This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
docs/
-
ReleaseNotes.rst
-
include/clang/
-
clang/
-
Basic/
14
DiagnosticSemaKinds.td
-
Sema/
-
Sema.h
-
lib/Sema/
-
Sema/
-
SemaExpr.cpp
-
test/Sema/
-
Sema/
-
incompatible-function-pointer-types-strict.c

Differential D136790

[Clang][Sema] Add -Wincompatible-function-pointer-types-strict
ClosedPublic

Authored by samitolvanen on Oct 26 2022, 2:10 PM.

Download Raw Diff

Details

Reviewers

aaron.ballman
nickdesaulniers
pcc
joaomoreira
kees
nathanchance

Commits

rG41ce74e6e983: [Clang][Sema] Add -Wincompatible-function-pointer-types-strict

Summary

Clang supports indirect call Control-Flow Integrity (CFI) sanitizers
(e.g. -fsanitize=cfi-icall), which enforce an exact type match
between a function pointer and the target function. Unfortunately,
Clang doesn't provide diagnostics that help developers avoid
function pointer assignments that can lead to runtime CFI
failures. -Wincompatible-function-pointer-types doesn't warn about
enum to integer mismatches if the types are otherwise compatible, for
example, which isn't sufficient with CFI.

Add -Wincompatible-function-pointer-types-strict, which checks for a
stricter function type compatibility in assignments and helps warn about
assignments that can potentially lead to CFI failures.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

samitolvanen created this revision.Oct 26 2022, 2:10 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 26 2022, 2:10 PM

samitolvanen requested review of this revision.Oct 26 2022, 2:10 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 26 2022, 2:10 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Similarly to D134831, -Wincompatible-function-pointer-types also seems to miss int <-> enum mismatches in function pointer assignments, for example. Does this look like a reasonable approach or is there a better way to implement something like this?

Harbormaster completed remote builds in B194494: Diff 470930.Oct 26 2022, 3:28 PM

nickdesaulniers accepted this revision.Oct 31 2022, 11:10 AM

This revision is now accepted and ready to land.Oct 31 2022, 11:10 AM

Thank you for the new diagnostic, please be sure to add a release note so users know there's a new warning.

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	We don't typically add new off-by-default warnings because we have evidence that users don't enable them enough to be worth adding them. Is there a way we can enable this warning by default for CFI compilation units (or when the cfi sanitizer is enabled) so that it's only off by default for non-CFI users? I don't think we have any examples of doing this in the code base, so I believe this would be breaking new ground (and thus is worth thinking about more, perhaps it's a bad idea for some reason).

In D136790#3897184, @aaron.ballman wrote:

please be sure to add a release note so users know there's a new warning.

I'll add a release note. Thanks for the reminder!

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	Is there a way we can enable this warning by default for CFI compilation units (or when the cfi sanitizer is enabled) so that it's only off by default for non-CFI users? I can look into it, but I'm not sure if there's a convenient way to do that. An alternative to this could be to enable the warning by default, but only actually perform the check if CFI is enabled. This way non-CFI users would never see the warning because this really isn't a concern for them, but CFI users would still get the warning without explicitly enabling it. Or do you think this behavior would be confusing?

aaron.ballman added inline comments.Nov 1 2022, 5:04 AM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	Heh, sorry for not being clear, that's actually somewhat along the lines of how I envisioned you'd implement it (we don't have a way in tablegen to tie `DefaultIgnore` to some language options or a target). I was thinking the diagnostic would be left as `DefaultIgnore` in the .td file, but we'd take note in the driver that CFI was enabled and pass `-Wincompatible-function-pointer-types-strict` to the `-cc1` invocation. If the user wrote `-Wno-incompatible-function-pointer-types-strict` at the driver level, that would come after the automatically generated flag for cc1 and would still disable the diagnostic in the cc1 invocation (because the last flag wins). WDYT?

nathanchance added inline comments.Nov 1 2022, 1:31 PM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	I do not think that is unreasonable behavior in the generic case but specifically for the Linux kernel, kCFI is disabled by default (`CONFIG_CFI_CLANG` has to be specifically enabled) but we want to see this warning regardless of the value of that configuration so that driver authors who test with clang and automated testers are more likely to find them. As a result, if the warning is not going to be default on, we would still need to specifically enable it in our CFLAGS. I suppose your suggestion would help out folks using CFI in production though so maybe it is still worth considering doing?

