This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
docs/
-
ReleaseNotes.rst
-
lib/
-
AST/
2/2
FormatString.cpp
-
Sema/
5/9
SemaExpr.cpp
-
test/
-
CXX/drs/
-
drs/
-
dr7xx.cpp
-
CodeGen/
-
xcore-abi.c
-
Sema/
2/3
format-pointer.c
2/2
format-strings-pedantic.c
-
varargs.c
-
SemaCXX/
-
format-strings-0x-nopedantic.cpp
2/5
varargs.cpp
-
www/
2/2
cxx_dr_status.html

Differential D156054

[Clang][Sema] DR722 (nullptr and varargs) and missing -Wvarargs diagnostics
Needs ReviewPublic

Authored by MitalAshok on Jul 23 2023, 7:36 AM.

Download Raw Diff

Details

Reviewers

aaron.ballman

Summary

nullptr passed to a variadic function in C++ now converted to void*, per CWG722
va_arg on array types and half precision floats now diagnosed.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

MitalAshok created this revision.Jul 23 2023, 7:36 AM

Herald added a project: Restricted Project. · View Herald TranscriptJul 23 2023, 7:36 AM

There is one observable difference by explicitly casting nullptr_t to void*: prvalues of type nullptr_t aren't read from (which seemed unintentional):

static void* f(int x, ...) {
    __builtin_va_list args;
    __builtin_va_start(args, x);
    void* arg = __builtin_va_arg(args, void*);
    __builtin_va_end(args);
    return arg;
}

int main() {
    int x;
    void* x_ptr = &x;
    void* result = f(0, __builtin_bit_cast(decltype(nullptr), x_ptr));
    __builtin_printf("%p\n%p\n%p\n", x_ptr, result, nullptr);
}

https://godbolt.org/z/Pfv8Wbhxj

An object of type nullptr_t is passed to the function, but when it is read with void* arg = __builtin_va_arg(args, void*);, it is not a null pointer.

clang/test/Sema/format-strings-pedantic.c
20	In C2x, nullptr passed as an argument and retrieved via `va_arg(ap, void )` is valid (See C2x 7.16.1.1p2) and this is the same as `printf("%p", (void) nullptr)`, but this should still be fine as a "pedantic" warning
clang/www/cxx_dr_status.html
4376	It may be better to mark this as "Yes", since in old clang versions passing nullptr would work by virtue of it having representation of a null void* pointer, and it only affected diagnostics

MitalAshok published this revision for review.Jul 23 2023, 8:06 AM

MitalAshok added a reviewer: aaron.ballman.

MitalAshok added inline comments.

clang/lib/Sema/SemaExpr.cpp
17377	This warns if you call `va_arg(ap, double[2])`. However this might be valid since the actual argument only has to be a "compatible type" and I think `double _Complex` is compatible with `double[2]`. I think we should warn anyways, since array rvalues are tricky to work with, and the user probably passed a `double[2]` and should retrieve the `double*`.

Herald added a project: Restricted Project. · View Herald TranscriptJul 23 2023, 8:06 AM

Herald added subscribers: cfe-commits, wangpc. · View Herald Transcript

MitalAshok edited the summary of this revision. (Show Details)Jul 23 2023, 8:09 AM

MitalAshok removed a subscriber: wangpc.

Harbormaster completed remote builds in B247488: Diff 543283.Jul 23 2023, 8:52 AM

Target clang 18 instead

Harbormaster completed remote builds in B248063: Diff 544073.Jul 25 2023, 9:32 PM

Thank you for working on this! FWIW, precommit Ci found a relevant test failure that should also be addressed.

clang/lib/Sema/SemaExpr.cpp
1069–1080	Oh fun, C and C++ solved this issue differently. In C++, there's an implicit conversion so the nullptr_t is converted to void * on the call, and in C there's an allowance for va_arg to handle nullptr_t as a void *. And without further changes, C++ picks that rule up automatically once it rebases onto C23: http://eel.is/c++draft/support#cstdarg.syn-1
17377	`_Complex double` and `double[2]` are not compatible types in C. C2x 6.2.7p1: Two types are compatible types if they are the same. Additional rules for determining whether two types are compatible are described in 6.7.2 for type specifiers, in 6.7.3 for type qualifiers, and in 6.7.6 for declarators. ... (The rest is talking about structures, enumerations, and unions). `_Complex` is a type specifier, so.... C2x 6.7.2p7: Each of the comma-separated multisets designates the same type, except that for bit-fields, it is implementation-defined whether the specifier int designates the same type as signed int or the same type as unsigned int. (The multisets it describes do not include any array types.)
clang/test/Sema/format-strings-pedantic.c
20	I don't think this should be diagnosed pedantically; the code is correct.

No longer warn on printf("%p", nullptr)

MitalAshok marked 3 inline comments as done.Aug 4 2023, 12:33 PM

C99 7.15.1.1p2 explicitly allows a char* to be retrieved as a void* with va_arg, so the -Wformat-pedantic warning was incorrect.

Harbormaster completed remote builds in B250436: Diff 547353.Aug 4 2023, 5:20 PM

Precommit CI found a related issue that should be addressed.

clang/www/cxx_dr_status.html
4376	I think it's better to use Clang 18, otherwise people will think there's a diagnostic bug with earlier versions. We usually use "Yes" to mean "we've always supported this correctly, as best we can tell".

Fix scanf("%p", (char**)ptr) for -Wformat-pedantic

Also added more tests for %p and -Wformat

MitalAshok added inline comments.Aug 7 2023, 11:31 AM

clang/test/Sema/format-pointer.c
40	Should this be a pedantic warning? If this reads a non-null pointer, the bit pattern of `np` will be messed up but `np` will still read as a nullptr. If it reads a null pointer, it should be fine.

Harbormaster completed remote builds in B250857: Diff 547874.Aug 7 2023, 3:27 PM

aaron.ballman added subscribers: jcranmer-intel, zahiraam.Aug 8 2023, 10:05 AM

aaron.ballman added inline comments.

clang/lib/AST/FormatString.cpp
484–487	We can simplify a bit further these days.
521–526	Fixes to match the usual coding style rules. Wow, Phab's diff engine struggles with that edit. Basically: no `else` after a `return`, remove braces on single-line `if`, renamed to `PointeeTy`.
clang/lib/Sema/SemaExpr.cpp
1069–1079	I think this code should live in `Sema::DefaultArgumentPromotion()` because it's related specifically to default argument promotions: https://eel.is/c++draft/expr#call-11.sentence-5
17374–17375	Hmmm... the existing code seems wrong to me because it's not paying any attention to `FLT_EVAL_METHOD`, but I think it probably should? CC @jcranmer-intel @zahiraam for opinions. Actually, I wonder if the correct approach here is to split `Sema::DefaultArgumentPromotion()` up so that we can calculate what the default argument promoted type is of the expression independent of performing the actual promotion, and call the promotion type calculation logic here?
clang/test/Sema/format-pointer.c
40	That's a fun scenario, good test case! C23 7.26.6.2p10: Except in the case of a % specifier, the input item (or, in the case of a %n directive, the count of input characters) is converted to a type appropriate to the conversion specifier. If the input item is not a matching sequence, the execution of the directive fails: this condition is a matching failure. Unless assignment suppression was indicated by a *, the result of the conversion is placed in the object pointed to by the first argument following the format argument that has not already received a conversion result. If this object does not have an appropriate type, or if the result of the conversion cannot be represented in the object, the behavior is undefined. p12, the p specifier: Matches an implementation-defined set of sequences, which should be the same as the set of sequences that may be produced by the %p conversion of the fprintf function. The corresponding argument shall be a pointer to a pointer of void. The input item is converted to a pointer value in an implementation-defined manner. If the input item is a value converted earlier during the same program execution, the pointer that results shall compare equal to that value; otherwise the behavior of the %p conversion is undefined. The corresponding argument is not a pointer to a pointer of void, so it's UB, not just pedantically so.

Address feedback; Reuse DefaultArgumentPromotion instead of duplicating its functionality when building VaArgExpr

There is the added bonus for it working with dependent types somewhat (template<typename T> __builtin_va_arg(ap, T[2]); will warn in the template instead of waiting for it to be instantiated).
I can add the check for dependent types back if this is unwanted.

