This is an archive of the discontinued LLVM Phabricator instance.

Differential D86135

[analyzer][MacroExpansion] Fix a crash where multiple parameters resolved to __VA_ARGS__
ClosedPublic

Authored by Szelethus on Aug 18 2020, 5:29 AM.

Details

Reviewers
NoQ
vsavchenko
xazax.hun
martong
balazske
baloghadamsoftware
gamesh411
steakhal
Commits
rGbe0d79f32930: [analyzer][MacroExpansion] Fix a crash where multiple parameters resolved to…
Summary

In short, macro expansions handled the case where a variadic parameter mapped to multiple arguments, but not the other way around. An internal ticket was submitted that demonstrated that we fail an assertion. Macro expansion so far worked by lexing the source code token-by-token and using the Preprocessor to turn these tokens into identifiers or just get their proper spelling, but what this counter intuitively doesn't do, is actually expand these macros, so we have to do the heavy lifting -- in this case, figure out what __VA_ARGS__ expands into. Since this case can only occur in a nested macro, the information we gathered from the containing macro does contain this information. If a parameter resolves to __VA_ARGS__, we need to temporarily stop getting our tokens from the lexer, and get the tokens from what __VA_ARGS__ maps to.

I also found a few more deficiencies I'll have to handle sooner rather then later. I also have 3 commits about to land this is based on, some miscellaneous renames, clarification in the documentation, prettifying some tests.

An educational rant:

For those that didn't have the displeasure of following my macro expansion project, here's why this is so annoying: We really, really suck at understanding macros. D74473 is a recent example where we attempt to get the definition of the EOF macro, but give up rather fast if it isn't something trivial. D54349#1294765 is also memorable for me. Indeed, whenever we hit a macro, we are in deep trouble.

Since CodeChecker isn't an IDE, what we really wanted to achieve is when the bug path goes through a macro, show what it would expand into.

The fundamental problem is, we simply can't ask Preprocessor what a macro expands into without hacking really hard. The HTML output commits about every sin under the sun; hiding under clang/lib/Rewrite/HTMLRewrite.cpp, it const_casts a Preprocessor object, stores most of its inner state (you can't guarantee you got them all) such as the DiagnosticsEngine, some of the user configurations in temporary variables, replaces them with new ones, practically reruns the entire lexing and preprocessing stage of the compiler, and at the end, puts the original inner state back in. This enables it to not have to literally reimplement the preprocessor, but creates a large preprocessed version of the source code, which it is almost impossible to reliably link the two together (answering the question that what a specific macro usage expands into).

Pp-trace, a Clang tool, would be great, but unfortunately it still isn't able to do macro expansions in a single go, just step by step (think about nested macros and variadic arguments).

So, I chose to practically reimplement the entire preprocessor with the goal of taking a single source location of a macro usage, and spitting the entire expansion out. This has a few advantages, namely that it leaves the Preprocessor const, and provides a rather deep understanding of the process of the macro expansion. The problem is, its a nightmare due to the extreme primitiveness of the available tools, and will have to be updated as time goes on.

You can learn a bit more from these patches and discussions:
D52742 (check the patch stack)
http://lists.llvm.org/pipermail/cfe-dev/2018-September/059226.html
http://lists.llvm.org/pipermail/cfe-dev/2017-August/055077.html

Diff Detail

Event Timeline

Szelethus created this revision.Aug 18 2020, 5:29 AM
Herald added subscribers: cfe-commits, ASDenysPetrov, steakhal and 8 others. · View Herald TranscriptAug 18 2020, 5:29 AM
Szelethus requested review of this revision.Aug 18 2020, 5:29 AM
Harbormaster completed remote builds in B68738: Diff 286252.Aug 18 2020, 5:30 AM
Szelethus added inline comments.Aug 18 2020, 7:39 AM
clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
1226

Oh, this has to be fixed as well. at() should be fine, we messed something up really bad if the information we gathered from containing macro has no mention of __VA_ARGS__.

vabridgers added a subscriber: vabridgers.Aug 19 2020, 7:24 AM
martong added a comment.Aug 24 2020, 6:59 AM

I can feel your pain.

