This is an archive of the discontinued LLVM Phabricator instance.

Differential D37042

Teach clang to tolerate the 'p = nullptr + n' idiom used by glibc
ClosedPublic

Authored by andrew.w.kaylor on Aug 22 2017, 5:33 PM.

Details

Reviewers
rjmccall
rsmith
efriedma
Commits
rGb9be53634c87: Remove offset size check in nullptr arithmetic handling
rG3d0a540857ed: Teach clang to tolerate the 'p = nullptr + n' idiom used by glibc
rC313784: Remove offset size check in nullptr arithmetic handling
rC313666: Teach clang to tolerate the 'p = nullptr + n' idiom used by glibc
rL313784: Remove offset size check in nullptr arithmetic handling
rL313666: Teach clang to tolerate the 'p = nullptr + n' idiom used by glibc
Summary

This patch adds a hack to clang's emitPointerArithmetic() function to get it to emit an inttoptr instruction rather than a GEP with a null base pointer when the 'p = nullptr + n' idiom is used to convert a pointer-sized integer to a pointer. This idiom is used by some versions of glibc and gcc.

This was previously discussed here: http://lists.llvm.org/pipermail/llvm-dev/2017-July/115053.html

Diff Detail

Repository
rL LLVM

Event Timeline

andrew.w.kaylor created this revision.Aug 22 2017, 5:33 PM
andrew.w.kaylor added a comment.Aug 22 2017, 5:40 PM

I'm not sure why the svn attributes got attached to the file I added. I'll remove them before committing.

majnemer added a subscriber: majnemer.Aug 22 2017, 8:50 PM

I'd expect this to be more limited.

Something like, "if we have a BinaryOperator of + between a CStyleCastExpr of NullToPointer and 'X', emit inttoptr(X)"

majnemer added a comment.Aug 22 2017, 8:55 PM
In D37042#849726, @majnemer wrote:

I'd expect this to be more limited.

Something like, "if we have a BinaryOperator of + between a CStyleCastExpr of NullToPointer and 'X', emit inttoptr(X)"

Although maybe that is too strict... I guess stuff gets hairy quickly if you want to be able to also catch (char*)NULL + x....

mcrosier added a subscriber: mcrosier.Aug 23 2017, 8:42 AM
andrew.w.kaylor added a comment.Aug 23 2017, 12:53 PM

My intention here was to make this as strict/limited as possible while still handling the cases of interest. There are two different implementations I want to handle. You can see the first variation in the __BPTR_ALIGN definition being added here:

https://github.com/lattera/glibc/commit/2fd4de4b15a66f821057af90714145d2c034a609#diff-cd0c2b2693d632ad8843ae58a6ea7ffaR125

You can see the other in the __INT_TO_PTR definition that was being deleted in the same change set here:

https://github.com/lattera/glibc/commit/2fd4de4b15a66f821057af90714145d2c034a609#diff-cd0c2b2693d632ad8843ae58a6ea7ffaL122

This second case shows up in some benchmark code, so it's important even though glibc phased it out.

I'm really not sure what this looks like in the front end, but it seems like it could be relatively open-ended as to where the value came from.

Basically, my intention is to eliminate anything I know isn't what I'm looking for and then handle whatever remains being added to a null pointer. Given that adding to a null pointer is undefined behavior, whatever we do should be acceptable in all cases. What I found in practice was that even with the existing handling of this it took an awful lot of optimizations before the null-based GEP and the load associated with it got close enough together for us to recognize that we could optimize it away, so I don't think we'd be losing much by tolerating additional cases in the way this patch proposes.

hfinkel added a subscriber: hfinkel.Aug 23 2017, 1:41 PM

I'd really like to see this done in some way such that we can issue a warning along with generating well-defined code. The warning can specifically state that the code is using an extension, etc.

andrew.w.kaylor added a comment.Aug 25 2017, 9:52 AM
In D37042#850676, @hfinkel wrote:

I'd really like to see this done in some way such that we can issue a warning along with generating well-defined code. The warning can specifically state that the code is using an extension, etc.

Should it warn on any nullptr arithmetic, or just the cases that are being handled by this change?

efriedma added a subscriber: efriedma.Aug 25 2017, 10:57 AM

It would be nice to warn on any nullptr arithmetic, yes. (We probably want the wording of the warning to be a bit different if we're activating this workaround.)

hfinkel added a comment.Aug 25 2017, 11:00 AM
In D37042#852733, @efriedma wrote:

It would be nice to warn on any nullptr arithmetic, yes. (We probably want the wording of the warning to be a bit different if we're activating this workaround.)

+1 (I'll likely want the ability to turn off the warning for one without turning off the warning for the other)

aivchenk added a subscriber: aivchenk.Aug 29 2017, 3:37 AM
andrew.w.kaylor updated this revision to Diff 113134.Aug 29 2017, 12:21 PM

Added warnings for null pointer arithmetic.

efriedma added a reviewer: rsmith.Aug 29 2017, 12:28 PM

I didn't think of this earlier, but strictly speaking, I think "(char*)nullptr+0" isn't undefined in C++? But probably worth emitting the warning anyway; anyone writing out arithmetic on null is probably doing something suspicious, even if it isn't technically undefined.

include/clang/Basic/DiagnosticSemaKinds.td
6032 ↗(On Diff #113134)

The keyword "inttoptr" is part of LLVM, not something we expect users to understand.

lib/Sema/SemaExpr.cpp
8808 ↗(On Diff #113134)

Please make sure you use exactly the same check in Sema and CodeGen (probably easiest to stick a helper into lib/AST/).

rsmith edited edge metadata.Aug 29 2017, 1:48 PM
In D37042#855713, @efriedma wrote:

I didn't think of this earlier, but strictly speaking, I think "(char*)nullptr+0" isn't undefined in C++?