samitolvanen added inline comments.Nov 1 2022, 2:23 PM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	I was thinking the diagnostic would be left as `DefaultIgnore` in the .td file, but we'd take note in the driver that CFI was enabled and pass `-Wincompatible-function-pointer-types-strict` to the `-cc1` invocation. Thanks for clarifying, that sounds reasonable. Of course, enabling it by default with CFI would still mean that we'll have to either explicitly disable this in the kernel (or fix all the existing warnings) before submitting the Clang change.

aaron.ballman added inline comments.Nov 2 2022, 11:15 AM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	As a result, if the warning is not going to be default on, we would still need to specifically enable it in our CFLAGS. I suppose your suggestion would help out folks using CFI in production though so maybe it is still worth considering doing? It sounds like either approach will require you to specifically enable it in your CFLAGS, right? Either it's off-by-default for everyone, or it's only on-by-default for CFI enabled builds (which the Linux kernel disables by default).
8219	Thanks for clarifying, that sounds reasonable. Of course, enabling it by default with CFI would still mean that we'll have to either explicitly disable this in the kernel (or fix all the existing warnings) before submitting the Clang change. Er, is there a chicken and egg problem here? I was imagining that you could land the changes in Clang and disable the flag in the Linux kernel around roughly the same time (we can time when we land things to make life easier for you) so it wouldn't be particularly disruptive. If it would be disruptive, another approach would be to leave it off by default everywhere, get the Linux kernel CFI warning free, then enable it for CFI builds by default. But that seems riskier to me (we are more likely to forget to come turn the warning on by default later).

nathanchance added inline comments.Nov 2 2022, 11:59 AM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	It sounds like either approach will require you to specifically enable it in your CFLAGS, right? Either it's off-by-default for everyone, or it's only on-by-default for CFI enabled builds (which the Linux kernel disables by default). Right, I was only mentioning our use case will necessitate it being always enabled so conditionally enabling it would be extra work that wouldn't benefit us but obviously, the world does not revolve around our one project :)
8219	Er, is there a chicken and egg problem here? I was imagining that you could land the changes in Clang and disable the flag in the Linux kernel around roughly the same time (we can time when we land things to make life easier for you) so it wouldn't be particularly disruptive. Yes, we do not have as much freedom with pushing changes into Linux mainline, as they first have to soak in the -next tree, so that will require at least a week. I assume @kees can help us out with getting that patch to Linus in a timely manner though so that is probably not as much of a concern. If it would be disruptive, another approach would be to leave it off by default everywhere, get the Linux kernel CFI warning free, then enable it for CFI builds by default. But that seems riskier to me (we are more likely to forget to come turn the warning on by default later). I have sent patches to fix all the instances of this that I see in the Linux kernel as of this morning: https://github.com/ClangBuiltLinux/linux/issues/1750#issuecomment-1300972689 I have to track all of those so I know when it is possible to enable this warning in `KBUILD_CFLAGS` so I could remind Sami to enable it for CFI builds by default once that is done?

aaron.ballman added inline comments.Nov 2 2022, 12:15 PM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	It sounds like either approach will require you to specifically enable it in your CFLAGS, right? Either it's off-by-default for everyone, or it's only on-by-default for CFI enabled builds (which the Linux kernel disables by default). Right, I was only mentioning our use case will necessitate it being always enabled so conditionally enabling it would be extra work that wouldn't benefit us but obviously, the world does not revolve around our one project :) Phew, I'm glad I wasn't missing something subtle. :-D
8219	I have to track all of those so I know when it is possible to enable this warning in KBUILD_CFLAGS so I could remind Sami to enable it for CFI builds by default once that is done? Okay, that seems reasonable enough to me (assuming @samitolvanen agrees, of course). If that's the route we're going, then I think this patch is basically ready to go as-is (the diagnostic is already off-by-default here) and the only thing left is the release note.

samitolvanen added inline comments.Nov 2 2022, 12:18 PM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	I have to track all of those so I know when it is possible to enable this warning in `KBUILD_CFLAGS` so I could remind Sami to enable it for CFI builds by default once that is done? Note that this wouldn't only affect `-fsanitize=kcfi`. We still use `-fsanitize=cfi` in 5.13-6.0 arm64 kernels. We probably don't want to break those builds with ToT Clang either, so we might still need to disable the warning in the relevant stable trees (or backport the fixes there).

