) {
14946 StmtLoc = WS->getRParenLoc();
14947 Body = WS->getBody();
14948 DiagID = diag::warn_empty_while_body;
14949 } else
14950 return; // Neither `for' nor `while'.
14951
14952 // The body should be a null statement.
14953 const NullStmt *NBody = dyn_cast<NullStmt>(Val: Body);
14954 if (!NBody)
14955 return;
14956
14957 // Skip expensive checks if diagnostic is disabled.
14958 if (Diags.isIgnored(DiagID, Loc: NBody->getSemiLoc()))
14959 return;
14960
14961 // Do the usual checks.
14962 if (!ShouldDiagnoseEmptyStmtBody(SourceMgr, StmtLoc, Body: NBody))
14963 return;
14964
14965 // `for(...);' and `while(...);' are popular idioms, so in order to keep
14966 // noise level low, emit diagnostics only if for/while is followed by a
14967 // CompoundStmt, e.g.:
14968 // for (int i = 0; i < n; i++);
14969 // {
14970 // a(i);
14971 // }
14972 // or if for/while is followed by a statement with more indentation
14973 // than for/while itself:
14974 // for (int i = 0; i < n; i++);
14975 // a(i);
14976 bool ProbableTypo = isa<CompoundStmt>(Val: PossibleBody);
14977 if (!ProbableTypo) {
14978 bool BodyColInvalid;
14979 unsigned BodyCol = SourceMgr.getPresumedColumnNumber(
14980 Loc: PossibleBody->getBeginLoc(), Invalid: &BodyColInvalid);
14981 if (BodyColInvalid)
14982 return;
14983
14984 bool StmtColInvalid;
14985 unsigned StmtCol =
14986 SourceMgr.getPresumedColumnNumber(Loc: S->getBeginLoc(), Invalid: &StmtColInvalid);
14987 if (StmtColInvalid)
14988 return;
14989
14990 if (BodyCol > StmtCol)
14991 ProbableTypo = true;
14992 }
14993
14994 if (ProbableTypo) {
14995 Diag(Loc: NBody->getSemiLoc(), DiagID);
14996 Diag(Loc: NBody->getSemiLoc(), DiagID: diag::note_empty_body_on_separate_line);
14997 }
14998}
14999
15000//===--- CHECK: Warn on self move with std::move. -------------------------===//
15001
15002void Sema::DiagnoseSelfMove(const Expr *LHSExpr, const Expr *RHSExpr,
15003 SourceLocation OpLoc) {
15004 if (Diags.isIgnored(DiagID: diag::warn_sizeof_pointer_expr_memaccess, Loc: OpLoc))
15005 return;
15006
15007 if (inTemplateInstantiation())
15008 return;
15009
15010 // Strip parens and casts away.
15011 LHSExpr = LHSExpr->IgnoreParenImpCasts();
15012 RHSExpr = RHSExpr->IgnoreParenImpCasts();
15013
15014 // Check for a call to std::move or for a static_cast<T&&>(..) to an xvalue
15015 // which we can treat as an inlined std::move
15016 if (const auto *CE = dyn_cast<CallExpr>(Val: RHSExpr);
15017 CE && CE->getNumArgs() == 1 && CE->isCallToStdMove())
15018 RHSExpr = CE->getArg(Arg: 0);
15019 else if (const auto *CXXSCE = dyn_cast<CXXStaticCastExpr>(Val: RHSExpr);
15020 CXXSCE && CXXSCE->isXValue())
15021 RHSExpr = CXXSCE->getSubExpr();
15022 else
15023 return;
15024
15025 const DeclRefExpr *LHSDeclRef = dyn_cast<DeclRefExpr>(Val: LHSExpr);
15026 const DeclRefExpr *RHSDeclRef = dyn_cast<DeclRefExpr>(Val: RHSExpr);
15027
15028 // Two DeclRefExpr's, check that the decls are the same.
15029 if (LHSDeclRef && RHSDeclRef) {
15030 if (!LHSDeclRef->getDecl() || !RHSDeclRef->getDecl())
15031 return;
15032 if (LHSDeclRef->getDecl()->getCanonicalDecl() !=
15033 RHSDeclRef->getDecl()->getCanonicalDecl())
15034 return;
15035
15036 auto D = Diag(Loc: OpLoc, DiagID: diag::warn_self_move)
15037 << LHSExpr->getType() << LHSExpr->getSourceRange()
15038 << RHSExpr->getSourceRange();
15039 if (const FieldDecl *F =
15040 getSelfAssignmentClassMemberCandidate(SelfAssigned: RHSDeclRef->getDecl()))
15041 D << 1 << F
15042 << FixItHint::CreateInsertion(InsertionLoc: LHSDeclRef->getBeginLoc(), Code: "this->");
15043 else
15044 D << 0;
15045 return;
15046 }
15047
15048 // Member variables require a different approach to check for self moves.
15049 // MemberExpr's are the same if every nested MemberExpr refers to the same
15050 // Decl and that the base Expr's are DeclRefExpr's with the same Decl or
15051 // the base Expr's are CXXThisExpr's.
15052 const Expr *LHSBase = LHSExpr;
15053 const Expr *RHSBase = RHSExpr;
15054 const MemberExpr *LHSME = dyn_cast<MemberExpr>(Val: LHSExpr);
15055 const MemberExpr *RHSME = dyn_cast<MemberExpr>(Val: RHSExpr);
15056 if (!LHSME || !RHSME)
15057 return;
15058
15059 while (LHSME && RHSME) {
15060 if (LHSME->getMemberDecl()->getCanonicalDecl() !=
15061 RHSME->getMemberDecl()->getCanonicalDecl())
15062 return;
15063
15064 LHSBase = LHSME->getBase();
15065 RHSBase = RHSME->getBase();
15066 LHSME = dyn_cast<MemberExpr>(Val: LHSBase);
15067 RHSME = dyn_cast<MemberExpr>(Val: RHSBase);
15068 }
15069
15070 LHSDeclRef = dyn_cast<DeclRefExpr>(Val: LHSBase);
15071 RHSDeclRef = dyn_cast<DeclRefExpr>(Val: RHSBase);
15072 if (LHSDeclRef && RHSDeclRef) {
15073 if (!LHSDeclRef->getDecl() || !RHSDeclRef->getDecl())
15074 return;
15075 if (LHSDeclRef->getDecl()->getCanonicalDecl() !=
15076 RHSDeclRef->getDecl()->getCanonicalDecl())
15077 return;
15078
15079 Diag(Loc: OpLoc, DiagID: diag::warn_self_move)
15080 << LHSExpr->getType() << 0 << LHSExpr->getSourceRange()
15081 << RHSExpr->getSourceRange();
15082 return;
15083 }
15084
15085 if (isa<CXXThisExpr>(Val: LHSBase) && isa<CXXThisExpr>(Val: RHSBase))
15086 Diag(Loc: OpLoc, DiagID: diag::warn_self_move)
15087 << LHSExpr->getType() << 0 << LHSExpr->getSourceRange()
15088 << RHSExpr->getSourceRange();
15089}
15090
15091//===--- Layout compatibility ----------------------------------------------//
15092
15093static bool isLayoutCompatible(const ASTContext &C, QualType T1, QualType T2);
15094
15095/// Check if two enumeration types are layout-compatible.