I don't think there are any edge cases where this will give a false warning.

clang-format

MitalAshok marked 3 inline comments as done.Aug 10 2023, 2:46 PM

Harbormaster completed remote builds in B251791: Diff 549177.Aug 10 2023, 7:51 PM

jcranmer-intel added inline comments.Aug 16 2023, 2:18 PM

clang/lib/Sema/SemaExpr.cpp
17374–17375	C23 6.5.2.2p6 [draft N3096] says "trailing arguments that have type `float` are promoted to `double`". `FLT_EVAL_METHOD` shouldn't need to apply here, since it's largely about reflecting that things like x87 using 80-bit precision internally, and not actual argument passing.

Precommit CI still has a related failure, it seems.

clang/lib/Sema/SemaExpr.cpp
17374–17375	Ah that's good to know, thank you!

Use C's definition of type compatibility even in C++ mode (to not warn about enums promoted to their underlying types)

clang-format

MitalAshok marked an inline comment as done.Aug 22 2023, 7:59 AM

MitalAshok added inline comments.

clang/test/SemaCXX/varargs.cpp
34	Unscoped1 is promoted to int when passed to a variadic function. The underlying type for Unscoped1 is unsigned int, so only Unscoped1 and unsigned int are compatible, not Unscoped1 and int. An Unscoped1 passed to a variadic function must be retrieved via va_arg(ap, int).

Harbormaster completed remote builds in B254097: Diff 552357.Aug 22 2023, 9:05 AM

MitalAshok marked an inline comment as not done.Aug 23 2023, 2:29 AM

MitalAshok added inline comments.

clang/test/SemaCXX/varargs.cpp
34	Although I guess the warning is now wrong because even though `void f(int x, ...) { std::va_list ap; va_start(ap, x); va_arg(ap, Unscoped1); }` `f(0, Unscoped1{2})` would be UB, `f(0, 2u)` would not be UB. The user still should be warned about it, so I could create a new warning "second argument to 'va_arg' is of promotable enumeration type 'Unscoped1'; this va_arg may have undefined behavior because arguments of this enumeration type will be promoted to 'int', not the underlying type 'unsigned int'", and maybe suggest a fix `Unscoped1{va_arg(ap, unsigned)}`. Or we could ignore it and pretend that int and enums with underlying types unsigned are compatible for the purposes of va_arg

aaron.ballman added inline comments.Aug 23 2023, 10:36 AM

clang/test/SemaCXX/varargs.cpp
34	I think we shouldn't warn in this case because of C23 7.16.1.1p2: If type is not compatible with the type of the actual next argument (as promoted according to the default argument promotions), the behavior is undefined, except for the following cases: ... one type is compatible with a signed integer type, the other type is compatible with the corresponding unsigned integer type, and the value is representable in both types; Coupled with C23 6.7.2.2p13: For all enumerations without a fixed underlying type, each enumerated type shall be compatible with char or a signed or an unsigned integer type that is not bool or a bit-precise integer type. The choice of type is implementation-defined., but shall be capable of representing the values of all the members of the enumeration. WDYT?

enums now considered compatible with unsigned/signed versions of their underlying type for the purposes of -Wvarargs

clang-format

MitalAshok added inline comments.Aug 24 2023, 3:05 AM

clang/test/SemaCXX/varargs.cpp
34	This seems to have changed very recently between N3096 (April C23 draft) and N3149 (July C23 draft) by N3112. For reference, the old wording (also in C17) read: one type is a signed integer type, the other type is the corresponding unsigned integer type, and the value is representable in both types; So with the current rules, yes they would be compatible and this shouldn't warn. I've changed it so it checks types with corresponding signedness.

Harbormaster completed remote builds in B254585: Diff 553056.Aug 24 2023, 3:36 AM

I think this is looking close to good, just had some minor nits and an extra test case to consider.

clang/lib/Sema/SemaExpr.cpp
17255
17264–17268	This code is correct, but let's add an explicit test for the subtle edge case with `_Atomic` types. `getUnqualifiedType()` does not strip atomic qualifiers, so `int` and `_Atomic int` should remain incompatible.
clang/test/Sema/format-pointer.c
2–9
clang/test/SemaCXX/varargs.cpp
34	This seems to have changed very recently between N3096 (April C23 draft) and N3149 (July C23 draft) by N3112 Yes, this changed during ballot comment resolution at the June 2023 meeting; it was US-127 (see https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3148.doc for the paper trail) So with the current rules, yes they would be compatible and this shouldn't warn. I've changed it so it checks types with corresponding signedness. Thank you!

Revision Contents

Path

Size

clang/

docs/

ReleaseNotes.rst

2 lines

lib/

AST/

FormatString.cpp

35 lines

Sema/

SemaExpr.cpp

119 lines

test/

CXX/

drs/

dr7xx.cpp

9 lines

CodeGen/

xcore-abi.c

1 line

Sema/

format-pointer.c

53 lines

format-strings-pedantic.c

5 lines

varargs.c

23 lines

SemaCXX/

format-strings-0x-nopedantic.cpp

3 lines

varargs.cpp

36 lines

www/

cxx_dr_status.html

2 lines

Diff 553055

clang/docs/ReleaseNotes.rst

	Show First 20 Lines • Show All 88 Lines • ▼ Show 20 Lines

	- Attributes now expect unevaluated strings in attributes parameters that are string literals.			- Attributes now expect unevaluated strings in attributes parameters that are string literals.
	This is applied to both C++ standard attributes, and other attributes supported by Clang.			This is applied to both C++ standard attributes, and other attributes supported by Clang.
	This completes the implementation of `P2361R6 Unevaluated Strings <https://wg21.link/P2361R6>`_			This completes the implementation of `P2361R6 Unevaluated Strings <https://wg21.link/P2361R6>`_


	Resolutions to C++ Defect Reports			Resolutions to C++ Defect Reports
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^			^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
				- Implemented `DR722 <https://wg21.link/CWG722>`_ which promotes ``nullptr`` to ``void*``
				when passed to a C-style variadic function.

	C Language Changes			C Language Changes
	------------------			------------------
	- ``structs``, ``unions``, and ``arrays`` that are const may now be used as			- ``structs``, ``unions``, and ``arrays`` that are const may now be used as
	constant expressions. This change is more consistent with the behavior of			constant expressions. This change is more consistent with the behavior of
	GCC.			GCC.

	C23 Feature Support			C23 Feature Support
	▲ Show 20 Lines • Show All 219 Lines • Show Last 20 Lines

clang/lib/AST/FormatString.cpp

Show First 20 Lines • Show All 475 Lines • ▼ Show 20 Lines case SpecificTy: {

return NoMatchPromotionTypeConfusion; return NoMatchPromotionTypeConfusion;

} }

return NoMatch; return NoMatch;

} }

case CStrTy: { case CStrTy: {

const PointerType *PT = argTy->getAs<PointerType>(); if (const auto *PT = argTy->getAs<PointerType>();

if (!PT) PT && PT->getPointeeType()->isCharType())

return NoMatch;

QualType pointeeTy = PT->getPointeeType();

if (const BuiltinType *BT = pointeeTy->getAs<BuiltinType>())

switch (BT->getKind()) {

case BuiltinType::Char_U:

case BuiltinType::UChar:

case BuiltinType::Char_S:

case BuiltinType::SChar:

return Match; return Match;

default:

break;

}

aaron.ballmanUnsubmitted

Done

case CStrTy: {

- if (const auto *PT = argTy->getAs<PointerType>()) {

- if (PT->getPointeeType()->isCharType())

- return Match;

- }

+ if (const auto *PT = argTy->getAs<PointerType>();

+ PT && PT->getPointeeType()->isCharType())

+ return Match;

return NoMatch;

We can simplify a bit further these days.

aaron.ballman: We can simplify a bit further these days.

return NoMatch; return NoMatch;

} }

case WCStrTy: { case WCStrTy: {

const PointerType *PT = argTy->getAs<PointerType>(); const PointerType *PT = argTy->getAs<PointerType>();

if (!PT) if (!PT)

return NoMatch; return NoMatch;