Yes, that's correct. (C++'s model is basically equivalent to having an object of size zero at the null address, so things like (char*)nullptr - (char*)nullptr and (char*)nullptr + 0 are valid.)

But probably worth emitting the warning anyway; anyone writing out arithmetic on null is probably doing something suspicious, even if it isn't technically undefined.

I agree. We should probably suppress the warning if the non-pointer operand is known to be zero in C++, and weaken the wording slightly "[..] has undefined behavior if offset is nonzero" otherwise, though.

include/clang/Basic/DiagnosticSemaKinds.td
6032 ↗(On Diff #113134)

How about something like "arithmetic on null pointer treated as cast from integer to pointer as a GNU extension"?

lib/Sema/SemaExpr.cpp
8799 ↗(On Diff #113134)

Maybe // Adding to a null pointer results in undefined behavior. to explain why we warn (a reader of the code can already see that we do warn in this case).

8805 ↗(On Diff #113134)

It seems strange to me to disable this when the RHS is an ICE. If we're going to support this as an extension, we should make the rules for it as simple as we reasonably can; this ICE check seems like an unnecessary complication.

andrew.w.kaylor added inline comments.Aug 29 2017, 3:45 PM
include/clang/Basic/DiagnosticSemaKinds.td
6032 ↗(On Diff #113134)

I like that. Thanks for the suggestion.

lib/Sema/SemaExpr.cpp
8805 ↗(On Diff #113134)

You're probably right. My thinking was that I wanted to keep the extension idiom as narrow as was reasonable, so these were cases that I felt like I could rule out, but the argument for simplicity is compelling since the alternative isn't doing anything particularly desirable in most cases.

andrew.w.kaylor added inline comments.Aug 29 2017, 4:38 PM
lib/Sema/SemaExpr.cpp
8808 ↗(On Diff #113134)

That's a good idea, but I'm not really familiar enough with the structure of clang to be sure I'm not doing it in a ham-fisted way. Can you clarify? Are you suggesting adding something like ASTContext::isPointeeTypeCharSize() and ASTContext::isIntegerTypePointerSize()? Or maybe a single specialized function somewhere that does both checks like ASTContext::areOperandNullPointerArithmeticCompatible()?

rsmith added inline comments.Aug 29 2017, 4:57 PM
lib/Sema/SemaExpr.cpp
8808 ↗(On Diff #113134)

I would suggest something even more specific, such as isNullPointerPlusIntegerExtension

efriedma added inline comments.Aug 29 2017, 5:04 PM
lib/Sema/SemaExpr.cpp
8808 ↗(On Diff #113134)

I'm most concerned about the difference between "isa<llvm::ConstantPointerNull>(pointer)" and "PExp->IgnoreParenCasts()->isNullPointerConstant()"... they're different in important ways.

I was thinking something like "BinaryOperator::isNullPointerArithmeticExtension()"

andrew.w.kaylor added inline comments.Aug 29 2017, 5:26 PM
lib/Sema/SemaExpr.cpp
8808 ↗(On Diff #113134)

At this point in Sema the BinaryOperator for the addition hasn't been created yet, right? So a static function that takes the opcode and operands?

efriedma added inline comments.Aug 29 2017, 5:29 PM
lib/Sema/SemaExpr.cpp
8808 ↗(On Diff #113134)

I wasn't really thinking about that... but yes, something like that.

andrew.w.kaylor updated this revision to Diff 113311.Aug 30 2017, 2:23 PM

Refactored the GNU idiom check to be shared by Sema and CodeGen.
Refined the checks so that nullptr+0 doesn't warn in C++.
Added the zero offset qualification in the warning produced with C++.

rsmith added inline comments.Aug 30 2017, 2:53 PM
lib/AST/Expr.cpp
1857 ↗(On Diff #113311)

If we get here with a value-dependent expression, we should treat it as non-null (do not warn on (char*)PtrTemplateParameter + N).

lib/Sema/SemaExpr.cpp
8804 ↗(On Diff #113311)

Likewise here, we should treat a value-dependent expression as non-null.

8877 ↗(On Diff #113311)

Subtracting zero from a null pointer should not warn in C++.

(Conversely, subtracting a non-null pointer from a pointer should warn in C++, and subtracting any pointer from a null pointer should warn in C.)

8881 ↗(On Diff #113311)

Likewise.

rjmccall added inline comments.Aug 30 2017, 3:17 PM
lib/Sema/SemaExpr.cpp
8808 ↗(On Diff #113134)

I've long thought that it would make sense to store a semantic operation kind in BinaryOperator and UnaryOperator instead of treating the operator alone as a sufficient discriminator. Of course the operator is *usually* sufficient, but there are cases where that's not true — for example, we could use that operation kind to distinguish integer and pointer arithmetic, and maybe even to identify which side of a + is the pointer.