15096static bool isLayoutCompatible(const ASTContext &C, const EnumDecl *ED1,
15097 const EnumDecl *ED2) {
15098 // C++11 [dcl.enum] p8:
15099 // Two enumeration types are layout-compatible if they have the same
15100 // underlying type.
15101 return ED1->isComplete() && ED2->isComplete() &&
15102 C.hasSameType(T1: ED1->getIntegerType(), T2: ED2->getIntegerType());
15103}
15104
15105/// Check if two fields are layout-compatible.
15106/// Can be used on union members, which are exempt from alignment requirement
15107/// of common initial sequence.
15108static bool isLayoutCompatible(const ASTContext &C, const FieldDecl *Field1,
15109 const FieldDecl *Field2,
15110 bool AreUnionMembers = false) {
15111 [[maybe_unused]] const Type *Field1Parent =
15112 Field1->getParent()->getTypeForDecl();
15113 [[maybe_unused]] const Type *Field2Parent =
15114 Field2->getParent()->getTypeForDecl();
15115 assert(((Field1Parent->isStructureOrClassType() &&
15116 Field2Parent->isStructureOrClassType()) ||
15117 (Field1Parent->isUnionType() && Field2Parent->isUnionType())) &&
15118 "Can't evaluate layout compatibility between a struct field and a "
15119 "union field.");
15120 assert(((!AreUnionMembers && Field1Parent->isStructureOrClassType()) ||
15121 (AreUnionMembers && Field1Parent->isUnionType())) &&
15122 "AreUnionMembers should be 'true' for union fields (only).");
15123
15124 if (!isLayoutCompatible(C, T1: Field1->getType(), T2: Field2->getType()))
15125 return false;
15126
15127 if (Field1->isBitField() != Field2->isBitField())
15128 return false;
15129
15130 if (Field1->isBitField()) {
15131 // Make sure that the bit-fields are the same length.
15132 unsigned Bits1 = Field1->getBitWidthValue();
15133 unsigned Bits2 = Field2->getBitWidthValue();
15134
15135 if (Bits1 != Bits2)
15136 return false;
15137 }
15138
15139 if (Field1->hasAttr<clang::NoUniqueAddressAttr>() ||
15140 Field2->hasAttr<clang::NoUniqueAddressAttr>())
15141 return false;
15142
15143 if (!AreUnionMembers &&
15144 Field1->getMaxAlignment() != Field2->getMaxAlignment())
15145 return false;
15146
15147 return true;
15148}
15149
15150/// Check if two standard-layout structs are layout-compatible.
15151/// (C++11 [class.mem] p17)
15152static bool isLayoutCompatibleStruct(const ASTContext &C, const RecordDecl *RD1,
15153 const RecordDecl *RD2) {
15154 // Get to the class where the fields are declared
15155 if (const CXXRecordDecl *D1CXX = dyn_cast<CXXRecordDecl>(Val: RD1))
15156 RD1 = D1CXX->getStandardLayoutBaseWithFields();
15157
15158 if (const CXXRecordDecl *D2CXX = dyn_cast<CXXRecordDecl>(Val: RD2))
15159 RD2 = D2CXX->getStandardLayoutBaseWithFields();
15160
15161 // Check the fields.
15162 return llvm::equal(LRange: RD1->fields(), RRange: RD2->fields(),
15163 P: [&C](const FieldDecl *F1, const FieldDecl *F2) -> bool {
15164 return isLayoutCompatible(C, Field1: F1, Field2: F2);
15165 });
15166}
15167
15168/// Check if two standard-layout unions are layout-compatible.
15169/// (C++11 [class.mem] p18)
15170static bool isLayoutCompatibleUnion(const ASTContext &C, const RecordDecl *RD1,
15171 const RecordDecl *RD2) {
15172 llvm::SmallPtrSet<const FieldDecl *, 8> UnmatchedFields(llvm::from_range,
15173 RD2->fields());
15174
15175 for (auto *Field1 : RD1->fields()) {
15176 auto I = UnmatchedFields.begin();
15177 auto E = UnmatchedFields.end();
15178
15179 for ( ; I != E; ++I) {
15180 if (isLayoutCompatible(C, Field1, Field2: *I, /*IsUnionMember=*/AreUnionMembers: true)) {
15181 bool Result = UnmatchedFields.erase(Ptr: *I);
15182 (void) Result;
15183 assert(Result);
15184 break;
15185 }
15186 }
15187 if (I == E)
15188 return false;
15189 }
15190
15191 return UnmatchedFields.empty();
15192}
15193
15194static bool isLayoutCompatible(const ASTContext &C, const RecordDecl *RD1,
15195 const RecordDecl *RD2) {
15196 if (RD1->isUnion() != RD2->isUnion())
15197 return false;
15198
15199 if (RD1->isUnion())
15200 return isLayoutCompatibleUnion(C, RD1, RD2);
15201 else
15202 return isLayoutCompatibleStruct(C, RD1, RD2);
15203}
15204
15205/// Check if two types are layout-compatible in C++11 sense.
15206static bool isLayoutCompatible(const ASTContext &C, QualType T1, QualType T2) {
15207 if (T1.isNull() || T2.isNull())
15208 return false;
15209
15210 // C++20 [basic.types] p11:
15211 // Two types cv1 T1 and cv2 T2 are layout-compatible types
15212 // if T1 and T2 are the same type, layout-compatible enumerations (9.7.1),
15213 // or layout-compatible standard-layout class types (11.4).
15214 T1 = T1.getCanonicalType().getUnqualifiedType();
15215 T2 = T2.getCanonicalType().getUnqualifiedType();
15216
15217 if (C.hasSameType(T1, T2))
15218 return true;
15219
15220 const Type::TypeClass TC1 = T1->getTypeClass();
15221 const Type::TypeClass TC2 = T2->getTypeClass();
15222
15223 if (TC1 != TC2)
15224 return false;
15225
15226 if (TC1 == Type::Enum) {
15227 return isLayoutCompatible(C,
15228 ED1: cast<EnumType>(Val&: T1)->getDecl(),
15229 ED2: cast<EnumType>(Val&: T2)->getDecl());
15230 } else if (TC1 == Type::Record) {
15231 if (!T1->isStandardLayoutType() || !T2->isStandardLayoutType())
15232 return false;
15233
15234 return isLayoutCompatible(C,
15235 RD1: cast<RecordType>(Val&: T1)->getDecl(),
15236 RD2: cast<RecordType>(Val&: T2)->getDecl());
15237 }
15238
15239 return false;
15240}
15241
15242bool Sema::IsLayoutCompatible(QualType T1, QualType T2) const {
15243 return isLayoutCompatible(C: getASTContext(), T1, T2);
15244}
15245
15246//===-------------- Pointer interconvertibility ----------------------------//
15247
15248bool Sema::IsPointerInterconvertibleBaseOf(const TypeSourceInfo *Base,
15249 const TypeSourceInfo *Derived) {
15250 QualType BaseT = Base->getType()->getCanonicalTypeUnqualified();
15251 QualType DerivedT = Derived->getType()->getCanonicalTypeUnqualified();
15252
15253 if (BaseT->isStructureOrClassType() && DerivedT->isStructureOrClassType() &&
15254 getASTContext().hasSameType(T1: BaseT, T2: DerivedT))
15255 return true;
15256
15257 if (!IsDerivedFrom(Loc: Derived->getTypeLoc().getBeginLoc(), Derived: DerivedT, Base: BaseT))
15258 return false;
15259
15260 // Per [basic.compound]/4.3, containing object has to be standard-layout.