samitolvanen added inline comments.Nov 2 2022, 12:20 PM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	Okay, that seems reasonable enough to me (assuming @samitolvanen agrees, of course). If that's the route we're going, then I think this patch is basically ready to go as-is (the diagnostic is already off-by-default here) and the only thing left is the release note. Sure, that works for me. I'll update the patch with release notes when I have a chance.

nathanchance added inline comments.Nov 2 2022, 12:22 PM

clang/include/clang/Basic/DiagnosticSemaKinds.td
8219	I have to track all of those so I know when it is possible to enable this warning in `KBUILD_CFLAGS` so I could remind Sami to enable it for CFI builds by default once that is done? Note that this wouldn't only affect `-fsanitize=kcfi`. We still use `-fsanitize=cfi` in 5.13-6.0 arm64 kernels. We probably don't want to break those builds with ToT Clang either, so we might still need to disable the warning in the relevant stable trees (or backport the fixes there). Ah good point. It seems entirely reasonable to me to backport whatever fixes are needed for 5.15 and any other stable releases that are supported at the time, as they are fixing potential failures at run time. I can handle that before we enable it by default for either `cfi` and `kcfi`.

Added release notes, grouped together with -Wcast-function-type-strict.

Harbormaster completed remote builds in B196195: Diff 473306.Nov 4 2022, 12:41 PM

LGTM, thank you!

Closed by commit rG41ce74e6e983: [Clang][Sema] Add -Wincompatible-function-pointer-types-strict (authored by samitolvanen). · Explain WhyNov 7 2022, 3:06 PM

This revision was automatically updated to reflect the committed changes.

samitolvanen added a commit: rG41ce74e6e983: [Clang][Sema] Add -Wincompatible-function-pointer-types-strict.