If we had that, we could very easily flag a null+int operation as a completely different semantic operation, which it basically is.

andrew.w.kaylor added inline comments.Aug 30 2017, 3:45 PM
lib/AST/Expr.cpp
1857 ↗(On Diff #113311)

OK. I wasn't sure about that.

So how do I test that? Is this right?

template<typename T, T *P>
T* f(intptr_t offset) {
  return P + offset;
}

char *test(intptr_t offset) {
  return f<char, nullptr>(offset);
}
lib/Sema/SemaExpr.cpp
8877 ↗(On Diff #113311)

Is it OK if I just add a FIXME in the section below that handles pointer-pointer?

rsmith added inline comments.Aug 30 2017, 4:17 PM
lib/AST/Expr.cpp
1857 ↗(On Diff #113311)

You can simplify that slightly by using template<char *P>, but yes.

lib/Sema/SemaExpr.cpp
8807 ↗(On Diff #113311)

This talk about value-dependence reminds me: it is an error to call EvaluateAsInt on a value-dependent expression (the expression evaluator will probably assert). If IExp->isValueDependent(), you should skip the diagnostic, since it might instantiate to zero.

8877 ↗(On Diff #113311)

Yes, that's fine. (But the nullptr - 0 case should be handled in this patch.)

andrew.w.kaylor updated this revision to Diff 113343.Aug 30 2017, 5:55 PM

Fixed value-dependent argument in isNullPointerConstant checks.
Added check for C++ zero offset in subtraction.
Added value-dependent test cases.

andrew.w.kaylor added a comment.Sep 5 2017, 11:16 AM

Ping.

andrew.w.kaylor added a comment.Sep 13 2017, 12:57 PM

Does anything else need to be done for this to be ready to land?

efriedma added inline comments.Sep 13 2017, 1:08 PM
include/clang/Basic/DiagnosticSemaKinds.td
6031 ↗(On Diff #113343)

"extension" isn't really right here; this shouldn't be an error in -pedantic-errors mode. Probably best to just stick this into the NullPointerArithmetic, like the other new warning.

andrew.w.kaylor added inline comments.Sep 13 2017, 2:42 PM
include/clang/Basic/DiagnosticSemaKinds.td
6031 ↗(On Diff #113343)

So how should a word the warning? Just this:

"arithmetic on a null pointer treated as a cast from integer to pointer"?

efriedma added inline comments.Sep 13 2017, 2:45 PM
include/clang/Basic/DiagnosticSemaKinds.td
6031 ↗(On Diff #113343)

That wasn't what I meant; the current wording is fine. I meant this should be something like def warn_gnu_null_ptr_arith : Warning<.

andrew.w.kaylor added inline comments.Sep 13 2017, 2:48 PM
include/clang/Basic/DiagnosticSemaKinds.td
6031 ↗(On Diff #113343)

OK. I think I understand the behavior you wanted. I just thought maybe the current wording might be technically incorrect. I wasn't sure how precisely defined we consider "extension" to be in this context.

efriedma added inline comments.Sep 13 2017, 3:01 PM
include/clang/Basic/DiagnosticSemaKinds.td
6031 ↗(On Diff #113343)

The part that makes this a little weird is that unlike most extensions, this code is already well-formed. It's an extension because we're guaranteeing runtime behavior for a construct which has undefined behavior at runtime according to the standard. (This is in contrast to "implementation-defined" behaviors, which are the gaps in the standard we're allowed to fill in as we see fit.)

Given that, I think calling it a "GNU extension" in the text is fine.

andrew.w.kaylor updated this revision to Diff 115262.Sep 14 2017, 12:38 PM

-Changed GNU idiom from extension to warning.
-Updated to ToT.

efriedma accepted this revision.Sep 15 2017, 4:47 PM

LGTM

This revision is now accepted and ready to land.Sep 15 2017, 4:47 PM
Closed by commit rL313666: Teach clang to tolerate the 'p = nullptr + n' idiom used by glibc (authored by akaylor). · Explain WhySep 19 2017, 1:28 PM
This revision was automatically updated to reflect the committed changes.
andrew.w.kaylor added a comment.Sep 19 2017, 2:13 PM

This is breaking buildbots for 32-bit targets because the offset in 'nullptr + int8_t_N' is being implicitly cast to an int. That makes the sizeof(offset) == sizeof(ptr) check turn out differently than my tests were assuming.

I can get the buildbots green quickly by taking out parts of the tests, but I just talked to Erich Keane about this and we think the right way to fix this long term is to stop checking for sizeof(offset) == sizeof(ptr) in the code that identifies the idiom, since that check is of dubious value and would be difficult to always get to behave the way I intended.

efriedma added a comment.Sep 19 2017, 2:52 PM

I agree, it doesn't add much value.