15261 if (DerivedT->getAsCXXRecordDecl()->isStandardLayout())
15262 return true;
15263
15264 return false;
15265}
15266
15267//===--- CHECK: pointer_with_type_tag attribute: datatypes should match ----//
15268
15269/// Given a type tag expression find the type tag itself.
15270///
15271/// \param TypeExpr Type tag expression, as it appears in user's code.
15272///
15273/// \param VD Declaration of an identifier that appears in a type tag.
15274///
15275/// \param MagicValue Type tag magic value.
15276///
15277/// \param isConstantEvaluated whether the evalaution should be performed in
15278
15279/// constant context.
15280static bool FindTypeTagExpr(const Expr *TypeExpr, const ASTContext &Ctx,
15281 const ValueDecl **VD, uint64_t *MagicValue,
15282 bool isConstantEvaluated) {
15283 while(true) {
15284 if (!TypeExpr)
15285 return false;
15286
15287 TypeExpr = TypeExpr->IgnoreParenImpCasts()->IgnoreParenCasts();
15288
15289 switch (TypeExpr->getStmtClass()) {
15290 case Stmt::UnaryOperatorClass: {
15291 const UnaryOperator *UO = cast<UnaryOperator>(Val: TypeExpr);
15292 if (UO->getOpcode() == UO_AddrOf || UO->getOpcode() == UO_Deref) {
15293 TypeExpr = UO->getSubExpr();
15294 continue;
15295 }
15296 return false;
15297 }
15298
15299 case Stmt::DeclRefExprClass: {
15300 const DeclRefExpr *DRE = cast<DeclRefExpr>(Val: TypeExpr);
15301 *VD = DRE->getDecl();
15302 return true;
15303 }
15304
15305 case Stmt::IntegerLiteralClass: {
15306 const IntegerLiteral *IL = cast<IntegerLiteral>(Val: TypeExpr);
15307 llvm::APInt MagicValueAPInt = IL->getValue();
15308 if (MagicValueAPInt.getActiveBits() <= 64) {
15309 *MagicValue = MagicValueAPInt.getZExtValue();
15310 return true;
15311 } else
15312 return false;
15313 }
15314
15315 case Stmt::BinaryConditionalOperatorClass:
15316 case Stmt::ConditionalOperatorClass: {
15317 const AbstractConditionalOperator *ACO =
15318 cast<AbstractConditionalOperator>(Val: TypeExpr);
15319 bool Result;
15320 if (ACO->getCond()->EvaluateAsBooleanCondition(Result, Ctx,
15321 InConstantContext: isConstantEvaluated)) {
15322 if (Result)
15323 TypeExpr = ACO->getTrueExpr();
15324 else
15325 TypeExpr = ACO->getFalseExpr();
15326 continue;
15327 }
15328 return false;
15329 }
15330
15331 case Stmt::BinaryOperatorClass: {
15332 const BinaryOperator *BO = cast<BinaryOperator>(Val: TypeExpr);
15333 if (BO->getOpcode() == BO_Comma) {
15334 TypeExpr = BO->getRHS();
15335 continue;
15336 }
15337 return false;
15338 }
15339
15340 default:
15341 return false;
15342 }
15343 }
15344}
15345
15346/// Retrieve the C type corresponding to type tag TypeExpr.
15347///
15348/// \param TypeExpr Expression that specifies a type tag.
15349///
15350/// \param MagicValues Registered magic values.
15351///
15352/// \param FoundWrongKind Set to true if a type tag was found, but of a wrong
15353/// kind.
15354///
15355/// \param TypeInfo Information about the corresponding C type.
15356///
15357/// \param isConstantEvaluated whether the evalaution should be performed in
15358/// constant context.
15359///
15360/// \returns true if the corresponding C type was found.
15361static bool GetMatchingCType(
15362 const IdentifierInfo *ArgumentKind, const Expr *TypeExpr,
15363 const ASTContext &Ctx,
15364 const llvm::DenseMap<Sema::TypeTagMagicValue, Sema::TypeTagData>
15365 *MagicValues,
15366 bool &FoundWrongKind, Sema::TypeTagData &TypeInfo,
15367 bool isConstantEvaluated) {
15368 FoundWrongKind = false;
15369
15370 // Variable declaration that has type_tag_for_datatype attribute.
15371 const ValueDecl *VD = nullptr;
15372
15373 uint64_t MagicValue;
15374
15375 if (!FindTypeTagExpr(TypeExpr, Ctx, VD: &VD, MagicValue: &MagicValue, isConstantEvaluated))
15376 return false;
15377
15378 if (VD) {
15379 if (TypeTagForDatatypeAttr *I = VD->getAttr<TypeTagForDatatypeAttr>()) {
15380 if (I->getArgumentKind() != ArgumentKind) {
15381 FoundWrongKind = true;
15382 return false;
15383 }
15384 TypeInfo.Type = I->getMatchingCType();
15385 TypeInfo.LayoutCompatible = I->getLayoutCompatible();
15386 TypeInfo.MustBeNull = I->getMustBeNull();
15387 return true;
15388 }
15389 return false;
15390 }
15391
15392 if (!MagicValues)
15393 return false;
15394
15395 llvm::DenseMap<Sema::TypeTagMagicValue,
15396 Sema::TypeTagData>::const_iterator I =
15397 MagicValues->find(Val: std::make_pair(x&: ArgumentKind, y&: MagicValue));
15398 if (I == MagicValues->end())
15399 return false;
15400
15401 TypeInfo = I->second;
15402 return true;
15403}
15404
15405void Sema::RegisterTypeTagForDatatype(const IdentifierInfo *ArgumentKind,
15406 uint64_t MagicValue, QualType Type,
15407 bool LayoutCompatible,
15408 bool MustBeNull) {
15409 if (!TypeTagForDatatypeMagicValues)
15410 TypeTagForDatatypeMagicValues.reset(
15411 p: new llvm::DenseMap<TypeTagMagicValue, TypeTagData>);
15412
15413 TypeTagMagicValue Magic(ArgumentKind, MagicValue);
15414 (*TypeTagForDatatypeMagicValues)[Magic] =
15415 TypeTagData(Type, LayoutCompatible, MustBeNull);
15416}
15417
15418static bool IsSameCharType(QualType T1, QualType T2) {
15419 const BuiltinType *BT1 = T1->getAs<BuiltinType>();
15420 if (!BT1)
15421 return false;
15422
15423 const BuiltinType *BT2 = T2->getAs<BuiltinType>();
15424 if (!BT2)
15425 return false;
15426
15427 BuiltinType::Kind T1Kind = BT1->getKind();
15428 BuiltinType::Kind T2Kind = BT2->getKind();
15429
15430 return (T1Kind == BuiltinType::SChar && T2Kind == BuiltinType::Char_S) ||
15431 (T1Kind == BuiltinType::UChar && T2Kind == BuiltinType::Char_U) ||
15432 (T1Kind == BuiltinType::Char_U && T2Kind == BuiltinType::UChar) ||
15433 (T1Kind == BuiltinType::Char_S && T2Kind == BuiltinType::SChar);
15434}
15435
15436void Sema::CheckArgumentWithTypeTag(const ArgumentWithTypeTagAttr *Attr,
15437 const ArrayRef<const Expr *> ExprArgs,
15438 SourceLocation CallSiteLoc) {
15439 const IdentifierInfo *ArgumentKind = Attr->getArgumentKind();
15440 bool IsPointerAttr = Attr->getIsPointer();
15441
15442 // Retrieve the argument representing the 'type_tag'.