uabelho added a subscriber: uabelho.Nov 7 2022, 11:46 PM

Revision Contents

Path

Size

clang/

docs/

ReleaseNotes.rst

13 lines

include/

clang/

Basic/

DiagnosticSemaKinds.td

3 lines

Sema/

Sema.h

6 lines

lib/

Sema/

SemaExpr.cpp

19 lines

test/

Sema/

incompatible-function-pointer-types-strict.c

20 lines

Diff 473808

clang/docs/ReleaseNotes.rst

Show First 20 Lines • Show All 360 Lines • ▼ Show 20 Lines	- Copy-elided initialization of lock scopes is now handled differently in
which can result in new warnings (or make existing warnings disappear).		which can result in new warnings (or make existing warnings disappear).
- The wording of diagnostics regarding arithmetic on fixed-sized arrays and		- The wording of diagnostics regarding arithmetic on fixed-sized arrays and
pointers is improved to include the type of the array and whether it's cast		pointers is improved to include the type of the array and whether it's cast
to another type. This should improve comprehension for why an index is		to another type. This should improve comprehension for why an index is
out-of-bounds.		out-of-bounds.
- Clang now correctly points to the problematic parameter for the ``-Wnonnull``		- Clang now correctly points to the problematic parameter for the ``-Wnonnull``
warning. This fixes		warning. This fixes
`Issue 58273 <https://github.com/llvm/llvm-project/issues/58273>`_.		`Issue 58273 <https://github.com/llvm/llvm-project/issues/58273>`_.
- Introduced ``-Wcast-function-type-strict`` to warn about function type mismatches		- Introduced ``-Wcast-function-type-strict`` and
in casts that may result in runtime indirect call `Control-Flow Integrity (CFI)		``-Wincompatible-function-pointer-types-strict`` to warn about function type
<https://clang.llvm.org/docs/ControlFlowIntegrity.html>`_ failures. This diagnostic		mismatches in casts and assignments that may result in runtime indirect call
is grouped under ``-Wcast-function-type`` as it identifies a more strict set of		`Control-Flow Integrity (CFI)
potentially problematic function type casts.		<https://clang.llvm.org/docs/ControlFlowIntegrity.html>`_ failures. The
		``-Wcast-function-type-strict`` diagnostic is grouped under
		``-Wcast-function-type`` as it identifies a more strict set of potentially
		problematic function type casts.
- Clang will now disambiguate NTTP types when printing diagnostic that contain NTTP types.		- Clang will now disambiguate NTTP types when printing diagnostic that contain NTTP types.
Fixes `Issue 57562 <https://github.com/llvm/llvm-project/issues/57562>`_.		Fixes `Issue 57562 <https://github.com/llvm/llvm-project/issues/57562>`_.
- Better error recovery for pack expansion of expressions.		- Better error recovery for pack expansion of expressions.
`Issue 58673 <https://github.com/llvm/llvm-project/issues/58673>`_.		`Issue 58673 <https://github.com/llvm/llvm-project/issues/58673>`_.
- Better diagnostics when the user has missed `auto` in a declaration.		- Better diagnostics when the user has missed `auto` in a declaration.
`Issue 49129 <https://github.com/llvm/llvm-project/issues/49129>`_.		`Issue 49129 <https://github.com/llvm/llvm-project/issues/49129>`_.
- Clang now diagnoses use of invalid or reserved module names in a module		- Clang now diagnoses use of invalid or reserved module names in a module
export declaration. Both are diagnosed as an error, but the diagnostic is		export declaration. Both are diagnosed as an error, but the diagnostic is
▲ Show 20 Lines • Show All 458 Lines • Show Last 20 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 8,208 Lines • ▼ Show 20 Lines	def err_typecheck_convert_incompatible_function_pointer : Error<
"\|%diff{casting $ to type $\|casting between types}0,1}2"		"\|%diff{casting $ to type $\|casting between types}0,1}2"
"%select{\|; dereference with *\|"		"%select{\|; dereference with *\|"
"; take the address with &\|"		"; take the address with &\|"
"; remove *\|"		"; remove *\|"
"; remove &}3">;		"; remove &}3">;
def ext_typecheck_convert_incompatible_function_pointer : ExtWarn<		def ext_typecheck_convert_incompatible_function_pointer : ExtWarn<
err_typecheck_convert_incompatible_function_pointer.Text>,		err_typecheck_convert_incompatible_function_pointer.Text>,
InGroup<IncompatibleFunctionPointerTypes>, DefaultError;		InGroup<IncompatibleFunctionPointerTypes>, DefaultError;
		def warn_typecheck_convert_incompatible_function_pointer_strict : Warning<
		err_typecheck_convert_incompatible_function_pointer.Text>,
		InGroup<DiagGroup<"incompatible-function-pointer-types-strict">>, DefaultIgnore;
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions We don't typically add new off-by-default warnings because we have evidence that users don't enable them enough to be worth adding them. Is there a way we can enable this warning by default for CFI compilation units (or when the cfi sanitizer is enabled) so that it's only off by default for non-CFI users? I don't think we have any examples of doing this in the code base, so I believe this would be breaking new ground (and thus is worth thinking about more, perhaps it's a bad idea for some reason). aaron.ballman: We don't typically add new off-by-default warnings because we have evidence that users don't…
		samitolvanenAuthorUnsubmitted Not Done Reply Inline Actions Is there a way we can enable this warning by default for CFI compilation units (or when the cfi sanitizer is enabled) so that it's only off by default for non-CFI users? I can look into it, but I'm not sure if there's a convenient way to do that. An alternative to this could be to enable the warning by default, but only actually perform the check if CFI is enabled. This way non-CFI users would never see the warning because this really isn't a concern for them, but CFI users would still get the warning without explicitly enabling it. Or do you think this behavior would be confusing? samitolvanen: > Is there a way we can enable this warning by default for CFI compilation units (or when the…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions Heh, sorry for not being clear, that's actually somewhat along the lines of how I envisioned you'd implement it (we don't have a way in tablegen to tie `DefaultIgnore` to some language options or a target). I was thinking the diagnostic would be left as `DefaultIgnore` in the .td file, but we'd take note in the driver that CFI was enabled and pass `-Wincompatible-function-pointer-types-strict` to the `-cc1` invocation. If the user wrote `-Wno-incompatible-function-pointer-types-strict` at the driver level, that would come after the automatically generated flag for cc1 and would still disable the diagnostic in the cc1 invocation (because the last flag wins). WDYT? aaron.ballman: Heh, sorry for not being clear, that's actually somewhat along the lines of how I envisioned…
		nathanchanceUnsubmitted Not Done Reply Inline Actions I do not think that is unreasonable behavior in the generic case but specifically for the Linux kernel, kCFI is disabled by default (`CONFIG_CFI_CLANG` has to be specifically enabled) but we want to see this warning regardless of the value of that configuration so that driver authors who test with clang and automated testers are more likely to find them. As a result, if the warning is not going to be default on, we would still need to specifically enable it in our CFLAGS. I suppose your suggestion would help out folks using CFI in production though so maybe it is still worth considering doing? nathanchance: I do not think that is unreasonable behavior in the generic case but specifically for the Linux…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions As a result, if the warning is not going to be default on, we would still need to specifically enable it in our CFLAGS. I suppose your suggestion would help out folks using CFI in production though so maybe it is still worth considering doing? It sounds like either approach will require you to specifically enable it in your CFLAGS, right? Either it's off-by-default for everyone, or it's only on-by-default for CFI enabled builds (which the Linux kernel disables by default). aaron.ballman: > As a result, if the warning is not going to be default on, we would still need to…