Either way, though, please make sure you address the buildbot failures quickly.

andrew.w.kaylor mentioned this in D38060: Remove offset size check in nullptr arithmetic handling.Sep 19 2017, 4:25 PM
sylvestre.ledru added a subscriber: sylvestre.ledru.Sep 22 2017, 9:01 AM

For the record, Firefox was using this trick. This patch is breaking a ci build (clang trunk + warning as errors)
More information here: https://bugzilla.mozilla.org/show_bug.cgi?id=1402362

Revision Contents

PathSize
cfe/
trunk/
include/
clang/
AST/
6 lines
Basic/
4 lines
6 lines
lib/
AST/
39 lines
CodeGen/
24 lines
Sema/
46 lines
test/
CodeGen/
42 lines
Sema/
11 lines
SemaCXX/
29 lines

Diff 115889

cfe/trunk/include/clang/AST/Expr.h

Show First 20 LinesShow All 3,120 Lines▼ Show 20 Linespublic:
static bool isShiftAssignOp(Opcode Opc) { static bool isShiftAssignOp(Opcode Opc) {
return Opc == BO_ShlAssign || Opc == BO_ShrAssign; return Opc == BO_ShlAssign || Opc == BO_ShrAssign;
} }
bool isShiftAssignOp() const { bool isShiftAssignOp() const {
return isShiftAssignOp(getOpcode()); return isShiftAssignOp(getOpcode());
} }
// Return true if a binary operator using the specified opcode and operands
// would match the 'p = (i8*)nullptr + n' idiom for casting a pointer-sized
// integer to a pointer.
static bool isNullPointerArithmeticExtension(ASTContext &Ctx, Opcode Opc,
Expr *LHS, Expr *RHS);
static bool classof(const Stmt *S) { static bool classof(const Stmt *S) {
return S->getStmtClass() >= firstBinaryOperatorConstant && return S->getStmtClass() >= firstBinaryOperatorConstant &&
S->getStmtClass() <= lastBinaryOperatorConstant; S->getStmtClass() <= lastBinaryOperatorConstant;
} }
// Iterators // Iterators
child_range children() { child_range children() {
return child_range(&SubExprs[0], &SubExprs[0]+END_EXPR); return child_range(&SubExprs[0], &SubExprs[0]+END_EXPR);
▲ Show 20 LinesShow All 2,106 LinesShow Last 20 Lines

cfe/trunk/include/clang/Basic/DiagnosticGroups.td

Show First 20 LinesShow All 332 Lines▼ Show 20 Lines
def NullCharacter : DiagGroup<"null-character">; def NullCharacter : DiagGroup<"null-character">;
def NullDereference : DiagGroup<"null-dereference">; def NullDereference : DiagGroup<"null-dereference">;
def InitializerOverrides : DiagGroup<"initializer-overrides">; def InitializerOverrides : DiagGroup<"initializer-overrides">;
def NonNull : DiagGroup<"nonnull">; def NonNull : DiagGroup<"nonnull">;
def NonPODVarargs : DiagGroup<"non-pod-varargs">; def NonPODVarargs : DiagGroup<"non-pod-varargs">;
def ClassVarargs : DiagGroup<"class-varargs", [NonPODVarargs]>; def ClassVarargs : DiagGroup<"class-varargs", [NonPODVarargs]>;
def : DiagGroup<"nonportable-cfstrings">; def : DiagGroup<"nonportable-cfstrings">;
def NonVirtualDtor : DiagGroup<"non-virtual-dtor">; def NonVirtualDtor : DiagGroup<"non-virtual-dtor">;
def NullPointerArithmetic : DiagGroup<"null-pointer-arithmetic">;
def : DiagGroup<"effc++", [NonVirtualDtor]>; def : DiagGroup<"effc++", [NonVirtualDtor]>;
def OveralignedType : DiagGroup<"over-aligned">; def OveralignedType : DiagGroup<"over-aligned">;
def AlignedAllocationUnavailable : DiagGroup<"aligned-allocation-unavailable">; def AlignedAllocationUnavailable : DiagGroup<"aligned-allocation-unavailable">;
def OldStyleCast : DiagGroup<"old-style-cast">; def OldStyleCast : DiagGroup<"old-style-cast">;
def : DiagGroup<"old-style-definition">; def : DiagGroup<"old-style-definition">;
def OutOfLineDeclaration : DiagGroup<"out-of-line-declaration">; def OutOfLineDeclaration : DiagGroup<"out-of-line-declaration">;
def : DiagGroup<"overflow">; def : DiagGroup<"overflow">;
def ForwardClassReceiver : DiagGroup<"receiver-forward-class">; def ForwardClassReceiver : DiagGroup<"receiver-forward-class">;
▲ Show 20 LinesShow All 352 Lines▼ Show 20 Lines
def Extra : DiagGroup<"extra", [ def Extra : DiagGroup<"extra", [
MissingFieldInitializers, MissingFieldInitializers,
IgnoredQualifiers, IgnoredQualifiers,
InitializerOverrides, InitializerOverrides,
SemiBeforeMethodBody, SemiBeforeMethodBody,
MissingMethodReturnType, MissingMethodReturnType,
SignCompare, SignCompare,
UnusedParameter UnusedParameter,
NullPointerArithmetic
]>; ]>;
def Most : DiagGroup<"most", [ def Most : DiagGroup<"most", [
CharSubscript, CharSubscript,
Comment, Comment,
DeleteNonVirtualDtor, DeleteNonVirtualDtor,
ForLoopAnalysis, ForLoopAnalysis,
Format, Format,
▲ Show 20 LinesShow All 249 LinesShow Last 20 Lines

cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 5,495 Lines▼ Show 20 Lines
def ext_offsetof_non_standardlayout_type : ExtWarn< def ext_offsetof_non_standardlayout_type : ExtWarn<
"offset of on non-standard-layout type %0">, InGroup<InvalidOffsetof>; "offset of on non-standard-layout type %0">, InGroup<InvalidOffsetof>;
def err_offsetof_bitfield : Error<"cannot compute offset of bit-field %0">; def err_offsetof_bitfield : Error<"cannot compute offset of bit-field %0">;
def err_offsetof_field_of_virtual_base : Error< def err_offsetof_field_of_virtual_base : Error<
"invalid application of 'offsetof' to a field of a virtual base">; "invalid application of 'offsetof' to a field of a virtual base">;
def warn_sub_ptr_zero_size_types : Warning< def warn_sub_ptr_zero_size_types : Warning<
"subtraction of pointers to type %0 of zero size has undefined behavior">, "subtraction of pointers to type %0 of zero size has undefined behavior">,
InGroup<PointerArith>; InGroup<PointerArith>;
def warn_pointer_arith_null_ptr : Warning<
"performing pointer arithmetic on a null pointer has undefined behavior%select{| if the offset is nonzero}0">,
InGroup<NullPointerArithmetic>, DefaultIgnore;
def warn_gnu_null_ptr_arith : Warning<
"arithmetic on a null pointer treated as a cast from integer to pointer is a GNU extension">,
InGroup<NullPointerArithmetic>, DefaultIgnore;
def warn_floatingpoint_eq : Warning< def warn_floatingpoint_eq : Warning<
"comparing floating point with == or != is unsafe">, "comparing floating point with == or != is unsafe">,
InGroup<DiagGroup<"float-equal">>, DefaultIgnore; InGroup<DiagGroup<"float-equal">>, DefaultIgnore;
def warn_remainder_division_by_zero : Warning< def warn_remainder_division_by_zero : Warning<
"%select{remainder|division}0 by zero is undefined">, "%select{remainder|division}0 by zero is undefined">,
InGroup<DivZero>; InGroup<DivZero>;
▲ Show 20 LinesShow All 3,746 LinesShow Last 20 Lines

cfe/trunk/lib/AST/Expr.cpp

Show First 20 LinesShow All 1,823 Lines▼ Show 20 Lines static const OverloadedOperatorKind OverOps[] = {
OO_LessLessEqual, OO_GreaterGreaterEqual, OO_LessLessEqual, OO_GreaterGreaterEqual,
OO_AmpEqual, OO_CaretEqual, OO_AmpEqual, OO_CaretEqual,
OO_PipeEqual, OO_PipeEqual,
OO_Comma OO_Comma
}; };
return OverOps[Opc]; return OverOps[Opc];
} }
bool BinaryOperator::isNullPointerArithmeticExtension(ASTContext &Ctx,
Opcode Opc,
Expr *LHS, Expr *RHS) {
if (Opc != BO_Add)
return false;
// Check that we have one pointer and one integer operand.
Expr *PExp;
Expr *IExp;
if (LHS->getType()->isPointerType()) {
if (!RHS->getType()->isIntegerType())
return false;
PExp = LHS;
IExp = RHS;
} else if (RHS->getType()->isPointerType()) {
if (!LHS->getType()->isIntegerType())
return false;
PExp = RHS;
IExp = LHS;
} else {
return false;
}
// Check that the pointer is a nullptr.
if (!PExp->IgnoreParenCasts()
->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull))
return false;
// Check that the pointee type is char-sized.
const PointerType *PTy = PExp->getType()->getAs<PointerType>();
if (!PTy || !PTy->getPointeeType()->isCharType())
return false;
// Check that the integer type is pointer-sized.
if (Ctx.getTypeSize(IExp->getType()) != Ctx.getTypeSize(PExp->getType()))
return false;
return true;
}
InitListExpr::InitListExpr(const ASTContext &C, SourceLocation lbraceloc, InitListExpr::InitListExpr(const ASTContext &C, SourceLocation lbraceloc,
ArrayRef<Expr*> initExprs, SourceLocation rbraceloc) ArrayRef<Expr*> initExprs, SourceLocation rbraceloc)
: Expr(InitListExprClass, QualType(), VK_RValue, OK_Ordinary, false, false, : Expr(InitListExprClass, QualType(), VK_RValue, OK_Ordinary, false, false,
false, false), false, false),
InitExprs(C, initExprs.size()), InitExprs(C, initExprs.size()),
LBraceLoc(lbraceloc), RBraceLoc(rbraceloc), AltForm(nullptr, true) LBraceLoc(lbraceloc), RBraceLoc(rbraceloc), AltForm(nullptr, true)
{ {
sawArrayRangeDesignator(false); sawArrayRangeDesignator(false);
▲ Show 20 LinesShow All 2,211 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CGExprScalar.cpp