15443 unsigned TypeTagIdxAST = Attr->getTypeTagIdx().getASTIndex();
15444 if (TypeTagIdxAST >= ExprArgs.size()) {
15445 Diag(Loc: CallSiteLoc, DiagID: diag::err_tag_index_out_of_range)
15446 << 0 << Attr->getTypeTagIdx().getSourceIndex();
15447 return;
15448 }
15449 const Expr *TypeTagExpr = ExprArgs[TypeTagIdxAST];
15450 bool FoundWrongKind;
15451 TypeTagData TypeInfo;
15452 if (!GetMatchingCType(ArgumentKind, TypeExpr: TypeTagExpr, Ctx: Context,
15453 MagicValues: TypeTagForDatatypeMagicValues.get(), FoundWrongKind,
15454 TypeInfo, isConstantEvaluated: isConstantEvaluatedContext())) {
15455 if (FoundWrongKind)
15456 Diag(Loc: TypeTagExpr->getExprLoc(),
15457 DiagID: diag::warn_type_tag_for_datatype_wrong_kind)
15458 << TypeTagExpr->getSourceRange();
15459 return;
15460 }
15461
15462 // Retrieve the argument representing the 'arg_idx'.
15463 unsigned ArgumentIdxAST = Attr->getArgumentIdx().getASTIndex();
15464 if (ArgumentIdxAST >= ExprArgs.size()) {
15465 Diag(Loc: CallSiteLoc, DiagID: diag::err_tag_index_out_of_range)
15466 << 1 << Attr->getArgumentIdx().getSourceIndex();
15467 return;
15468 }
15469 const Expr *ArgumentExpr = ExprArgs[ArgumentIdxAST];
15470 if (IsPointerAttr) {
15471 // Skip implicit cast of pointer to `void *' (as a function argument).
15472 if (const ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(Val: ArgumentExpr))
15473 if (ICE->getType()->isVoidPointerType() &&
15474 ICE->getCastKind() == CK_BitCast)
15475 ArgumentExpr = ICE->getSubExpr();
15476 }
15477 QualType ArgumentType = ArgumentExpr->getType();
15478
15479 // Passing a `void*' pointer shouldn't trigger a warning.
15480 if (IsPointerAttr && ArgumentType->isVoidPointerType())
15481 return;
15482
15483 if (TypeInfo.MustBeNull) {
15484 // Type tag with matching void type requires a null pointer.
15485 if (!ArgumentExpr->isNullPointerConstant(Ctx&: Context,
15486 NPC: Expr::NPC_ValueDependentIsNotNull)) {
15487 Diag(Loc: ArgumentExpr->getExprLoc(),
15488 DiagID: diag::warn_type_safety_null_pointer_required)
15489 << ArgumentKind->getName()
15490 << ArgumentExpr->getSourceRange()
15491 << TypeTagExpr->getSourceRange();
15492 }
15493 return;
15494 }
15495
15496 QualType RequiredType = TypeInfo.Type;
15497 if (IsPointerAttr)
15498 RequiredType = Context.getPointerType(T: RequiredType);
15499
15500 bool mismatch = false;
15501 if (!TypeInfo.LayoutCompatible) {
15502 mismatch = !Context.hasSameType(T1: ArgumentType, T2: RequiredType);
15503
15504 // C++11 [basic.fundamental] p1:
15505 // Plain char, signed char, and unsigned char are three distinct types.
15506 //
15507 // But we treat plain `char' as equivalent to `signed char' or `unsigned
15508 // char' depending on the current char signedness mode.
15509 if (mismatch)
15510 if ((IsPointerAttr && IsSameCharType(T1: ArgumentType->getPointeeType(),
15511 T2: RequiredType->getPointeeType())) ||
15512 (!IsPointerAttr && IsSameCharType(T1: ArgumentType, T2: RequiredType)))
15513 mismatch = false;
15514 } else
15515 if (IsPointerAttr)
15516 mismatch = !isLayoutCompatible(C: Context,
15517 T1: ArgumentType->getPointeeType(),
15518 T2: RequiredType->getPointeeType());
15519 else
15520 mismatch = !isLayoutCompatible(C: Context, T1: ArgumentType, T2: RequiredType);
15521
15522 if (mismatch)
15523 Diag(Loc: ArgumentExpr->getExprLoc(), DiagID: diag::warn_type_safety_type_mismatch)
15524 << ArgumentType << ArgumentKind
15525 << TypeInfo.LayoutCompatible << RequiredType
15526 << ArgumentExpr->getSourceRange()
15527 << TypeTagExpr->getSourceRange();
15528}
15529
15530void Sema::AddPotentialMisalignedMembers(Expr *E, RecordDecl *RD, ValueDecl *MD,
15531 CharUnits Alignment) {
15532 MisalignedMembers.emplace_back(Args&: E, Args&: RD, Args&: MD, Args&: Alignment);
15533}
15534
15535void Sema::DiagnoseMisalignedMembers() {
15536 for (MisalignedMember &m : MisalignedMembers) {
15537 const NamedDecl *ND = m.RD;
15538 if (ND->getName().empty()) {
15539 if (const TypedefNameDecl *TD = m.RD->getTypedefNameForAnonDecl())
15540 ND = TD;
15541 }
15542 Diag(Loc: m.E->getBeginLoc(), DiagID: diag::warn_taking_address_of_packed_member)
15543 << m.MD << ND << m.E->getSourceRange();
15544 }
15545 MisalignedMembers.clear();
15546}
15547
15548void Sema::DiscardMisalignedMemberAddress(const Type *T, Expr *E) {
15549 E = E->IgnoreParens();
15550 if (!T->isPointerType() && !T->isIntegerType() && !T->isDependentType())
15551 return;
15552 if (isa<UnaryOperator>(Val: E) &&
15553 cast<UnaryOperator>(Val: E)->getOpcode() == UO_AddrOf) {
15554 auto *Op = cast<UnaryOperator>(Val: E)->getSubExpr()->IgnoreParens();
15555 if (isa<MemberExpr>(Val: Op)) {
15556 auto *MA = llvm::find(Range&: MisalignedMembers, Val: MisalignedMember(Op));
15557 if (MA != MisalignedMembers.end() &&
15558 (T->isDependentType() || T->isIntegerType() ||
15559 (T->isPointerType() && (T->getPointeeType()->isIncompleteType() ||
15560 Context.getTypeAlignInChars(
15561 T: T->getPointeeType()) <= MA->Alignment))))
15562 MisalignedMembers.erase(CI: MA);
15563 }
15564 }
15565}
15566
15567void Sema::RefersToMemberWithReducedAlignment(
15568 Expr *E,
15569 llvm::function_ref<void(Expr *, RecordDecl *, FieldDecl *, CharUnits)>
15570 Action) {
15571 const auto *ME = dyn_cast<MemberExpr>(Val: E);
15572 if (!ME)
15573 return;
15574
15575 // No need to check expressions with an __unaligned-qualified type.