QualType pointeeTy = QualType pointeeTy =

Show All 17 Lines case WIntTy: {

if (PromoArg->hasSignedIntegerRepresentation() && if (PromoArg->hasSignedIntegerRepresentation() &&

C.getCorrespondingUnsignedType(PromoArg) == WInt) C.getCorrespondingUnsignedType(PromoArg) == WInt)

return Match; return Match;

return WInt == PromoArg ? Match : NoMatch; return WInt == PromoArg ? Match : NoMatch;

} }

case CPointerTy: case CPointerTy:

if (argTy->isVoidPointerType()) { if (const auto *PT = argTy->getAs<PointerType>()) {

QualType PointeeTy = PT->getPointeeType();

if (PointeeTy->isVoidType() || (!Ptr && PointeeTy->isCharType()))

return Match; return Match;

} if (argTy->isPointerType() || argTy->isObjCObjectPointerType() ||

argTy->isBlockPointerType() || argTy->isNullPtrType()) {

return NoMatchPedantic; return NoMatchPedantic;

} else {

return NoMatch;

} }

aaron.ballmanUnsubmitted

Done

case CPointerTy:

if (const auto *PT = argTy->getAs<PointerType>()) {

- QualType pointeeTy = PT->getPointeeType();

- if (pointeeTy->isVoidType() || (!Ptr && pointeeTy->isCharType()))

+ QualType PointeeTy = PT->getPointeeType();

+ if (PointeeTy->isVoidType() || (!Ptr && PointeeTy->isCharType()))

return Match;

return NoMatchPedantic;

- } else if (argTy->isNullPtrType()) {

+ }

+ if (argTy->isNullPtrType())

return MatchPromotion;

- } else if (argTy->isObjCObjectPointerType() ||

- argTy->isBlockPointerType()) {

+ if (argTy->isObjCObjectPointerType() ||

+ argTy->isBlockPointerType())

return NoMatchPedantic;

- } else {

- return NoMatch;

- }

+ return NoMatch;

case ObjCPointerTy: {

Fixes to match the usual coding style rules.

Wow, Phab's diff engine struggles with that edit. Basically: no else after a return, remove braces on single-line if, renamed to PointeeTy.

aaron.ballman: Fixes to match the usual coding style rules. Wow, Phab's diff engine struggles with that edit.

if (argTy->isNullPtrType())

return MatchPromotion;

if (argTy->isObjCObjectPointerType() || argTy->isBlockPointerType())

return NoMatchPedantic;

return NoMatch;

case ObjCPointerTy: { case ObjCPointerTy: {

if (argTy->getAs<ObjCObjectPointerType>() || if (argTy->getAs<ObjCObjectPointerType>() ||

argTy->getAs<BlockPointerType>()) argTy->getAs<BlockPointerType>())

return Match; return Match;

// Handle implicit toll-free bridging. // Handle implicit toll-free bridging.

if (const PointerType *PT = argTy->getAs<PointerType>()) { if (const PointerType *PT = argTy->getAs<PointerType>()) {

// Things such as CFTypeRef are really just opaque pointers // Things such as CFTypeRef are really just opaque pointers

▲ Show 20 Lines • Show All 531 Lines • Show Last 20 Lines

clang/lib/Sema/SemaExpr.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 917 Lines • ▼ Show 20 Lines if (getLangOpts().CPlusPlus && E->isGLValue() && !isUnevaluatedContext()) {

ExprResult Temp = PerformCopyInitialization( ExprResult Temp = PerformCopyInitialization(

InitializedEntity::InitializeTemporary(E->getType()), InitializedEntity::InitializeTemporary(E->getType()),

E->getExprLoc(), E); E->getExprLoc(), E);

if (Temp.isInvalid()) if (Temp.isInvalid())

return ExprError(); return ExprError();

E = Temp.get(); E = Temp.get();

} }

// C++ [expr.call]p7, per DR722:

// An argument that has (possibly cv-qualified) type std::nullptr_t is

// converted to void* ([conv.ptr]).

// (This does not apply to C2x nullptr)

if (getLangOpts().CPlusPlus && E->getType()->isNullPtrType())

E = ImpCastExprToType(E, Context.VoidPtrTy, CK_NullToPointer).get();

return E; return E;

} }

/// Determine the degree of POD-ness for an expression. /// Determine the degree of POD-ness for an expression.

/// Incomplete types are considered POD, since this check can be performed /// Incomplete types are considered POD, since this check can be performed

/// when we're in an unevaluated context. /// when we're in an unevaluated context.

Sema::VarArgKind Sema::isValidVarArgType(const QualType &Ty) { Sema::VarArgKind Sema::isValidVarArgType(const QualType &Ty) {

if (Ty->isIncompleteType()) { if (Ty->isIncompleteType()) {

// C++11 [expr.call]p7: // C++11 [expr.call]p7:

// After these conversions, if the argument does not have arithmetic, // After these conversions, if the argument does not have arithmetic,

// enumeration, pointer, pointer to member, or class type, the program // enumeration, pointer, pointer to member, or class type, the program

// is ill-formed. // is ill-formed.

// //

// Since we've already performed array-to-pointer and function-to-pointer // Since we've already performed null pointer conversion, array-to-pointer

// decay, the only such type in C++ is cv void. This also handles // decay and function-to-pointer decay, the only such type in C++ is cv

// initializer lists as variadic arguments. // void. This also handles initializer lists as variadic arguments.

if (Ty->isVoidType()) if (Ty->isVoidType())

return VAK_Invalid; return VAK_Invalid;

if (Ty->isObjCObjectType()) if (Ty->isObjCObjectType())

return VAK_Invalid; return VAK_Invalid;

return VAK_Valid; return VAK_Valid;

} }

▲ Show 20 Lines • Show All 104 Lines • ▼ Show 20 Lines if (ExprRes.isInvalid())

return ExprError(); return ExprError();

// Copy blocks to the heap. // Copy blocks to the heap.

if (ExprRes.get()->getType()->isBlockPointerType()) if (ExprRes.get()->getType()->isBlockPointerType())

maybeExtendBlockObject(ExprRes); maybeExtendBlockObject(ExprRes);

E = ExprRes.get(); E = ExprRes.get();

// Diagnostics regarding non-POD argument types are // Diagnostics regarding non-POD argument types are

// emitted along with format string checking in Sema::CheckFunctionCall(). // emitted along with format string checking in Sema::CheckFunctionCall().

if (isValidVarArgType(E->getType()) == VAK_Undefined) { if (isValidVarArgType(E->getType()) == VAK_Undefined) {

// Turn this into a trap. // Turn this into a trap.

CXXScopeSpec SS; CXXScopeSpec SS;

SourceLocation TemplateKWLoc; SourceLocation TemplateKWLoc;

UnqualifiedId Name; UnqualifiedId Name;

Name.setIdentifier(PP.getIdentifierInfo("__builtin_trap"), Name.setIdentifier(PP.getIdentifierInfo("__builtin_trap"),

E->getBeginLoc()); E->getBeginLoc());

ExprResult TrapFn = ActOnIdExpression(TUScope, SS, TemplateKWLoc, Name, ExprResult TrapFn = ActOnIdExpression(TUScope, SS, TemplateKWLoc, Name,

/*HasTrailingLParen=*/true, /*HasTrailingLParen=*/true,

aaron.ballmanUnsubmitted

Done

I think this code should live in Sema::DefaultArgumentPromotion() because it's related specifically to default argument promotions: https://eel.is/c++draft/expr#call-11.sentence-5

aaron.ballman: I think this code should live in `Sema::DefaultArgumentPromotion()` because it's related…

/*IsAddressOfOperand=*/false); /*IsAddressOfOperand=*/false);

aaron.ballmanUnsubmitted

Done

E = ExprRes.get();

// C2x 6.5.2.2p6:

// The integer promotions are performed on each trailing argument, and

// trailing arguments that have type float are promoted to double. These are

// called the default argument promotions. No other conversions are

// performed implicitly.

// C++ [expr.call]p7, per DR722:

// An argument that has (possibly cv-qualified) type std::nullptr_t is

// converted to void* ([conv.ptr]).