		nathanchanceUnsubmitted Not Done Reply Inline Actions It sounds like either approach will require you to specifically enable it in your CFLAGS, right? Either it's off-by-default for everyone, or it's only on-by-default for CFI enabled builds (which the Linux kernel disables by default). Right, I was only mentioning our use case will necessitate it being always enabled so conditionally enabling it would be extra work that wouldn't benefit us but obviously, the world does not revolve around our one project :) nathanchance: > It sounds like either approach will require you to specifically enable it in your CFLAGS…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions It sounds like either approach will require you to specifically enable it in your CFLAGS, right? Either it's off-by-default for everyone, or it's only on-by-default for CFI enabled builds (which the Linux kernel disables by default). Right, I was only mentioning our use case will necessitate it being always enabled so conditionally enabling it would be extra work that wouldn't benefit us but obviously, the world does not revolve around our one project :) Phew, I'm glad I wasn't missing something subtle. :-D aaron.ballman: >>It sounds like either approach will require you to specifically enable it in your CFLAGS…
		samitolvanenAuthorUnsubmitted Not Done Reply Inline Actions I was thinking the diagnostic would be left as `DefaultIgnore` in the .td file, but we'd take note in the driver that CFI was enabled and pass `-Wincompatible-function-pointer-types-strict` to the `-cc1` invocation. Thanks for clarifying, that sounds reasonable. Of course, enabling it by default with CFI would still mean that we'll have to either explicitly disable this in the kernel (or fix all the existing warnings) before submitting the Clang change. samitolvanen: > I was thinking the diagnostic would be left as `DefaultIgnore` in the .td file, but we'd take…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions Thanks for clarifying, that sounds reasonable. Of course, enabling it by default with CFI would still mean that we'll have to either explicitly disable this in the kernel (or fix all the existing warnings) before submitting the Clang change. Er, is there a chicken and egg problem here? I was imagining that you could land the changes in Clang and disable the flag in the Linux kernel around roughly the same time (we can time when we land things to make life easier for you) so it wouldn't be particularly disruptive. If it would be disruptive, another approach would be to leave it off by default everywhere, get the Linux kernel CFI warning free, then enable it for CFI builds by default. But that seems riskier to me (we are more likely to forget to come turn the warning on by default later). aaron.ballman: > Thanks for clarifying, that sounds reasonable. Of course, enabling it by default with CFI…
		nathanchanceUnsubmitted Not Done Reply Inline Actions Er, is there a chicken and egg problem here? I was imagining that you could land the changes in Clang and disable the flag in the Linux kernel around roughly the same time (we can time when we land things to make life easier for you) so it wouldn't be particularly disruptive. Yes, we do not have as much freedom with pushing changes into Linux mainline, as they first have to soak in the -next tree, so that will require at least a week. I assume @kees can help us out with getting that patch to Linus in a timely manner though so that is probably not as much of a concern. If it would be disruptive, another approach would be to leave it off by default everywhere, get the Linux kernel CFI warning free, then enable it for CFI builds by default. But that seems riskier to me (we are more likely to forget to come turn the warning on by default later). I have sent patches to fix all the instances of this that I see in the Linux kernel as of this morning: https://github.com/ClangBuiltLinux/linux/issues/1750#issuecomment-1300972689 I have to track all of those so I know when it is possible to enable this warning in `KBUILD_CFLAGS` so I could remind Sami to enable it for CFI builds by default once that is done? nathanchance: > Er, is there a chicken and egg problem here? I was imagining that you could land the changes…
		samitolvanenAuthorUnsubmitted Not Done Reply Inline Actions I have to track all of those so I know when it is possible to enable this warning in `KBUILD_CFLAGS` so I could remind Sami to enable it for CFI builds by default once that is done? Note that this wouldn't only affect `-fsanitize=kcfi`. We still use `-fsanitize=cfi` in 5.13-6.0 arm64 kernels. We probably don't want to break those builds with ToT Clang either, so we might still need to disable the warning in the relevant stable trees (or backport the fixes there). samitolvanen: > I have to track all of those so I know when it is possible to enable this warning in…
		nathanchanceUnsubmitted Not Done Reply Inline Actions I have to track all of those so I know when it is possible to enable this warning in `KBUILD_CFLAGS` so I could remind Sami to enable it for CFI builds by default once that is done? Note that this wouldn't only affect `-fsanitize=kcfi`. We still use `-fsanitize=cfi` in 5.13-6.0 arm64 kernels. We probably don't want to break those builds with ToT Clang either, so we might still need to disable the warning in the relevant stable trees (or backport the fixes there). Ah good point. It seems entirely reasonable to me to backport whatever fixes are needed for 5.15 and any other stable releases that are supported at the time, as they are fixing potential failures at run time. I can handle that before we enable it by default for either `cfi` and `kcfi`. nathanchance: > > I have to track all of those so I know when it is possible to enable this warning in…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions I have to track all of those so I know when it is possible to enable this warning in KBUILD_CFLAGS so I could remind Sami to enable it for CFI builds by default once that is done? Okay, that seems reasonable enough to me (assuming @samitolvanen agrees, of course). If that's the route we're going, then I think this patch is basically ready to go as-is (the diagnostic is already off-by-default here) and the only thing left is the release note. aaron.ballman: > I have to track all of those so I know when it is possible to enable this warning in…
		samitolvanenAuthorUnsubmitted Not Done Reply Inline Actions Okay, that seems reasonable enough to me (assuming @samitolvanen agrees, of course). If that's the route we're going, then I think this patch is basically ready to go as-is (the diagnostic is already off-by-default here) and the only thing left is the release note. Sure, that works for me. I'll update the patch with release notes when I have a chance. samitolvanen: > Okay, that seems reasonable enough to me (assuming @samitolvanen agrees, of course). If…
def ext_typecheck_convert_discards_qualifiers : ExtWarn<		def ext_typecheck_convert_discards_qualifiers : ExtWarn<
"%select{%diff{assigning to $ from $\|assigning to different types}0,1"		"%select{%diff{assigning to $ from $\|assigning to different types}0,1"
"\|%diff{passing $ to parameter of type $\|"		"\|%diff{passing $ to parameter of type $\|"
"passing to parameter of different type}0,1"		"passing to parameter of different type}0,1"
"\|%diff{returning $ from a function with result type $\|"		"\|%diff{returning $ from a function with result type $\|"
"returning from function with different return type}0,1"		"returning from function with different return type}0,1"
"\|%diff{converting $ to type $\|converting between types}0,1"		"\|%diff{converting $ to type $\|converting between types}0,1"
"\|%diff{initializing $ with an expression of type $\|"		"\|%diff{initializing $ with an expression of type $\|"
▲ Show 20 Lines • Show All 3,505 Lines • Show Last 20 Lines