15576 if (E->getType().getQualifiers().hasUnaligned())
15577 return;
15578
15579 // For a chain of MemberExpr like "a.b.c.d" this list
15580 // will keep FieldDecl's like [d, c, b].
15581 SmallVector<FieldDecl *, 4> ReverseMemberChain;
15582 const MemberExpr *TopME = nullptr;
15583 bool AnyIsPacked = false;
15584 do {
15585 QualType BaseType = ME->getBase()->getType();
15586 if (BaseType->isDependentType())
15587 return;
15588 if (ME->isArrow())
15589 BaseType = BaseType->getPointeeType();
15590 RecordDecl *RD = BaseType->castAs<RecordType>()->getDecl();
15591 if (RD->isInvalidDecl())
15592 return;
15593
15594 ValueDecl *MD = ME->getMemberDecl();
15595 auto *FD = dyn_cast<FieldDecl>(Val: MD);
15596 // We do not care about non-data members.
15597 if (!FD || FD->isInvalidDecl())
15598 return;
15599
15600 AnyIsPacked =
15601 AnyIsPacked || (RD->hasAttr<PackedAttr>() || MD->hasAttr<PackedAttr>());
15602 ReverseMemberChain.push_back(Elt: FD);
15603
15604 TopME = ME;
15605 ME = dyn_cast<MemberExpr>(Val: ME->getBase()->IgnoreParens());
15606 } while (ME);
15607 assert(TopME && "We did not compute a topmost MemberExpr!");
15608
15609 // Not the scope of this diagnostic.
15610 if (!AnyIsPacked)
15611 return;
15612
15613 const Expr *TopBase = TopME->getBase()->IgnoreParenImpCasts();
15614 const auto *DRE = dyn_cast<DeclRefExpr>(Val: TopBase);
15615 // TODO: The innermost base of the member expression may be too complicated.
15616 // For now, just disregard these cases. This is left for future
15617 // improvement.
15618 if (!DRE && !isa<CXXThisExpr>(Val: TopBase))
15619 return;
15620
15621 // Alignment expected by the whole expression.
15622 CharUnits ExpectedAlignment = Context.getTypeAlignInChars(T: E->getType());
15623
15624 // No need to do anything else with this case.
15625 if (ExpectedAlignment.isOne())
15626 return;
15627
15628 // Synthesize offset of the whole access.
15629 CharUnits Offset;
15630 for (const FieldDecl *FD : llvm::reverse(C&: ReverseMemberChain))
15631 Offset += Context.toCharUnitsFromBits(BitSize: Context.getFieldOffset(FD));
15632
15633 // Compute the CompleteObjectAlignment as the alignment of the whole chain.
15634 CharUnits CompleteObjectAlignment = Context.getTypeAlignInChars(
15635 T: ReverseMemberChain.back()->getParent()->getTypeForDecl());
15636
15637 // The base expression of the innermost MemberExpr may give
15638 // stronger guarantees than the class containing the member.
15639 if (DRE && !TopME->isArrow()) {
15640 const ValueDecl *VD = DRE->getDecl();
15641 if (!VD->getType()->isReferenceType())
15642 CompleteObjectAlignment =
15643 std::max(a: CompleteObjectAlignment, b: Context.getDeclAlign(D: VD));
15644 }
15645
15646 // Check if the synthesized offset fulfills the alignment.
15647 if (Offset % ExpectedAlignment != 0 ||
15648 // It may fulfill the offset it but the effective alignment may still be
15649 // lower than the expected expression alignment.
15650 CompleteObjectAlignment < ExpectedAlignment) {
15651 // If this happens, we want to determine a sensible culprit of this.
15652 // Intuitively, watching the chain of member expressions from right to
15653 // left, we start with the required alignment (as required by the field
15654 // type) but some packed attribute in that chain has reduced the alignment.
15655 // It may happen that another packed structure increases it again. But if
15656 // we are here such increase has not been enough. So pointing the first
15657 // FieldDecl that either is packed or else its RecordDecl is,
15658 // seems reasonable.
15659 FieldDecl *FD = nullptr;
15660 CharUnits Alignment;
15661 for (FieldDecl *FDI : ReverseMemberChain) {
15662 if (FDI->hasAttr<PackedAttr>() ||
15663 FDI->getParent()->hasAttr<PackedAttr>()) {
15664 FD = FDI;
15665 Alignment = std::min(
15666 a: Context.getTypeAlignInChars(T: FD->getType()),
15667 b: Context.getTypeAlignInChars(T: FD->getParent()->getTypeForDecl()));
15668 break;
15669 }
15670 }
15671 assert(FD && "We did not find a packed FieldDecl!");
15672 Action(E, FD->getParent(), FD, Alignment);
15673 }
15674}
15675
15676void Sema::CheckAddressOfPackedMember(Expr *rhs) {
15677 using namespace std::placeholders;
15678
15679 RefersToMemberWithReducedAlignment(
15680 E: rhs, Action: std::bind(f: &Sema::AddPotentialMisalignedMembers, args: std::ref(t&: *this), args: _1,
15681 args: _2, args: _3, args: _4));
15682}
15683
15684// Performs a similar job to Sema::UsualUnaryConversions, but without any
15685// implicit promotion of integral/enumeration types.
15686static ExprResult BuiltinVectorMathConversions(Sema &S, Expr *E) {
15687 // First, convert to an r-value.
15688 ExprResult Res = S.DefaultFunctionArrayLvalueConversion(E);
15689 if (Res.isInvalid())
15690 return ExprError();
15691
15692 // Promote floating-point types.