- if (E->getType()->isNullPtrType() && getLangOpts().CPlusPlus) {

+ if (E->getType()->isNullPtrType() && getLangOpts().CPlusPlus)

E = ImpCastExprToType(E, Context.VoidPtrTy, CK_NullToPointer).get();

- }

// Diagnostics regarding non-POD argument types are

Oh fun, C and C++ solved this issue differently. In C++, there's an implicit conversion so the nullptr_t is converted to void * on the call, and in C there's an allowance for va_arg to handle nullptr_t as a void *.

And without further changes, C++ picks that rule up automatically once it rebases onto C23: http://eel.is/c++draft/support#cstdarg.syn-1

aaron.ballman: Oh fun, C and C++ solved this issue differently. In C++, there's an implicit conversion so the…

if (TrapFn.isInvalid()) if (TrapFn.isInvalid())

return ExprError(); return ExprError();

ExprResult Call = BuildCallExpr(TUScope, TrapFn.get(), E->getBeginLoc(), ExprResult Call = BuildCallExpr(TUScope, TrapFn.get(), E->getBeginLoc(),

std::nullopt, E->getEndLoc()); std::nullopt, E->getEndLoc());

if (Call.isInvalid()) if (Call.isInvalid())

return ExprError(); return ExprError();

▲ Show 20 Lines • Show All 16,156 Lines • ▼ Show 20 Lines

ExprResult Sema::ActOnVAArg(SourceLocation BuiltinLoc, Expr *E, ParsedType Ty, ExprResult Sema::ActOnVAArg(SourceLocation BuiltinLoc, Expr *E, ParsedType Ty,

SourceLocation RPLoc) { SourceLocation RPLoc) {

TypeSourceInfo *TInfo; TypeSourceInfo *TInfo;

GetTypeFromParser(Ty, &TInfo); GetTypeFromParser(Ty, &TInfo);

return BuildVAArgExpr(BuiltinLoc, E, TInfo, RPLoc); return BuildVAArgExpr(BuiltinLoc, E, TInfo, RPLoc);

} }

static QualType isPromotedToIncompatibleVAArgType(Sema &S, Expr *VAArg) {

// Check if these are compatible types according to the C rules even in C++ because va_arg is defined in C in terms of C compatibile types

static auto IsCompatible = [&](QualType L, QualType R) {

aaron.ballmanUnsubmitted

Not Done

// Check if these are compatible types according to the C rules even in C++

- // because va_arg is defined in C in terms of C compatibile types

+ // because va_arg is defined in C in terms of C compatibile types.

static auto IsCompatible = [&](QualType L, QualType R) {

aaron.ballman:

return !S.Context.mergeTypes(L, R, false, true).isNull();

};

ExprResult PromotedExpr = S.DefaultArgumentPromotion(VAArg);

if (!PromotedExpr.isUsable())

return QualType();

QualType PromotedType = PromotedExpr.get()->getType().getUnqualifiedType();

QualType VAArgType = VAArg->getType().getUnqualifiedType();

// If these types are compatible, it was not promoted to an incompatible type.

if (IsCompatible(PromotedType, VAArgType))

return QualType();

aaron.ballmanUnsubmitted

Not Done

This code is correct, but let's add an explicit test for the subtle edge case with _Atomic types. getUnqualifiedType() does not strip atomic qualifiers, so int and _Atomic int should remain incompatible.

aaron.ballman: This code is correct, but let's add an explicit test for the subtle edge case with `_Atomic`…

// C2x 6.7.2.2p13:

// If type is not compatible with the type of the actual next argument (as promoted according to the default argument promotions), the behavior is undefined, except for the following cases:

// - ...

// - one type is compatible with a signed integer type, the other type is compatible with the corresponding unsigned integer type, and the value is representable in both types;

// Check the corresponding integer type with opposite signedness

if (PromotedType->isUnsignedIntegerType() && IsCompatible(S.Context.getCorrespondingSignedType(PromotedType), VAArgType))

return QualType();

if (PromotedType->isSignedIntegerType() && IsCompatible(S.Context.getCorrespondingUnsignedType(PromotedType), VAArgType))

return QualType();

// Expression are promoted to an incompatible type.

return PromotedType;

}

ExprResult Sema::BuildVAArgExpr(SourceLocation BuiltinLoc, ExprResult Sema::BuildVAArgExpr(SourceLocation BuiltinLoc,

Expr *E, TypeSourceInfo *TInfo, Expr *E, TypeSourceInfo *TInfo,

SourceLocation RPLoc) { SourceLocation RPLoc) {

Expr *OrigExpr = E; Expr *OrigExpr = E;

bool IsMS = false; bool IsMS = false;

// CUDA device code does not support varargs. // CUDA device code does not support varargs.

if (getLangOpts().CUDA && getLangOpts().CUDAIsDevice) { if (getLangOpts().CUDA && getLangOpts().CUDAIsDevice) {

▲ Show 20 Lines • Show All 74 Lines • ▼ Show 20 Lines if (!TInfo->getType()->isDependentType()) {

if (!TInfo->getType().isPODType(Context)) { if (!TInfo->getType().isPODType(Context)) {

Diag(TInfo->getTypeLoc().getBeginLoc(), Diag(TInfo->getTypeLoc().getBeginLoc(),

TInfo->getType()->isObjCLifetimeType() TInfo->getType()->isObjCLifetimeType()

? diag::warn_second_parameter_to_va_arg_ownership_qualified ? diag::warn_second_parameter_to_va_arg_ownership_qualified

: diag::warn_second_parameter_to_va_arg_not_pod) : diag::warn_second_parameter_to_va_arg_not_pod)

<< TInfo->getType() << TInfo->getType()

<< TInfo->getTypeLoc().getSourceRange(); << TInfo->getTypeLoc().getSourceRange();

} }

}

aaron.ballmanUnsubmitted

Not Done

Hmmm... the existing code seems wrong to me because it's not paying any attention to FLT_EVAL_METHOD, but I think it probably should? CC @jcranmer-intel @zahiraam for opinions.

Actually, I wonder if the correct approach here is to split Sema::DefaultArgumentPromotion() up so that we can calculate what the default argument promoted type is of the expression independent of performing the actual promotion, and call the promotion type calculation logic here?

aaron.ballman: Hmmm... the existing code seems wrong to me because it's not paying any attention to…

jcranmer-intelUnsubmitted

Not Done

C23 6.5.2.2p6 [draft N3096] says "trailing arguments that have type float are promoted to double". FLT_EVAL_METHOD shouldn't need to apply here, since it's largely about reflecting that things like x87 using 80-bit precision internally, and not actual argument passing.

jcranmer-intel: C23 6.5.2.2p6 [draft N3096] says "trailing arguments that have type `float` are promoted to…

aaron.ballmanUnsubmitted

Done

Ah that's good to know, thank you!

aaron.ballman: Ah that's good to know, thank you!

QualType T = TInfo->getType().getNonLValueExprType(Context);

MitalAshokAuthorUnsubmitted

Done

This warns if you call va_arg(ap, double[2]). However this might be valid since the actual argument only has to be a "compatible type" and I think double _Complex is compatible with double[2]. I think we should warn anyways, since array rvalues are tricky to work with, and the user probably passed a double[2] and should retrieve the double*.

MitalAshok: This warns if you call `va_arg(ap, double[2])`. However this might be valid since the actual…

aaron.ballmanUnsubmitted

Done

_Complex double and double[2] are not compatible types in C.

C2x 6.2.7p1: Two types are compatible types if they are the same. Additional rules for determining whether two types are compatible are described in 6.7.2 for type specifiers, in 6.7.3 for type qualifiers, and in 6.7.6 for declarators. ... (The rest is talking about structures, enumerations, and unions).

_Complex is a type specifier, so....

C2x 6.7.2p7: Each of the comma-separated multisets designates the same type, except that for bit-fields, it is implementation-defined whether the specifier int designates the same type as signed int or the same type as unsigned int.

(The multisets it describes do not include any array types.)

aaron.ballman: `_Complex double` and `double[2]` are not compatible types in C. C2x 6.2.7p1: Two types are…

auto *ResultExpr =

new (Context) VAArgExpr(BuiltinLoc, E, TInfo, RPLoc, T, IsMS);

// Check for va_arg where arguments of the given type will be promoted // Check for va_arg where arguments of the given type will be promoted

// (i.e. this va_arg is guaranteed to have undefined behavior). // (and this va_arg is guaranteed to have undefined behavior).