Show First 20 LinesShow All 2,672 Lines▼ Show 20 Lines if (!isSubtraction && !pointer->getType()->isPointerTy()) {
std::swap(pointerOperand, indexOperand); std::swap(pointerOperand, indexOperand);
} }
bool isSigned = indexOperand->getType()->isSignedIntegerOrEnumerationType(); bool isSigned = indexOperand->getType()->isSignedIntegerOrEnumerationType();
unsigned width = cast<llvm::IntegerType>(index->getType())->getBitWidth(); unsigned width = cast<llvm::IntegerType>(index->getType())->getBitWidth();
auto &DL = CGF.CGM.getDataLayout(); auto &DL = CGF.CGM.getDataLayout();
auto PtrTy = cast<llvm::PointerType>(pointer->getType()); auto PtrTy = cast<llvm::PointerType>(pointer->getType());
// Some versions of glibc and gcc use idioms (particularly in their malloc
// routines) that add a pointer-sized integer (known to be a pointer value)
// to a null pointer in order to cast the value back to an integer or as
// part of a pointer alignment algorithm. This is undefined behavior, but
// we'd like to be able to compile programs that use it.
//
// Normally, we'd generate a GEP with a null-pointer base here in response
// to that code, but it's also UB to dereference a pointer created that
// way. Instead (as an acknowledged hack to tolerate the idiom) we will
// generate a direct cast of the integer value to a pointer.
//
// The idiom (p = nullptr + N) is not met if any of the following are true:
//
// The operation is subtraction.
// The index is not pointer-sized.
// The pointer type is not byte-sized.
//
if (BinaryOperator::isNullPointerArithmeticExtension(CGF.getContext(),
op.Opcode,
expr->getLHS(),
expr->getRHS()))
return CGF.Builder.CreateIntToPtr(index, pointer->getType());
if (width != DL.getTypeSizeInBits(PtrTy)) { if (width != DL.getTypeSizeInBits(PtrTy)) {
// Zero-extend or sign-extend the pointer value according to // Zero-extend or sign-extend the pointer value according to
// whether the index is signed or not. // whether the index is signed or not.
index = CGF.Builder.CreateIntCast(index, DL.getIntPtrType(PtrTy), isSigned, index = CGF.Builder.CreateIntCast(index, DL.getIntPtrType(PtrTy), isSigned,
"idx.ext"); "idx.ext");
} }
// If this is subtraction, negate the index. // If this is subtraction, negate the index.
▲ Show 20 LinesShow All 1,306 LinesShow Last 20 Lines