15693 return S.UsualUnaryFPConversions(E: Res.get());
15694}
15695
15696bool Sema::PrepareBuiltinElementwiseMathOneArgCall(
15697 CallExpr *TheCall, EltwiseBuiltinArgTyRestriction ArgTyRestr) {
15698 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
15699 return true;
15700
15701 ExprResult A = BuiltinVectorMathConversions(S&: *this, E: TheCall->getArg(Arg: 0));
15702 if (A.isInvalid())
15703 return true;
15704
15705 TheCall->setArg(Arg: 0, ArgExpr: A.get());
15706 QualType TyA = A.get()->getType();
15707
15708 if (checkMathBuiltinElementType(S&: *this, Loc: A.get()->getBeginLoc(), ArgTy: TyA,
15709 ArgTyRestr, ArgOrdinal: 1))
15710 return true;
15711
15712 TheCall->setType(TyA);
15713 return false;
15714}
15715
15716bool Sema::BuiltinElementwiseMath(CallExpr *TheCall,
15717 EltwiseBuiltinArgTyRestriction ArgTyRestr) {
15718 if (auto Res = BuiltinVectorMath(TheCall, ArgTyRestr); Res.has_value()) {
15719 TheCall->setType(*Res);
15720 return false;
15721 }
15722 return true;
15723}
15724
15725bool Sema::BuiltinVectorToScalarMath(CallExpr *TheCall) {
15726 std::optional<QualType> Res = BuiltinVectorMath(TheCall);
15727 if (!Res)
15728 return true;
15729
15730 if (auto *VecTy0 = (*Res)->getAs<VectorType>())
15731 TheCall->setType(VecTy0->getElementType());
15732 else
15733 TheCall->setType(*Res);
15734
15735 return false;
15736}
15737
15738static bool checkBuiltinVectorMathMixedEnums(Sema &S, Expr *LHS, Expr *RHS,
15739 SourceLocation Loc) {
15740 QualType L = LHS->getEnumCoercedType(Ctx: S.Context),
15741 R = RHS->getEnumCoercedType(Ctx: S.Context);
15742 if (L->isUnscopedEnumerationType() && R->isUnscopedEnumerationType() &&
15743 !S.Context.hasSameUnqualifiedType(T1: L, T2: R)) {
15744 return S.Diag(Loc, DiagID: diag::err_conv_mixed_enum_types)
15745 << LHS->getSourceRange() << RHS->getSourceRange()
15746 << /*Arithmetic Between*/ 0 << L << R;
15747 }
15748 return false;
15749}
15750
15751std::optional<QualType>
15752Sema::BuiltinVectorMath(CallExpr *TheCall,
15753 EltwiseBuiltinArgTyRestriction ArgTyRestr) {
15754 if (checkArgCount(Call: TheCall, DesiredArgCount: 2))
15755 return std::nullopt;
15756
15757 if (checkBuiltinVectorMathMixedEnums(
15758 S&: *this, LHS: TheCall->getArg(Arg: 0), RHS: TheCall->getArg(Arg: 1), Loc: TheCall->getExprLoc()))
15759 return std::nullopt;
15760
15761 Expr *Args[2];
15762 for (int I = 0; I < 2; ++I) {
15763 ExprResult Converted =
15764 BuiltinVectorMathConversions(S&: *this, E: TheCall->getArg(Arg: I));
15765 if (Converted.isInvalid())
15766 return std::nullopt;
15767 Args[I] = Converted.get();
15768 }
15769
15770 SourceLocation LocA = Args[0]->getBeginLoc();
15771 QualType TyA = Args[0]->getType();
15772 QualType TyB = Args[1]->getType();
15773
15774 if (checkMathBuiltinElementType(S&: *this, Loc: LocA, ArgTy: TyA, ArgTyRestr, ArgOrdinal: 1))
15775 return std::nullopt;
15776
15777 if (!Context.hasSameUnqualifiedType(T1: TyA, T2: TyB)) {
15778 Diag(Loc: LocA, DiagID: diag::err_typecheck_call_different_arg_types) << TyA << TyB;
15779 return std::nullopt;
15780 }
15781
15782 TheCall->setArg(Arg: 0, ArgExpr: Args[0]);
15783 TheCall->setArg(Arg: 1, ArgExpr: Args[1]);
15784 return TyA;
15785}
15786
15787bool Sema::BuiltinElementwiseTernaryMath(
15788 CallExpr *TheCall, EltwiseBuiltinArgTyRestriction ArgTyRestr) {
15789 if (checkArgCount(Call: TheCall, DesiredArgCount: 3))
15790 return true;
15791
15792 SourceLocation Loc = TheCall->getExprLoc();
15793 if (checkBuiltinVectorMathMixedEnums(S&: *this, LHS: TheCall->getArg(Arg: 0),
15794 RHS: TheCall->getArg(Arg: 1), Loc) ||
15795 checkBuiltinVectorMathMixedEnums(S&: *this, LHS: TheCall->getArg(Arg: 1),
15796 RHS: TheCall->getArg(Arg: 2), Loc))
15797 return true;
15798
15799 Expr *Args[3];
15800 for (int I = 0; I < 3; ++I) {
15801 ExprResult Converted =
15802 BuiltinVectorMathConversions(S&: *this, E: TheCall->getArg(Arg: I));
15803 if (Converted.isInvalid())
15804 return true;
15805 Args[I] = Converted.get();
15806 }
15807
15808 int ArgOrdinal = 1;
15809 for (Expr *Arg : Args) {
15810 if (checkMathBuiltinElementType(S&: *this, Loc: Arg->getBeginLoc(), ArgTy: Arg->getType(),
15811 ArgTyRestr, ArgOrdinal: ArgOrdinal++))
15812 return true;
15813 }
15814
15815 for (int I = 1; I < 3; ++I) {
15816 if (Args[0]->getType().getCanonicalType() !=
15817 Args[I]->getType().getCanonicalType()) {
15818 return Diag(Loc: Args[0]->getBeginLoc(),
15819 DiagID: diag::err_typecheck_call_different_arg_types)
15820 << Args[0]->getType() << Args[I]->getType();
15821 }
15822
15823 TheCall->setArg(Arg: I, ArgExpr: Args[I]);
15824 }
15825
15826 TheCall->setType(Args[0]->getType());
15827 return false;
15828}
15829
15830bool Sema::PrepareBuiltinReduceMathOneArgCall(CallExpr *TheCall) {
15831 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
15832 return true;
15833
15834 ExprResult A = UsualUnaryConversions(E: TheCall->getArg(Arg: 0));
15835 if (A.isInvalid())
15836 return true;
15837
15838 TheCall->setArg(Arg: 0, ArgExpr: A.get());
15839 return false;
15840}
15841
15842bool Sema::BuiltinNonDeterministicValue(CallExpr *TheCall) {
15843 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
15844 return true;
15845
15846 ExprResult Arg = TheCall->getArg(Arg: 0);
15847 QualType TyArg = Arg.get()->getType();
15848
15849 if (!TyArg->isBuiltinType() && !TyArg->isVectorType())
15850 return Diag(Loc: TheCall->getArg(Arg: 0)->getBeginLoc(),
15851 DiagID: diag::err_builtin_invalid_arg_type)
15852 << 1 << /* vector */ 2 << /* integer */ 1 << /* fp */ 1 << TyArg;
15853
15854 TheCall->setType(TyArg);
15855 return false;
15856}
15857
15858ExprResult Sema::BuiltinMatrixTranspose(CallExpr *TheCall,
15859 ExprResult CallResult) {
15860 if (checkArgCount(Call: TheCall, DesiredArgCount: 1))
15861 return ExprError();
15862
15863 ExprResult MatrixArg = DefaultLvalueConversion(E: TheCall->getArg(Arg: 0));
15864 if (MatrixArg.isInvalid())
15865 return MatrixArg;
15866 Expr *Matrix = MatrixArg.get();
15867
15868 auto *MType = Matrix->getType()->getAs<ConstantMatrixType>();
15869 if (!MType) {
15870 Diag(Loc: Matrix->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
15871 << 1 << /* matrix */ 3 << /* no int */ 0 << /* no fp */ 0
15872 << Matrix->getType();
15873 return ExprError();
15874 }
15875
15876 // Create returned matrix type by swapping rows and columns of the argument
15877 // matrix type.