QualType PromoteType; if (QualType PromotedType =

if (Context.isPromotableIntegerType(TInfo->getType())) { isPromotedToIncompatibleVAArgType(*this, ResultExpr);

PromoteType = Context.getPromotedIntegerType(TInfo->getType()); PromotedType != QualType()) {

// [cstdarg.syn]p1 defers the C++ behavior to what the C standard says, DiagRuntimeBehavior(

// and C23 7.16.1.1p2 says, in part: TInfo->getTypeLoc().getBeginLoc(), E,

// If type is not compatible with the type of the actual next argument

// (as promoted according to the default argument promotions), the

// behavior is undefined, except for the following cases:

// - both types are pointers to qualified or unqualified versions of

// compatible types;

// - one type is compatible with a signed integer type, the other

// type is compatible with the corresponding unsigned integer type,

// and the value is representable in both types;

// - one type is pointer to qualified or unqualified void and the

// other is a pointer to a qualified or unqualified character type;

// - or, the type of the next argument is nullptr_t and type is a

// pointer type that has the same representation and alignment

// requirements as a pointer to a character type.

// Given that type compatibility is the primary requirement (ignoring

// qualifications), you would think we could call typesAreCompatible()

// directly to test this. However, in C++, that checks for *same type*,

// which causes false positives when passing an enumeration type to

// va_arg. Instead, get the underlying type of the enumeration and pass

// that.

QualType UnderlyingType = TInfo->getType();

if (const auto *ET = UnderlyingType->getAs<EnumType>())

UnderlyingType = ET->getDecl()->getIntegerType();

if (Context.typesAreCompatible(PromoteType, UnderlyingType,

/*CompareUnqualified*/ true))

PromoteType = QualType();

// If the types are still not compatible, we need to test whether the

// promoted type and the underlying type are the same except for

// signedness. Ask the AST for the correctly corresponding type and see

// if that's compatible.

if (!PromoteType.isNull() && !UnderlyingType->isBooleanType() &&

PromoteType->isUnsignedIntegerType() !=

UnderlyingType->isUnsignedIntegerType()) {

UnderlyingType =

UnderlyingType->isUnsignedIntegerType()

? Context.getCorrespondingSignedType(UnderlyingType)

: Context.getCorrespondingUnsignedType(UnderlyingType);

if (Context.typesAreCompatible(PromoteType, UnderlyingType,

/*CompareUnqualified*/ true))

PromoteType = QualType();

}

if (TInfo->getType()->isSpecificBuiltinType(BuiltinType::Float))

PromoteType = Context.DoubleTy;

if (!PromoteType.isNull())

DiagRuntimeBehavior(TInfo->getTypeLoc().getBeginLoc(), E,

PDiag(diag::warn_second_parameter_to_va_arg_never_compatible) PDiag(diag::warn_second_parameter_to_va_arg_never_compatible)

<< TInfo->getType() << TInfo->getType() << PromotedType

<< PromoteType

<< TInfo->getTypeLoc().getSourceRange()); << TInfo->getTypeLoc().getSourceRange());

} }

QualType T = TInfo->getType().getNonLValueExprType(Context); return ResultExpr;

return new (Context) VAArgExpr(BuiltinLoc, E, TInfo, RPLoc, T, IsMS);

} }

ExprResult Sema::ActOnGNUNullExpr(SourceLocation TokenLoc) { ExprResult Sema::ActOnGNUNullExpr(SourceLocation TokenLoc) {

// The type of __null will be int or long, depending on the size of // The type of __null will be int or long, depending on the size of

// pointers on the target. // pointers on the target.

QualType Ty; QualType Ty;

unsigned pw = Context.getTargetInfo().getPointerWidth(LangAS::Default); unsigned pw = Context.getTargetInfo().getPointerWidth(LangAS::Default);

if (pw == Context.getTargetInfo().getIntWidth()) if (pw == Context.getTargetInfo().getIntWidth())

▲ Show 20 Lines • Show All 4,443 Lines • Show Last 20 Lines

clang/test/CXX/drs/dr7xx.cpp

Show First 20 Lines • Show All 47 Lines • ▼ Show 20 Lines	struct X {
(void)a.n; // FIXME: expected-error {{declared in enclosing}}		(void)a.n; // FIXME: expected-error {{declared in enclosing}}
(void)(a.*&A::n); // FIXME: expected-error {{declared in enclosing}}		(void)(a.*&A::n); // FIXME: expected-error {{declared in enclosing}}
}		}
};		};
}		}
#endif		#endif
}		}

		namespace dr722 { // dr722: 18
		#if __cplusplus >= 201103L
		int x = __builtin_printf("%p", nullptr);
		void f(__builtin_va_list args) {
		__builtin_va_arg(args, decltype(nullptr)); // expected-warning {{second argument to 'va_arg' is of promotable type 'decltype(nullptr)' (aka 'std::nullptr_t'); this va_arg has undefined behavior because arguments will be promoted to 'void *'}}
		}
		#endif
		}

namespace dr727 { // dr727: partial		namespace dr727 { // dr727: partial
struct A {		struct A {
template<typename T> struct C; // expected-note 6{{here}}		template<typename T> struct C; // expected-note 6{{here}}
template<typename T> void f(); // expected-note {{here}}		template<typename T> void f(); // expected-note {{here}}
template<typename T> static int N; // expected-error 0-1{{C++14}} expected-note 6{{here}}		template<typename T> static int N; // expected-error 0-1{{C++14}} expected-note 6{{here}}

template<> struct C<int>;		template<> struct C<int>;
template<> void f<int>();		template<> void f<int>();
▲ Show 20 Lines • Show All 172 Lines • Show Last 20 Lines

clang/test/CodeGen/xcore-abi.c

Show First 20 Lines • Show All 71 Lines • ▼ Show 20 Lines	void testva (int n, ...) {
// CHECK: [[I:%[a-z0-9]+]] = load ptr, ptr [[AP]]		// CHECK: [[I:%[a-z0-9]+]] = load ptr, ptr [[AP]]
// CHECK: [[P:%[a-z0-9]+]] = load ptr, ptr [[I]]		// CHECK: [[P:%[a-z0-9]+]] = load ptr, ptr [[I]]
// CHECK: [[IN:%[a-z0-9]+]] = getelementptr inbounds i8, ptr [[I]], i32 4		// CHECK: [[IN:%[a-z0-9]+]] = getelementptr inbounds i8, ptr [[I]], i32 4
// CHECK: store ptr [[IN]], ptr [[AP]]		// CHECK: store ptr [[IN]], ptr [[AP]]
// CHECK: call void @llvm.memcpy.p0.p0.i32(ptr align 4 [[V5]], ptr align 4 [[P]], i32 20, i1 false)		// CHECK: call void @llvm.memcpy.p0.p0.i32(ptr align 4 [[V5]], ptr align 4 [[P]], i32 20, i1 false)
// CHECK: call void @f(ptr noundef [[V5]])		// CHECK: call void @f(ptr noundef [[V5]])

int* v6 = va_arg (ap, int[4]); // an unusual aggregate type		int* v6 = va_arg (ap, int[4]); // an unusual aggregate type
		// expected-warning@-1{{second argument to 'va_arg' is of promotable type 'int[4]'}}
f(v6);		f(v6);
// CHECK: [[I:%[a-z0-9]+]] = load ptr, ptr [[AP]]		// CHECK: [[I:%[a-z0-9]+]] = load ptr, ptr [[AP]]
// CHECK: [[P:%[a-z0-9]+]] = load ptr, ptr [[I]]		// CHECK: [[P:%[a-z0-9]+]] = load ptr, ptr [[I]]
// CHECK: [[IN:%[a-z0-9]+]] = getelementptr inbounds i8, ptr [[I]], i32 4		// CHECK: [[IN:%[a-z0-9]+]] = getelementptr inbounds i8, ptr [[I]], i32 4
// CHECK: store ptr [[IN]], ptr [[AP]]		// CHECK: store ptr [[IN]], ptr [[AP]]
// CHECK: call void @llvm.memcpy.p0.p0.i32(ptr align 4 [[TMP]], ptr align 4 [[P]], i32 16, i1 false)		// CHECK: call void @llvm.memcpy.p0.p0.i32(ptr align 4 [[TMP]], ptr align 4 [[P]], i32 16, i1 false)
// CHECK: [[V2:%[a-z0-9]+]] = getelementptr inbounds [4 x i32], ptr [[TMP]], i32 0, i32 0		// CHECK: [[V2:%[a-z0-9]+]] = getelementptr inbounds [4 x i32], ptr [[TMP]], i32 0, i32 0
// CHECK: store ptr [[V2]], ptr [[V:%[a-z0-9]+]], align 4		// CHECK: store ptr [[V2]], ptr [[V:%[a-z0-9]+]], align 4
Show All 40 Lines

clang/test/Sema/format-pointer.c

This file was added.