cfe/trunk/lib/Sema/SemaExpr.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 8,566 Lines▼ Show 20 Lines
static void diagnoseArithmeticOnVoidPointer(Sema &S, SourceLocation Loc, static void diagnoseArithmeticOnVoidPointer(Sema &S, SourceLocation Loc,
Expr *Pointer) { Expr *Pointer) {
S.Diag(Loc, S.getLangOpts().CPlusPlus S.Diag(Loc, S.getLangOpts().CPlusPlus
? diag::err_typecheck_pointer_arith_void_type ? diag::err_typecheck_pointer_arith_void_type
: diag::ext_gnu_void_ptr) : diag::ext_gnu_void_ptr)
<< 0 /* one pointer */ << Pointer->getSourceRange(); << 0 /* one pointer */ << Pointer->getSourceRange();
} }
/// \brief Diagnose invalid arithmetic on a null pointer.
///
/// If \p IsGNUIdiom is true, the operation is using the 'p = (i8*)nullptr + n'
/// idiom, which we recognize as a GNU extension.
///
static void diagnoseArithmeticOnNullPointer(Sema &S, SourceLocation Loc,
Expr *Pointer, bool IsGNUIdiom) {
if (IsGNUIdiom)
S.Diag(Loc, diag::warn_gnu_null_ptr_arith)
<< Pointer->getSourceRange();
else
S.Diag(Loc, diag::warn_pointer_arith_null_ptr)
<< S.getLangOpts().CPlusPlus << Pointer->getSourceRange();
}
/// \brief Diagnose invalid arithmetic on two function pointers. /// \brief Diagnose invalid arithmetic on two function pointers.
static void diagnoseArithmeticOnTwoFunctionPointers(Sema &S, SourceLocation Loc, static void diagnoseArithmeticOnTwoFunctionPointers(Sema &S, SourceLocation Loc,
Expr *LHS, Expr *RHS) { Expr *LHS, Expr *RHS) {
assert(LHS->getType()->isAnyPointerType()); assert(LHS->getType()->isAnyPointerType());
assert(RHS->getType()->isAnyPointerType()); assert(RHS->getType()->isAnyPointerType());
S.Diag(Loc, S.getLangOpts().CPlusPlus S.Diag(Loc, S.getLangOpts().CPlusPlus
? diag::err_typecheck_pointer_arith_function_type ? diag::err_typecheck_pointer_arith_function_type
: diag::ext_gnu_ptr_func_arith) : diag::ext_gnu_ptr_func_arith)
▲ Show 20 LinesShow All 278 Lines▼ Show 20 Lines if (PExp->getType()->isPointerType()) {
return InvalidOperands(Loc, LHS, RHS); return InvalidOperands(Loc, LHS, RHS);
} }
} }
assert(PExp->getType()->isAnyPointerType()); assert(PExp->getType()->isAnyPointerType());
if (!IExp->getType()->isIntegerType()) if (!IExp->getType()->isIntegerType())
return InvalidOperands(Loc, LHS, RHS); return InvalidOperands(Loc, LHS, RHS);
// Adding to a null pointer results in undefined behavior.
if (PExp->IgnoreParenCasts()->isNullPointerConstant(
Context, Expr::NPC_ValueDependentIsNotNull)) {
// In C++ adding zero to a null pointer is defined.
llvm::APSInt KnownVal;
if (!getLangOpts().CPlusPlus ||
(!IExp->isValueDependent() &&
(!IExp->EvaluateAsInt(KnownVal, Context) || KnownVal != 0))) {
// Check the conditions to see if this is the 'p = nullptr + n' idiom.
bool IsGNUIdiom = BinaryOperator::isNullPointerArithmeticExtension(
Context, BO_Add, PExp, IExp);
diagnoseArithmeticOnNullPointer(*this, Loc, PExp, IsGNUIdiom);
}
}
if (!checkArithmeticOpPointerOperand(*this, Loc, PExp)) if (!checkArithmeticOpPointerOperand(*this, Loc, PExp))
return QualType(); return QualType();
if (isObjCPointer && checkArithmeticOnObjCPointer(*this, Loc, PExp)) if (isObjCPointer && checkArithmeticOnObjCPointer(*this, Loc, PExp))
return QualType(); return QualType();
// Check array bounds for pointer arithemtic // Check array bounds for pointer arithemtic
CheckArrayAccess(PExp, IExp); CheckArrayAccess(PExp, IExp);
▲ Show 20 LinesShow All 45 Lines▼ Show 20 Lines if (LHS.get()->getType()->isAnyPointerType()) {
// Diagnose bad cases where we step over interface counts. // Diagnose bad cases where we step over interface counts.
if (LHS.get()->getType()->isObjCObjectPointerType() && if (LHS.get()->getType()->isObjCObjectPointerType() &&
checkArithmeticOnObjCPointer(*this, Loc, LHS.get())) checkArithmeticOnObjCPointer(*this, Loc, LHS.get()))
return QualType(); return QualType();
// The result type of a pointer-int computation is the pointer type. // The result type of a pointer-int computation is the pointer type.
if (RHS.get()->getType()->isIntegerType()) { if (RHS.get()->getType()->isIntegerType()) {
// Subtracting from a null pointer should produce a warning.
// The last argument to the diagnose call says this doesn't match the
// GNU int-to-pointer idiom.
if (LHS.get()->IgnoreParenCasts()->isNullPointerConstant(Context,
Expr::NPC_ValueDependentIsNotNull)) {
// In C++ adding zero to a null pointer is defined.
llvm::APSInt KnownVal;
if (!getLangOpts().CPlusPlus ||
(!RHS.get()->isValueDependent() &&
(!RHS.get()->EvaluateAsInt(KnownVal, Context) || KnownVal != 0))) {
diagnoseArithmeticOnNullPointer(*this, Loc, LHS.get(), false);
}
}
if (!checkArithmeticOpPointerOperand(*this, Loc, LHS.get())) if (!checkArithmeticOpPointerOperand(*this, Loc, LHS.get()))
return QualType(); return QualType();
// Check array bounds for pointer arithemtic // Check array bounds for pointer arithemtic
CheckArrayAccess(LHS.get(), RHS.get(), /*ArraySubscriptExpr*/nullptr, CheckArrayAccess(LHS.get(), RHS.get(), /*ArraySubscriptExpr*/nullptr,
/*AllowOnePastEnd*/true, /*IndexNegated*/true); /*AllowOnePastEnd*/true, /*IndexNegated*/true);
if (CompLHSTy) *CompLHSTy = LHS.get()->getType(); if (CompLHSTy) *CompLHSTy = LHS.get()->getType();
Show All 19 Lines if (const PointerType *RHSPTy
return QualType(); return QualType();
} }
} }
if (!checkArithmeticBinOpPointerOperands(*this, Loc, if (!checkArithmeticBinOpPointerOperands(*this, Loc,
LHS.get(), RHS.get())) LHS.get(), RHS.get()))
return QualType(); return QualType();
// FIXME: Add warnings for nullptr - ptr.
// The pointee type may have zero size. As an extension, a structure or // The pointee type may have zero size. As an extension, a structure or
// union may have zero size or an array may have zero length. In this // union may have zero size or an array may have zero length. In this
// case subtraction does not make sense. // case subtraction does not make sense.
if (!rpointee->isVoidType() && !rpointee->isFunctionType()) { if (!rpointee->isVoidType() && !rpointee->isFunctionType()) {
CharUnits ElementSize = Context.getTypeSizeInChars(rpointee); CharUnits ElementSize = Context.getTypeSizeInChars(rpointee);
if (ElementSize.isZero()) { if (ElementSize.isZero()) {
Diag(Loc,diag::warn_sub_ptr_zero_size_types) Diag(Loc,diag::warn_sub_ptr_zero_size_types)
<< rpointee.getUnqualifiedType() << rpointee.getUnqualifiedType()
▲ Show 20 LinesShow All 6,929 LinesShow Last 20 Lines

cfe/trunk/test/CodeGen/nullptr-arithmetic.c

// RUN: %clang_cc1 -S %s -emit-llvm -o - | FileCheck %s
#include <stdint.h>
// This test is meant to verify code that handles the 'p = nullptr + n' idiom
// used by some versions of glibc and gcc. This is undefined behavior but
// it is intended there to act like a conversion from a pointer-sized integer
// to a pointer, and we would like to tolerate that.
#define NULLPTRI8 ((int8_t*)0)
// This should get the inttoptr instruction.
int8_t *test1(intptr_t n) {
return NULLPTRI8 + n;
}
// CHECK-LABEL: test1
// CHECK: inttoptr
// CHECK-NOT: getelementptr
// This doesn't meet the idiom because the offset type isn't pointer-sized.
int8_t *test2(int8_t n) {
return NULLPTRI8 + n;
}
// CHECK-LABEL: test2
// CHECK: getelementptr
// CHECK-NOT: inttoptr
// This doesn't meet the idiom because the element type is larger than a byte.
int16_t *test3(intptr_t n) {
return (int16_t*)0 + n;
}
// CHECK-LABEL: test3
// CHECK: getelementptr
// CHECK-NOT: inttoptr
// This doesn't meet the idiom because the offset is subtracted.
int8_t* test4(intptr_t n) {
return NULLPTRI8 - n;
}
// CHECK-LABEL: test4
// CHECK: getelementptr
// CHECK-NOT: inttoptr