clang/include/clang/Sema/Sema.h

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 12,222 Lines • ▼ Show 20 Lines	enum AssignConvertType {
/// are not compatible, but we accept them as an extension.		/// are not compatible, but we accept them as an extension.
IncompatiblePointer,		IncompatiblePointer,

/// IncompatibleFunctionPointer - The assignment is between two function		/// IncompatibleFunctionPointer - The assignment is between two function
/// pointers types that are not compatible, but we accept them as an		/// pointers types that are not compatible, but we accept them as an
/// extension.		/// extension.
IncompatibleFunctionPointer,		IncompatibleFunctionPointer,

		/// IncompatibleFunctionPointerStrict - The assignment is between two
		/// function pointer types that are not identical, but are compatible,
		/// unless compiled with -fsanitize=cfi, in which case the type mismatch
		/// may trip an indirect call runtime check.
		IncompatibleFunctionPointerStrict,

/// IncompatiblePointerSign - The assignment is between two pointers types		/// IncompatiblePointerSign - The assignment is between two pointers types
/// which point to integers which have a different sign, but are otherwise		/// which point to integers which have a different sign, but are otherwise
/// identical. This is a subset of the above, but broken out because it's by		/// identical. This is a subset of the above, but broken out because it's by
/// far the most common case of incompatible pointers.		/// far the most common case of incompatible pointers.
IncompatiblePointerSign,		IncompatiblePointerSign,

/// CompatiblePointerDiscardsQualifiers - The assignment discards		/// CompatiblePointerDiscardsQualifiers - The assignment discards
/// c/v/r qualifiers, which we accept as an extension.		/// c/v/r qualifiers, which we accept as an extension.
▲ Show 20 Lines • Show All 1,613 Lines • Show Last 20 Lines

clang/lib/Sema/SemaExpr.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 9,234 Lines • ▼ Show 20 Lines
}		}