// RUN: %clang_cc1 -xc -Wformat %s -verify

// RUN: %clang_cc1 -xc -Wformat -std=c2x %s -verify

// RUN: %clang_cc1 -xc++ -Wformat %s -verify

// RUN: %clang_cc1 -xobjective-c -Wformat -fblocks %s -verify

// RUN: %clang_cc1 -xobjective-c++ -Wformat -fblocks %s -verify

// RUN: %clang_cc1 -xc -std=c2x -Wformat %s -pedantic -verify=expected,pedantic

// RUN: %clang_cc1 -xc++ -Wformat %s -pedantic -verify=expected,pedantic

// RUN: %clang_cc1 -xobjective-c -Wformat -fblocks -pedantic %s -verify=expected,pedantic

aaron.ballmanUnsubmitted

Not Done

- // RUN: %clang_cc1 -xc -Wformat %s -verify

- // RUN: %clang_cc1 -xc -Wformat -std=c2x %s -verify

+ // RUN: %clang_cc1 -Wformat %s -verify

+ // RUN: %clang_cc1 -Wformat -std=c2x %s -verify

// RUN: %clang_cc1 -xc++ -Wformat %s -verify

// RUN: %clang_cc1 -xobjective-c -Wformat -fblocks %s -verify

// RUN: %clang_cc1 -xobjective-c++ -Wformat -fblocks %s -verify

- // RUN: %clang_cc1 -xc -std=c2x -Wformat %s -pedantic -verify=expected,pedantic

+ // RUN: %clang_cc1 -std=c2x -Wformat %s -pedantic -verify=expected,pedantic

// RUN: %clang_cc1 -xc++ -Wformat %s -pedantic -verify=expected,pedantic

// RUN: %clang_cc1 -xobjective-c -Wformat -fblocks -pedantic %s -verify=expected,pedantic

__attribute__((__format__(__printf__, 1, 2)))

aaron.ballman:

__attribute__((__format__(__printf__, 1, 2)))

int printf(const char *, ...);

__attribute__((__format__(__scanf__, 1, 2)))

int scanf(const char *, ...);

void f(void *vp, const void *cvp, char *cp, signed char *scp, int *ip) {

int arr[2];

printf("%p", cp);

printf("%p", cvp);

printf("%p", vp);

printf("%p", scp);

printf("%p", ip); // pedantic-warning {{format specifies type 'void *' but the argument has type 'int *'}}

printf("%p", arr); // pedantic-warning {{format specifies type 'void *' but the argument has type 'int *'}}

scanf("%p", &vp);

scanf("%p", &cvp);

scanf("%p", (void *volatile*)&vp);

scanf("%p", (const void *volatile*)&cvp);

scanf("%p", &cp); // pedantic-warning {{format specifies type 'void **' but the argument has type 'char **'}}

scanf("%p", &ip); // pedantic-warning {{format specifies type 'void **' but the argument has type 'int **'}}

scanf("%p", &arr); // expected-warning {{format specifies type 'void **' but the argument has type 'int (*)[2]'}}

#if !__is_identifier(nullptr)

typedef __typeof__(nullptr) nullptr_t;

nullptr_t np = nullptr;

nullptr_t *npp = &np;

printf("%p", np);

scanf("%p", &np); // expected-warning {{format specifies type 'void **' but the argument has type 'nullptr_t *'}}

scanf("%p", &npp); // pedantic-warning {{format specifies type 'void **' but the argument has type 'nullptr_t **'}}

MitalAshokAuthorUnsubmitted

Done

Should this be a pedantic warning?

If this reads a non-null pointer, the bit pattern of np will be messed up but np will still read as a nullptr.
If it reads a null pointer, it should be fine.

MitalAshok: Should this be a pedantic warning? If this reads a non-null pointer, the bit pattern of `np`…

aaron.ballmanUnsubmitted

Done

That's a fun scenario, good test case!

C23 7.26.6.2p10: Except in the case of a % specifier, the input item (or, in the case of a %n directive, the count of input characters) is converted to a type appropriate to the conversion specifier. If the input item is not a matching sequence, the execution of the directive fails: this condition is a matching failure. Unless assignment suppression was indicated by a *, the result of the conversion is placed in the object pointed to by the first argument following the format argument that has not already received a conversion result. If this object does not have an appropriate type, or if the result of the conversion cannot be represented in the object, the behavior is undefined.

p12, the p specifier: Matches an implementation-defined set of sequences, which should be the same as the set of sequences that may be produced by the %p conversion of the fprintf function. The corresponding argument shall be a pointer to a pointer of void. The input item is converted to a pointer value in an implementation-defined manner. If the input item is a value converted earlier during the same program execution, the pointer that results shall compare equal to that value; otherwise the behavior of the %p conversion is undefined.

The corresponding argument is not a pointer to a pointer of void, so it's UB, not just pedantically so.

aaron.ballman: That's a fun scenario, good test case! C23 7.26.6.2p10: Except in the case of a % specifier…

#endif

#ifdef __OBJC__

id i = 0;

void (^b)(void) = ^{};

printf("%p", i); // pedantic-warning {{format specifies type 'void *' but the argument has type 'id'}}

printf("%p", b); // pedantic-warning {{format specifies type 'void *' but the argument has type 'void (^)(void)'}}

scanf("%p", &i); // pedantic-warning {{format specifies type 'void **' but the argument has type 'id *'}}

scanf("%p", &b); // pedantic-warning {{format specifies type 'void **' but the argument has type 'void (^*)(void)'}}

#endif

}

clang/test/Sema/format-strings-pedantic.c

	// RUN: %clang_cc1 -fsyntax-only -verify -Wno-format -Wformat-pedantic %s			// RUN: %clang_cc1 -fsyntax-only -verify -Wno-format -Wformat-pedantic %s
	// RUN: %clang_cc1 -xobjective-c -fblocks -fsyntax-only -verify -Wno-format -Wformat-pedantic %s			// RUN: %clang_cc1 -xobjective-c -fblocks -fsyntax-only -verify -Wno-format -Wformat-pedantic %s
	// RUN: %clang_cc1 -xc++ -fsyntax-only -verify -Wno-format -Wformat-pedantic %s			// RUN: %clang_cc1 -xc++ -fsyntax-only -verify -Wno-format -Wformat-pedantic %s
				// RUN: %clang_cc1 -std=c2x -fsyntax-only -verify -Wno-format -Wformat-pedantic %s

	__attribute__((format(printf, 1, 2)))			__attribute__((format(printf, 1, 2)))
	int printf(const char *restrict, ...);			int printf(const char *restrict, ...);

	int main(void) {			int main(void) {
	printf("%p", (int )0); // expected-warning {{format specifies type 'void ' but the argument has type 'int *'}}			printf("%p", (int )0); // expected-warning {{format specifies type 'void ' but the argument has type 'int *'}}
	printf("%p", (void *)0);			printf("%p", (void *)0);

	#ifdef __OBJC__			#ifdef __OBJC__
	printf("%p", ^{}); // expected-warning {{format specifies type 'void *' but the argument has type 'void (^)(void)'}}			printf("%p", ^{}); // expected-warning {{format specifies type 'void *' but the argument has type 'void (^)(void)'}}
	printf("%p", (id)0); // expected-warning {{format specifies type 'void *' but the argument has type 'id'}}			printf("%p", (id)0); // expected-warning {{format specifies type 'void *' but the argument has type 'id'}}
	#endif			#endif