15878 QualType ResultType = Context.getConstantMatrixType(
15879 ElementType: MType->getElementType(), NumRows: MType->getNumColumns(), NumColumns: MType->getNumRows());
15880
15881 // Change the return type to the type of the returned matrix.
15882 TheCall->setType(ResultType);
15883
15884 // Update call argument to use the possibly converted matrix argument.
15885 TheCall->setArg(Arg: 0, ArgExpr: Matrix);
15886 return CallResult;
15887}
15888
15889// Get and verify the matrix dimensions.
15890static std::optional<unsigned>
15891getAndVerifyMatrixDimension(Expr *Expr, StringRef Name, Sema &S) {
15892 SourceLocation ErrorPos;
15893 std::optional<llvm::APSInt> Value =
15894 Expr->getIntegerConstantExpr(Ctx: S.Context, Loc: &ErrorPos);
15895 if (!Value) {
15896 S.Diag(Loc: Expr->getBeginLoc(), DiagID: diag::err_builtin_matrix_scalar_unsigned_arg)
15897 << Name;
15898 return {};
15899 }
15900 uint64_t Dim = Value->getZExtValue();
15901 if (!ConstantMatrixType::isDimensionValid(NumElements: Dim)) {
15902 S.Diag(Loc: Expr->getBeginLoc(), DiagID: diag::err_builtin_matrix_invalid_dimension)
15903 << Name << ConstantMatrixType::getMaxElementsPerDimension();
15904 return {};
15905 }
15906 return Dim;
15907}
15908
15909ExprResult Sema::BuiltinMatrixColumnMajorLoad(CallExpr *TheCall,
15910 ExprResult CallResult) {
15911 if (!getLangOpts().MatrixTypes) {
15912 Diag(Loc: TheCall->getBeginLoc(), DiagID: diag::err_builtin_matrix_disabled);
15913 return ExprError();
15914 }
15915
15916 if (checkArgCount(Call: TheCall, DesiredArgCount: 4))
15917 return ExprError();
15918
15919 unsigned PtrArgIdx = 0;
15920 Expr *PtrExpr = TheCall->getArg(Arg: PtrArgIdx);
15921 Expr *RowsExpr = TheCall->getArg(Arg: 1);
15922 Expr *ColumnsExpr = TheCall->getArg(Arg: 2);
15923 Expr *StrideExpr = TheCall->getArg(Arg: 3);
15924
15925 bool ArgError = false;
15926
15927 // Check pointer argument.
15928 {
15929 ExprResult PtrConv = DefaultFunctionArrayLvalueConversion(E: PtrExpr);
15930 if (PtrConv.isInvalid())
15931 return PtrConv;
15932 PtrExpr = PtrConv.get();
15933 TheCall->setArg(Arg: 0, ArgExpr: PtrExpr);
15934 if (PtrExpr->isTypeDependent()) {
15935 TheCall->setType(Context.DependentTy);
15936 return TheCall;
15937 }
15938 }
15939
15940 auto *PtrTy = PtrExpr->getType()->getAs<PointerType>();
15941 QualType ElementTy;
15942 if (!PtrTy) {
15943 Diag(Loc: PtrExpr->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
15944 << PtrArgIdx + 1 << 0 << /* pointer to element ty */ 5 << /* no fp */ 0
15945 << PtrExpr->getType();
15946 ArgError = true;
15947 } else {
15948 ElementTy = PtrTy->getPointeeType().getUnqualifiedType();
15949
15950 if (!ConstantMatrixType::isValidElementType(T: ElementTy)) {
15951 Diag(Loc: PtrExpr->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
15952 << PtrArgIdx + 1 << 0 << /* pointer to element ty */ 5
15953 << /* no fp */ 0 << PtrExpr->getType();
15954 ArgError = true;
15955 }
15956 }
15957
15958 // Apply default Lvalue conversions and convert the expression to size_t.
15959 auto ApplyArgumentConversions = [this](Expr *E) {
15960 ExprResult Conv = DefaultLvalueConversion(E);
15961 if (Conv.isInvalid())
15962 return Conv;
15963
15964 return tryConvertExprToType(E: Conv.get(), Ty: Context.getSizeType());
15965 };
15966
15967 // Apply conversion to row and column expressions.
15968 ExprResult RowsConv = ApplyArgumentConversions(RowsExpr);
15969 if (!RowsConv.isInvalid()) {
15970 RowsExpr = RowsConv.get();
15971 TheCall->setArg(Arg: 1, ArgExpr: RowsExpr);
15972 } else
15973 RowsExpr = nullptr;
15974
15975 ExprResult ColumnsConv = ApplyArgumentConversions(ColumnsExpr);
15976 if (!ColumnsConv.isInvalid()) {
15977 ColumnsExpr = ColumnsConv.get();
15978 TheCall->setArg(Arg: 2, ArgExpr: ColumnsExpr);
15979 } else
15980 ColumnsExpr = nullptr;
15981
15982 // If any part of the result matrix type is still pending, just use
15983 // Context.DependentTy, until all parts are resolved.
15984 if ((RowsExpr && RowsExpr->isTypeDependent()) ||
15985 (ColumnsExpr && ColumnsExpr->isTypeDependent())) {
15986 TheCall->setType(Context.DependentTy);
15987 return CallResult;
15988 }
15989
15990 // Check row and column dimensions.
15991 std::optional<unsigned> MaybeRows;
15992 if (RowsExpr)
15993 MaybeRows = getAndVerifyMatrixDimension(Expr: RowsExpr, Name: "row", S&: *this);
15994
15995 std::optional<unsigned> MaybeColumns;
15996 if (ColumnsExpr)
15997 MaybeColumns = getAndVerifyMatrixDimension(Expr: ColumnsExpr, Name: "column", S&: *this);
15998
15999 // Check stride argument.