// checkPointerTypesForAssignment - This is a very tricky routine (despite		// checkPointerTypesForAssignment - This is a very tricky routine (despite
// being closely modeled after the C99 spec:-). The odd characteristic of this		// being closely modeled after the C99 spec:-). The odd characteristic of this
// routine is it effectively iqnores the qualifiers on the top level pointee.		// routine is it effectively iqnores the qualifiers on the top level pointee.
// This circumvents the usual type rules specified in 6.2.7p1 & 6.7.5.[1-3].		// This circumvents the usual type rules specified in 6.2.7p1 & 6.7.5.[1-3].
// FIXME: add a couple examples in this comment.		// FIXME: add a couple examples in this comment.
static Sema::AssignConvertType		static Sema::AssignConvertType
checkPointerTypesForAssignment(Sema &S, QualType LHSType, QualType RHSType) {		checkPointerTypesForAssignment(Sema &S, QualType LHSType, QualType RHSType,
		SourceLocation Loc) {
assert(LHSType.isCanonical() && "LHS not canonicalized!");		assert(LHSType.isCanonical() && "LHS not canonicalized!");
assert(RHSType.isCanonical() && "RHS not canonicalized!");		assert(RHSType.isCanonical() && "RHS not canonicalized!");

// get the "pointed to" type (ignoring qualifiers at the top level)		// get the "pointed to" type (ignoring qualifiers at the top level)
const Type lhptee, rhptee;		const Type lhptee, rhptee;
Qualifiers lhq, rhq;		Qualifiers lhq, rhq;
std::tie(lhptee, lhq) =		std::tie(lhptee, lhq) =
cast<PointerType>(LHSType)->getPointeeType().split().asPair();		cast<PointerType>(LHSType)->getPointeeType().split().asPair();
▲ Show 20 Lines • Show All 52 Lines • ▼ Show 20 Lines	if (rhptee->isVoidType()) {
if (lhptee->isIncompleteOrObjectType())		if (lhptee->isIncompleteOrObjectType())
return ConvTy;		return ConvTy;

// As an extension, we allow cast to/from void* to function pointer.		// As an extension, we allow cast to/from void* to function pointer.
assert(lhptee->isFunctionType());		assert(lhptee->isFunctionType());
return Sema::FunctionVoidPointer;		return Sema::FunctionVoidPointer;
}		}

		if (!S.Diags.isIgnored(
		diag::warn_typecheck_convert_incompatible_function_pointer_strict,
		Loc) &&
		RHSType->isFunctionPointerType() && LHSType->isFunctionPointerType() &&
		!S.IsFunctionConversion(RHSType, LHSType, RHSType))
		return Sema::IncompatibleFunctionPointerStrict;

// C99 6.5.16.1p1 (constraint 3): both operands are pointers to qualified or		// C99 6.5.16.1p1 (constraint 3): both operands are pointers to qualified or
// unqualified versions of compatible types, ...		// unqualified versions of compatible types, ...
QualType ltrans = QualType(lhptee, 0), rtrans = QualType(rhptee, 0);		QualType ltrans = QualType(lhptee, 0), rtrans = QualType(rhptee, 0);
if (!S.Context.typesAreCompatible(ltrans, rtrans)) {		if (!S.Context.typesAreCompatible(ltrans, rtrans)) {
// Check if the pointee types are compatible ignoring the sign.		// Check if the pointee types are compatible ignoring the sign.
// We explicitly check for char so that we catch "char" vs		// We explicitly check for char so that we catch "char" vs
// "unsigned char" on systems where "char" is unsigned.		// "unsigned char" on systems where "char" is unsigned.
if (lhptee->isCharType())		if (lhptee->isCharType())
▲ Show 20 Lines • Show All 335 Lines • ▼ Show 20 Lines	if (isa<PointerType>(RHSType)) {
LangAS AddrSpaceL = LHSPointer->getPointeeType().getAddressSpace();		LangAS AddrSpaceL = LHSPointer->getPointeeType().getAddressSpace();
LangAS AddrSpaceR = RHSType->getPointeeType().getAddressSpace();		LangAS AddrSpaceR = RHSType->getPointeeType().getAddressSpace();
if (AddrSpaceL != AddrSpaceR)		if (AddrSpaceL != AddrSpaceR)
Kind = CK_AddressSpaceConversion;		Kind = CK_AddressSpaceConversion;
else if (Context.hasCvrSimilarType(RHSType, LHSType))		else if (Context.hasCvrSimilarType(RHSType, LHSType))
Kind = CK_NoOp;		Kind = CK_NoOp;
else		else
Kind = CK_BitCast;		Kind = CK_BitCast;
return checkPointerTypesForAssignment(*this, LHSType, RHSType);		return checkPointerTypesForAssignment(*this, LHSType, RHSType,
		RHS.get()->getBeginLoc());
}		}