	#ifdef __cplusplus			#if !__is_identifier(nullptr)
	printf("%p", nullptr); // expected-warning {{format specifies type 'void *' but the argument has type 'std::nullptr_t'}}			printf("%p", nullptr);
	#endif			#endif
				MitalAshokAuthorUnsubmitted Done Reply Inline Actions In C2x, nullptr passed as an argument and retrieved via `va_arg(ap, void )` is valid (See C2x 7.16.1.1p2) and this is the same as `printf("%p", (void) nullptr)`, but this should still be fine as a "pedantic" warning MitalAshok: In C2x, nullptr passed as an argument and retrieved via `va_arg(ap, void *)` is valid (See C2x…
				aaron.ballmanUnsubmitted Done Reply Inline Actions I don't think this should be diagnosed pedantically; the code is correct. aaron.ballman: I don't think this should be diagnosed pedantically; the code is correct.
	}			}

clang/test/Sema/varargs.c

	Show First 20 Lines • Show All 69 Lines • ▼ Show 20 Lines

	enum E { x = -1, y = 2, z = 10000 };			enum E { x = -1, y = 2, z = 10000 };
	void f9(__builtin_va_list args)			void f9(__builtin_va_list args)
	{			{
	(void)__builtin_va_arg(args, float); // expected-warning {{second argument to 'va_arg' is of promotable type 'float'}}			(void)__builtin_va_arg(args, float); // expected-warning {{second argument to 'va_arg' is of promotable type 'float'}}
	(void)__builtin_va_arg(args, enum E); // Don't warn here in C			(void)__builtin_va_arg(args, enum E); // Don't warn here in C
	(void)__builtin_va_arg(args, short); // expected-warning {{second argument to 'va_arg' is of promotable type 'short'}}			(void)__builtin_va_arg(args, short); // expected-warning {{second argument to 'va_arg' is of promotable type 'short'}}
	(void)__builtin_va_arg(args, char); // expected-warning {{second argument to 'va_arg' is of promotable type 'char'}}			(void)__builtin_va_arg(args, char); // expected-warning {{second argument to 'va_arg' is of promotable type 'char'}}

				// _BitInts aren't promoted
				(void)__builtin_va_arg(args, _BitInt(7));
				(void)__builtin_va_arg(args, unsigned _BitInt(7));
				(void)__builtin_va_arg(args, _BitInt(32)); // OK
				(void)__builtin_va_arg(args, unsigned _BitInt(32)); // OK
				(void)__builtin_va_arg(args, _BitInt(33)); // OK
				(void)__builtin_va_arg(args, unsigned _BitInt(33)); // OK
	}			}

	void f10(int a, ...) {			void f10(int a, ...) {
	int i;			int i;
	__builtin_va_list ap;			__builtin_va_list ap;
	i = __builtin_va_start(ap, a); // expected-error {{assigning to 'int' from incompatible type 'void'}}			i = __builtin_va_start(ap, a); // expected-error {{assigning to 'int' from incompatible type 'void'}}
	__builtin_va_end(ap);			__builtin_va_end(ap);
	}			}
	Show All 30 Lines
	void f14(int e, ...) {			void f14(int e, ...) {
	// expected-error@+3 {{call to undeclared library function 'va_start'}}			// expected-error@+3 {{call to undeclared library function 'va_start'}}
	// expected-note@+2 {{include the header <stdarg.h>}}			// expected-note@+2 {{include the header <stdarg.h>}}
	// expected-error@+1 {{too few arguments to function call}}			// expected-error@+1 {{too few arguments to function call}}
	va_start();			va_start();
	__builtin_va_list va;			__builtin_va_list va;
	va_start(va, e);			va_start(va, e);
	}			}

				void f15(__builtin_va_list args) {
				(void)__builtin_va_arg(args, const int);
				(void)__builtin_va_arg(args, const volatile int);
				(void)__builtin_va_arg(args, volatile int);
				(void)__builtin_va_arg(args, int * volatile);

				typedef short vec [[gnu::vector_size(sizeof(short))]];
				vec v = __builtin_va_arg(args, vec);

				#ifdef MS
				typedef void(__fastcall * attribute_fn)(void);
				attribute_fn ptr = __builtin_va_arg(args, attribute_fn);
				#endif
				}

clang/test/SemaCXX/format-strings-0x-nopedantic.cpp

	// RUN: %clang_cc1 -fsyntax-only -verify -Wformat -std=c++11 %s			// RUN: %clang_cc1 -fsyntax-only -verify -Wformat -std=c++11 %s
	// expected-no-diagnostics			// expected-no-diagnostics
	extern "C" {			extern "C" {
	extern int scanf(const char *restrict, ...);			extern int scanf(const char *restrict, ...);
	extern int printf(const char *restrict, ...);			extern int printf(const char *restrict, ...);
	}			}

	void f(char *c) {			void f(char c, int q) {
	printf("%p", c);			printf("%p", c);
				printf("%p", q);
	}			}

clang/test/SemaCXX/varargs.cpp

Show All 24 Lines	struct Foo {
// expected-error@+2 {{'va_start' cannot be used outside a function}}		// expected-error@+2 {{'va_start' cannot be used outside a function}}
// expected-error@+1 {{default argument references parameter 'a'}}		// expected-error@+1 {{default argument references parameter 'a'}}
void meth(int a, int b = (__builtin_va_start(ap, a), 0)) {}		void meth(int a, int b = (__builtin_va_start(ap, a), 0)) {}
};		};
}		}

// Ensure the correct behavior for promotable type UB checking.		// Ensure the correct behavior for promotable type UB checking.
void promotable(int a, ...) {		void promotable(int a, ...) {
enum Unscoped1 { One = 0x7FFFFFFF };		enum Unscoped1 { U = 0x7FFFFFFF };
(void)__builtin_va_arg(ap, Unscoped1); // ok		(void)__builtin_va_arg(ap, Unscoped1); // ok
		MitalAshokAuthorUnsubmitted Done Reply Inline Actions Unscoped1 is promoted to int when passed to a variadic function. The underlying type for Unscoped1 is unsigned int, so only Unscoped1 and unsigned int are compatible, not Unscoped1 and int. An Unscoped1 passed to a variadic function must be retrieved via va_arg(ap, int). MitalAshok: Unscoped1 is promoted to int when passed to a variadic function. The underlying type for…
		MitalAshokAuthorUnsubmitted Not Done Reply Inline Actions Although I guess the warning is now wrong because even though `void f(int x, ...) { std::va_list ap; va_start(ap, x); va_arg(ap, Unscoped1); }` `f(0, Unscoped1{2})` would be UB, `f(0, 2u)` would not be UB. The user still should be warned about it, so I could create a new warning "second argument to 'va_arg' is of promotable enumeration type 'Unscoped1'; this va_arg may have undefined behavior because arguments of this enumeration type will be promoted to 'int', not the underlying type 'unsigned int'", and maybe suggest a fix `Unscoped1{va_arg(ap, unsigned)}`. Or we could ignore it and pretend that int and enums with underlying types unsigned are compatible for the purposes of va_arg MitalAshok: Although I guess the warning is now wrong because even though `void f(int x, ...) { std…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions I think we shouldn't warn in this case because of C23 7.16.1.1p2: If type is not compatible with the type of the actual next argument (as promoted according to the default argument promotions), the behavior is undefined, except for the following cases: ... one type is compatible with a signed integer type, the other type is compatible with the corresponding unsigned integer type, and the value is representable in both types; Coupled with C23 6.7.2.2p13: For all enumerations without a fixed underlying type, each enumerated type shall be compatible with char or a signed or an unsigned integer type that is not bool or a bit-precise integer type. The choice of type is implementation-defined., but shall be capable of representing the values of all the members of the enumeration. WDYT? aaron.ballman: I think we shouldn't warn in this case because of C23 7.16.1.1p2: > If type is not compatible…
		MitalAshokAuthorUnsubmitted Done Reply Inline Actions This seems to have changed very recently between N3096 (April C23 draft) and N3149 (July C23 draft) by N3112. For reference, the old wording (also in C17) read: one type is a signed integer type, the other type is the corresponding unsigned integer type, and the value is representable in both types; So with the current rules, yes they would be compatible and this shouldn't warn. I've changed it so it checks types with corresponding signedness. MitalAshok: This seems to have changed very recently between [[ https://www.open-std.
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions This seems to have changed very recently between N3096 (April C23 draft) and N3149 (July C23 draft) by N3112 Yes, this changed during ballot comment resolution at the June 2023 meeting; it was US-127 (see https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3148.doc for the paper trail) So with the current rules, yes they would be compatible and this shouldn't warn. I've changed it so it checks types with corresponding signedness. Thank you! aaron.ballman: > This seems to have changed very recently between N3096 (April C23 draft) and N3149 (July C23…