cfe/trunk/test/Sema/pointer-addition.c

// RUN: %clang_cc1 %s -fsyntax-only -verify -pedantic -std=c11 // RUN: %clang_cc1 %s -fsyntax-only -verify -pedantic -Wextra -std=c11
#include <stdint.h>
typedef struct S S; // expected-note 4 {{forward declaration of 'struct S'}} typedef struct S S; // expected-note 4 {{forward declaration of 'struct S'}}
extern _Atomic(S*) e; extern _Atomic(S*) e;
void a(S* b, void* c) { void a(S* b, void* c) {
void (*fp)(int) = 0; void (*fp)(int) = 0;
b++; // expected-error {{arithmetic on a pointer to an incomplete type}} b++; // expected-error {{arithmetic on a pointer to an incomplete type}}
b += 1; // expected-error {{arithmetic on a pointer to an incomplete type}} b += 1; // expected-error {{arithmetic on a pointer to an incomplete type}}
c++; // expected-warning {{arithmetic on a pointer to void is a GNU extension}} c++; // expected-warning {{arithmetic on a pointer to void is a GNU extension}}
c += 1; // expected-warning {{arithmetic on a pointer to void is a GNU extension}} c += 1; // expected-warning {{arithmetic on a pointer to void is a GNU extension}}
c--; // expected-warning {{arithmetic on a pointer to void is a GNU extension}} c--; // expected-warning {{arithmetic on a pointer to void is a GNU extension}}
c -= 1; // expected-warning {{arithmetic on a pointer to void is a GNU extension}} c -= 1; // expected-warning {{arithmetic on a pointer to void is a GNU extension}}
(void) c[1]; // expected-warning {{subscript of a pointer to void is a GNU extension}} (void) c[1]; // expected-warning {{subscript of a pointer to void is a GNU extension}}
b = 1+b; // expected-error {{arithmetic on a pointer to an incomplete type}} b = 1+b; // expected-error {{arithmetic on a pointer to an incomplete type}}
/* The next couple tests are only pedantic warnings in gcc */ /* The next couple tests are only pedantic warnings in gcc */
void (*d)(S*,void*) = a; void (*d)(S*,void*) = a;
d += 1; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}} d += 1; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}}
d++; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}} d++; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}}
d--; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}} d--; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}}
d -= 1; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}} d -= 1; // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}}
(void)(1 + d); // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}} (void)(1 + d); // expected-warning {{arithmetic on a pointer to the function type 'void (S *, void *)' (aka 'void (struct S *, void *)') is a GNU extension}}
e++; // expected-error {{arithmetic on a pointer to an incomplete type}} e++; // expected-error {{arithmetic on a pointer to an incomplete type}}
intptr_t i = (intptr_t)b;
char *f = (char*)0 + i; // expected-warning {{arithmetic on a null pointer treated as a cast from integer to pointer is a GNU extension}}
// Cases that don't match the GNU inttoptr idiom get a different warning.
f = (char*)0 - i; // expected-warning {{performing pointer arithmetic on a null pointer has undefined behavior}}
int *g = (int*)0 + i; // expected-warning {{performing pointer arithmetic on a null pointer has undefined behavior}}
unsigned char j = (unsigned char)b;
f = (char*)0 + j; // expected-warning {{performing pointer arithmetic on a null pointer has undefined behavior}}
} }

cfe/trunk/test/SemaCXX/nullptr-arithmetic.cpp

// RUN: %clang_cc1 %s -fsyntax-only -verify -pedantic -Wextra -std=c++11
#include <stdint.h>
void f(intptr_t offset, int8_t b) {
// A zero offset from a nullptr is OK.
char *f = (char*)nullptr + 0;
int *g = (int*)0 + 0;
f = (char*)nullptr - 0;
g = (int*)nullptr - 0;
// adding other values is undefined.
f = (char*)nullptr + offset; // expected-warning {{arithmetic on a null pointer treated as a cast from integer to pointer is a GNU extension}}
// Cases that don't match the GNU inttoptr idiom get a different warning.
f = (char*)0 - offset; // expected-warning {{performing pointer arithmetic on a null pointer has undefined behavior if the offset is nonzero}}
g = (int*)0 + offset; // expected-warning {{performing pointer arithmetic on a null pointer has undefined behavior if the offset is nonzero}}
f = (char*)0 + b; // expected-warning {{performing pointer arithmetic on a null pointer has undefined behavior if the offset is nonzero}}
}
// Value-dependent pointer arithmetic should not produce a nullptr warning.
template<char *P>
char* g(intptr_t offset) {
return P + offset;
}
// Value-dependent offsets should not produce a nullptr warning.
template<intptr_t N>
char *h() {
return (char*)nullptr + N;
}