// int -> T*		// int -> T*
if (RHSType->isIntegerType()) {		if (RHSType->isIntegerType()) {
Kind = CK_IntegralToPointer; // FIXME: null?		Kind = CK_IntegralToPointer; // FIXME: null?
return IntToPointer;		return IntToPointer;
}		}

▲ Show 20 Lines • Show All 7,272 Lines • ▼ Show 20 Lines	if (getLangOpts().CPlusPlus) {
DiagKind = diag::err_typecheck_convert_int_pointer;		DiagKind = diag::err_typecheck_convert_int_pointer;
isInvalid = true;		isInvalid = true;
} else {		} else {
DiagKind = diag::ext_typecheck_convert_int_pointer;		DiagKind = diag::ext_typecheck_convert_int_pointer;
}		}
ConvHints.tryToFixConversion(SrcExpr, SrcType, DstType, *this);		ConvHints.tryToFixConversion(SrcExpr, SrcType, DstType, *this);
MayHaveConvFixit = true;		MayHaveConvFixit = true;
break;		break;
		case IncompatibleFunctionPointerStrict:
		DiagKind =
		diag::warn_typecheck_convert_incompatible_function_pointer_strict;
		ConvHints.tryToFixConversion(SrcExpr, SrcType, DstType, *this);
		MayHaveConvFixit = true;
		break;
case IncompatibleFunctionPointer:		case IncompatibleFunctionPointer:
if (getLangOpts().CPlusPlus) {		if (getLangOpts().CPlusPlus) {
DiagKind = diag::err_typecheck_convert_incompatible_function_pointer;		DiagKind = diag::err_typecheck_convert_incompatible_function_pointer;
isInvalid = true;		isInvalid = true;
} else {		} else {
DiagKind = diag::ext_typecheck_convert_incompatible_function_pointer;		DiagKind = diag::ext_typecheck_convert_incompatible_function_pointer;
}		}
ConvHints.tryToFixConversion(SrcExpr, SrcType, DstType, *this);		ConvHints.tryToFixConversion(SrcExpr, SrcType, DstType, *this);
▲ Show 20 Lines • Show All 3,966 Lines • Show Last 20 Lines

clang/test/Sema/incompatible-function-pointer-types-strict.c

This file was added.

				// RUN: %clang_cc1 -fsyntax-only %s -Wincompatible-function-pointer-types-strict -verify=soft,strict
				// RUN: %clang_cc1 -fsyntax-only %s -Werror=incompatible-function-pointer-types-strict -verify=hard,strict
				// RUN: %clang_cc1 -fsyntax-only %s -Wincompatible-function-pointer-types -verify=nonstrict
				// nonstrict-no-diagnostics

				enum E { A = -1, B };
				typedef enum E (*fn_a_t)(void);
				typedef void (*fn_b_t)(void);

				int a(void) { return 0; }
				void __attribute__((noreturn)) b(void) { while (1); }

				void fa(fn_a_t x) {} // strict-note {{passing argument to parameter 'x' here}}
				void fb(fn_b_t x) {}

				void baz(void) {
				fa(&a); // soft-warning {{incompatible function pointer types passing 'int ()(void)' to parameter of type 'fn_a_t' (aka 'enum E ()(void)')}} \
				hard-error {{incompatible function pointer types passing 'int ()(void)' to parameter of type 'fn_a_t' (aka 'enum E ()(void)')}}
				fb(&b); // no-warning
				}

This is an archive of the discontinued LLVM Phabricator instance.

[Clang][Sema] Add -Wincompatible-function-pointer-types-strictClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 473808

clang/docs/ReleaseNotes.rst

clang/include/clang/Basic/DiagnosticSemaKinds.td

clang/include/clang/Sema/Sema.h

clang/lib/Sema/SemaExpr.cpp

clang/test/Sema/incompatible-function-pointer-types-strict.c

[Clang][Sema] Add -Wincompatible-function-pointer-types-strict
ClosedPublic