enum Unscoped2 { Two = 0xFFFFFFFF };		enum Unscoped2 { I = 0xFFFFFFFF };
(void)__builtin_va_arg(ap, Unscoped2); // ok		(void)__builtin_va_arg(ap, Unscoped2); // ok

enum class Scoped { Three };		enum Unscoped3 { UL = 0x7FFFFFFFFFFFFFFF };
		(void)__builtin_va_arg(ap, Unscoped3); // ok

		enum Unscoped4 { L = 0xFFFFFFFFFFFFFFFFu };
		(void)__builtin_va_arg(ap, Unscoped4); // ok

		enum class Scoped { One };
(void)__builtin_va_arg(ap, Scoped); // ok		(void)__builtin_va_arg(ap, Scoped); // ok

enum Fixed : int { Four };		enum Fixed : int { Two };
(void)__builtin_va_arg(ap, Fixed); // ok		(void)__builtin_va_arg(ap, Fixed); // ok

enum FixedSmall : char { Five };		enum FixedSmall : char { Three };
(void)__builtin_va_arg(ap, FixedSmall); // expected-warning {{second argument to 'va_arg' is of promotable type 'FixedSmall'; this va_arg has undefined behavior because arguments will be promoted to 'int'}}		(void)__builtin_va_arg(ap, FixedSmall); // expected-warning {{second argument to 'va_arg' is of promotable type 'FixedSmall'; this va_arg has undefined behavior because arguments will be promoted to 'int'}}

enum FixedLarge : long long { Six };		enum FixedLarge : long long { Four };
(void)__builtin_va_arg(ap, FixedLarge); // ok		(void)__builtin_va_arg(ap, FixedLarge); // ok

// Ensure that qualifiers are ignored.		// Ensure that qualifiers are ignored.
(void)__builtin_va_arg(ap, const volatile int); // ok		(void)__builtin_va_arg(ap, const volatile int); // ok

// Ensure that signed vs unsigned doesn't matter either.		// Ensure that signed vs unsigned doesn't matter either.
(void)__builtin_va_arg(ap, unsigned int);		(void)__builtin_va_arg(ap, unsigned int);

(void)__builtin_va_arg(ap, bool); // expected-warning {{second argument to 'va_arg' is of promotable type 'bool'; this va_arg has undefined behavior because arguments will be promoted to 'int'}}		(void)__builtin_va_arg(ap, bool); // expected-warning {{second argument to 'va_arg' is of promotable type 'bool'; this va_arg has undefined behavior because arguments will be promoted to 'int'}}

		(void)__builtin_va_arg(ap, float); // expected-warning {{second argument to 'va_arg' is of promotable type 'float'; this va_arg has undefined behavior because arguments will be promoted to 'double'}}
		(void)__builtin_va_arg(ap, __fp16); // expected-warning {{second argument to 'va_arg' is of promotable type '__fp16'; this va_arg has undefined behavior because arguments will be promoted to 'double'}}

		#if __cplusplus >= 201103L
		(void)__builtin_va_arg(ap, decltype(nullptr)); // expected-warning {{second argument to 'va_arg' is of promotable type 'decltype(nullptr)' (aka 'std::nullptr_t'); this va_arg has undefined behavior because arguments will be promoted to 'void *'}}
		#endif

		(void)__builtin_va_arg(ap, int[3]); // expected-warning {{second argument to 'va_arg' is of promotable type 'int[3]'; this va_arg has undefined behavior because arguments will be promoted to 'int *'}}
		(void)__builtin_va_arg(ap, const int[3]); // expected-warning {{second argument to 'va_arg' is of promotable type 'const int[3]'; this va_arg has undefined behavior because arguments will be promoted to 'const int *'}}

		// _BitInts aren't promoted
		(void)__builtin_va_arg(ap, _BitInt(7));
		(void)__builtin_va_arg(ap, unsigned _BitInt(7));
		(void)__builtin_va_arg(ap, _BitInt(32));
		(void)__builtin_va_arg(ap, unsigned _BitInt(32));
		(void)__builtin_va_arg(ap, _BitInt(33));
		(void)__builtin_va_arg(ap, unsigned _BitInt(33));
}		}

#if __cplusplus >= 201103L		#if __cplusplus >= 201103L
// We used to have bugs identifying the correct enclosing function scope in a		// We used to have bugs identifying the correct enclosing function scope in a
// lambda.		// lambda.

void fixed_lambda_varargs_function(int a, ...) {		void fixed_lambda_varargs_function(int a, ...) {
[](int b) {		[](int b) {
Show All 24 Lines

clang/www/cxx_dr_status.html

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 4,367 Lines • ▼ Show 20 Lines	<tr id="721">
<td>CD2</td>		<td>CD2</td>
<td>Where must a variable be initialized to be used in a constant expression?</td>		<td>Where must a variable be initialized to be used in a constant expression?</td>
<td class="none" align="center">Unknown</td>		<td class="none" align="center">Unknown</td>
</tr>		</tr>
<tr id="722">		<tr id="722">
<td><a href="https://cplusplus.github.io/CWG/issues/722.html">722</a></td>		<td><a href="https://cplusplus.github.io/CWG/issues/722.html">722</a></td>
<td>CD2</td>		<td>CD2</td>
<td>Can <TT>nullptr</TT> be passed to an ellipsis?</td>		<td>Can <TT>nullptr</TT> be passed to an ellipsis?</td>
<td class="none" align="center">Unknown</td>		<td class="unreleased" align="center">Clang 18</td>
		MitalAshokAuthorUnsubmitted Done Reply Inline Actions It may be better to mark this as "Yes", since in old clang versions passing nullptr would work by virtue of it having representation of a null void* pointer, and it only affected diagnostics MitalAshok: It may be better to mark this as "Yes", since in old clang versions passing nullptr would work…
		aaron.ballmanUnsubmitted Done Reply Inline Actions I think it's better to use Clang 18, otherwise people will think there's a diagnostic bug with earlier versions. We usually use "Yes" to mean "we've always supported this correctly, as best we can tell". aaron.ballman: I think it's better to use Clang 18, otherwise people will think there's a diagnostic bug with…
</tr>		</tr>
<tr id="726">		<tr id="726">
<td><a href="https://cplusplus.github.io/CWG/issues/726.html">726</a></td>		<td><a href="https://cplusplus.github.io/CWG/issues/726.html">726</a></td>
<td>CD2</td>		<td>CD2</td>
<td>Atomic and non-atomic objects in the memory model</td>		<td>Atomic and non-atomic objects in the memory model</td>
<td class="none" align="center">Unknown</td>		<td class="none" align="center">Unknown</td>
</tr>		</tr>
<tr id="727">		<tr id="727">
▲ Show 20 Lines • Show All 11,691 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[Clang][Sema] DR722 (nullptr and varargs) and missing -Wvarargs diagnosticsNeeds ReviewPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 553055

clang/docs/ReleaseNotes.rst

clang/lib/AST/FormatString.cpp

clang/lib/Sema/SemaExpr.cpp

clang/test/CXX/drs/dr7xx.cpp

clang/test/CodeGen/xcore-abi.c

clang/test/Sema/format-pointer.c

clang/test/Sema/format-strings-pedantic.c

clang/test/Sema/varargs.c

clang/test/SemaCXX/format-strings-0x-nopedantic.cpp

clang/test/SemaCXX/varargs.cpp

clang/www/cxx_dr_status.html

[Clang][Sema] DR722 (nullptr and varargs) and missing -Wvarargs diagnostics
Needs ReviewPublic