16000 ExprResult StrideConv = ApplyArgumentConversions(StrideExpr);
16001 if (StrideConv.isInvalid())
16002 return ExprError();
16003 StrideExpr = StrideConv.get();
16004 TheCall->setArg(Arg: 3, ArgExpr: StrideExpr);
16005
16006 if (MaybeRows) {
16007 if (std::optional<llvm::APSInt> Value =
16008 StrideExpr->getIntegerConstantExpr(Ctx: Context)) {
16009 uint64_t Stride = Value->getZExtValue();
16010 if (Stride < *MaybeRows) {
16011 Diag(Loc: StrideExpr->getBeginLoc(),
16012 DiagID: diag::err_builtin_matrix_stride_too_small);
16013 ArgError = true;
16014 }
16015 }
16016 }
16017
16018 if (ArgError || !MaybeRows || !MaybeColumns)
16019 return ExprError();
16020
16021 TheCall->setType(
16022 Context.getConstantMatrixType(ElementType: ElementTy, NumRows: *MaybeRows, NumColumns: *MaybeColumns));
16023 return CallResult;
16024}
16025
16026ExprResult Sema::BuiltinMatrixColumnMajorStore(CallExpr *TheCall,
16027 ExprResult CallResult) {
16028 if (checkArgCount(Call: TheCall, DesiredArgCount: 3))
16029 return ExprError();
16030
16031 unsigned PtrArgIdx = 1;
16032 Expr *MatrixExpr = TheCall->getArg(Arg: 0);
16033 Expr *PtrExpr = TheCall->getArg(Arg: PtrArgIdx);
16034 Expr *StrideExpr = TheCall->getArg(Arg: 2);
16035
16036 bool ArgError = false;
16037
16038 {
16039 ExprResult MatrixConv = DefaultLvalueConversion(E: MatrixExpr);
16040 if (MatrixConv.isInvalid())
16041 return MatrixConv;
16042 MatrixExpr = MatrixConv.get();
16043 TheCall->setArg(Arg: 0, ArgExpr: MatrixExpr);
16044 }
16045 if (MatrixExpr->isTypeDependent()) {
16046 TheCall->setType(Context.DependentTy);
16047 return TheCall;
16048 }
16049
16050 auto *MatrixTy = MatrixExpr->getType()->getAs<ConstantMatrixType>();
16051 if (!MatrixTy) {
16052 Diag(Loc: MatrixExpr->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
16053 << 1 << /* matrix ty */ 3 << 0 << 0 << MatrixExpr->getType();
16054 ArgError = true;
16055 }
16056
16057 {
16058 ExprResult PtrConv = DefaultFunctionArrayLvalueConversion(E: PtrExpr);
16059 if (PtrConv.isInvalid())
16060 return PtrConv;
16061 PtrExpr = PtrConv.get();
16062 TheCall->setArg(Arg: 1, ArgExpr: PtrExpr);
16063 if (PtrExpr->isTypeDependent()) {
16064 TheCall->setType(Context.DependentTy);
16065 return TheCall;
16066 }
16067 }
16068
16069 // Check pointer argument.
16070 auto *PtrTy = PtrExpr->getType()->getAs<PointerType>();
16071 if (!PtrTy) {
16072 Diag(Loc: PtrExpr->getBeginLoc(), DiagID: diag::err_builtin_invalid_arg_type)
16073 << PtrArgIdx + 1 << 0 << /* pointer to element ty */ 5 << 0
16074 << PtrExpr->getType();
16075 ArgError = true;
16076 } else {
16077 QualType ElementTy = PtrTy->getPointeeType();
16078 if (ElementTy.isConstQualified()) {
16079 Diag(Loc: PtrExpr->getBeginLoc(), DiagID: diag::err_builtin_matrix_store_to_const);
16080 ArgError = true;
16081 }
16082 ElementTy = ElementTy.getUnqualifiedType().getCanonicalType();
16083 if (MatrixTy &&
16084 !Context.hasSameType(T1: ElementTy, T2: MatrixTy->getElementType())) {
16085 Diag(Loc: PtrExpr->getBeginLoc(),
16086 DiagID: diag::err_builtin_matrix_pointer_arg_mismatch)
16087 << ElementTy << MatrixTy->getElementType();
16088 ArgError = true;
16089 }
16090 }
16091
16092 // Apply default Lvalue conversions and convert the stride expression to
16093 // size_t.
16094 {
16095 ExprResult StrideConv = DefaultLvalueConversion(E: StrideExpr);
16096 if (StrideConv.isInvalid())
16097 return StrideConv;
16098
16099 StrideConv = tryConvertExprToType(E: StrideConv.get(), Ty: Context.getSizeType());
16100 if (StrideConv.isInvalid())
16101 return StrideConv;
16102 StrideExpr = StrideConv.get();
16103 TheCall->setArg(Arg: 2, ArgExpr: StrideExpr);
16104 }
16105
16106 // Check stride argument.
16107 if (MatrixTy) {
16108 if (std::optional<llvm::APSInt> Value =
16109 StrideExpr->getIntegerConstantExpr(Ctx: Context)) {
16110 uint64_t Stride = Value->getZExtValue();
16111 if (Stride < MatrixTy->getNumRows()) {
16112 Diag(Loc: StrideExpr->getBeginLoc(),
16113 DiagID: diag::err_builtin_matrix_stride_too_small);
16114 ArgError = true;
16115 }
16116 }
16117 }
16118
16119 if (ArgError)
16120 return ExprError();
16121
16122 return CallResult;
16123}
16124
16125void Sema::CheckTCBEnforcement(const SourceLocation CallExprLoc,
16126 const NamedDecl *Callee) {
16127 // This warning does not make sense in code that has no runtime behavior.
16128 if (isUnevaluatedContext())
16129 return;
16130
16131 const NamedDecl *Caller = getCurFunctionOrMethodDecl();
16132
16133 if (!Caller || !Caller->hasAttr<EnforceTCBAttr>())
16134 return;
16135
16136 // Search through the enforce_tcb and enforce_tcb_leaf attributes to find
16137 // all TCBs the callee is a part of.
16138 llvm::StringSet<> CalleeTCBs;
16139 for (const auto *A : Callee->specific_attrs<EnforceTCBAttr>())
16140 CalleeTCBs.insert(key: A->getTCBName());
16141 for (const auto *A : Callee->specific_attrs<EnforceTCBLeafAttr>())
16142 CalleeTCBs.insert(key: A->getTCBName());
16143
16144 // Go through the TCBs the caller is a part of and emit warnings if Caller
16145 // is in a TCB that the Callee is not.
16146 for (const auto *A : Caller->specific_attrs<EnforceTCBAttr>()) {
16147 StringRef CallerTCB = A->getTCBName();
16148 if (CalleeTCBs.count(Key: CallerTCB) == 0) {
16149 this->Diag(Loc: CallExprLoc, DiagID: diag::warn_tcb_enforcement_violation)
16150 << Callee << CallerTCB;
16151 }
16152 }
16153}
16154