The fundamental problem is, we simply can't ask Preprocessor what a macro expands into without hacking really hard.

Can you summarize what is the exact problem (or give a link to a discussion, etc)? Is it an architectural problem in Clang itself? Could we somehow refactor Clang and the Preprocessor to be usable for us? I mean LLVM and Clang has the mindset to build reusable components, the Preprocessor (and the Sema) should be one of them too, not just the AST.

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
910

typo? injectRange ?

xazax.hun added a comment.Aug 24 2020, 7:33 AM

Is this related to https://bugs.llvm.org/show_bug.cgi?id=44493?

Szelethus added a comment.Aug 25 2020, 1:28 AM
In D86135#2233611, @martong wrote:

The fundamental problem is, we simply can't ask Preprocessor what a macro expands into without hacking really hard.

Can you summarize what is the exact problem (or give a link to a discussion, etc)? Is it an architectural problem in Clang itself?

I phrased myself poorly. The Preprocessor can tell what a macro usage immediately expands into (otherwise this project would have been practically impossible to implement), what it struggles to get done is show what a macro usage in the source code turns into in the preprocessed translation unit. As is often the case, macros may be nested into one another:

#define MACRO2(ptr) ptr = 0
#define MACRO1(x) MACRO2(x)

int *a = get();
MACRO1(a); // Step 1. Expand MACRO1.
           //        a.) Retrieve the tokens defined for MACRO1.
           //        b.) Resolve parameter x to argument a.
           // Step 2. Expand MACRO2...
*a = 5;

From this code snippet, should we be interested in what MACRO1(a) expands into, Preprocessor can pretty much only deliver on point 1a.) with any convenience. The problem here is that it was simply never engineered to be used outside of the preprocessing stage, so much so, that by the time I worked on this project about a decade after Preprocessor's inception, I still had to turn super trivial methods const. Other than that, the discussions I linked in the summary is pretty much all I can offer.

Could we somehow refactor Clang and the Preprocessor to be usable for us? I mean LLVM and Clang has the mindset to build reusable components, the Preprocessor (and the Sema) should be one of them too, not just the AST.

Working with the Preprocessor seems incredibly tedious and error prone -- mind that this is almost literally the first thing we implemented in Clang, and you can tell. Also, its performance critical, and any meaningful performance impact may need strong justification. While it would be beneficial to have the knowledge I'm crafting being integrated into the actual class, its hard to justify all the effort it would take to do so, especially now this project is so far along anyways. If I has to start from scratch, I would try to explore other approaches, but might still end up just doing what I did here.

In D86135#2233695, @xazax.hun wrote:

Is this related to https://bugs.llvm.org/show_bug.cgi?id=44493?

To some extent, but this patch unfortunately doesn't solve that bug. The problem I think is that named variadic macros aren't supported at all.

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
910

Yep.

steakhal requested changes to this revision.Aug 25 2020, 2:55 AM

This preprocessor expansion stuff is definitely not my expertise, nvm here is my review.

However, I observed some strange things happening in the test-cases, that's why I request changes.
I hope that I messed something up at the evaluation of your tests, but please have a closer look at them.

There were a few nits, but nothing serious.
I also liked the previous discussion about the reusable components, and I understand your decision going this way. I'm fine with that.
Keep up your good work. We need this.

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
883

Optionally -> Additionally?

892–894

It should be more readable if you use tie. That way you can give names to the parts.

896–898

I'm always puzzled if I see a naked new.
Couldn't we use the assignment operator and std::make_unique here?

901

I don't like output parameters.
If we really need them, we should at least have a suspicious name.
Unfortunately, I can not come up with anything useful :|

1150–1161

By lexing one might think we use the actual lexer. Should we change this comment?

1338–1339

What does hashhash mean? I might lack some context though :D

clang/test/Analysis/plist-macros-with-expansion.cpp
481

You don't need an ending semicolon here. It will be already there at the expansion location.
This way you introduce an empty expression after the macro expansion.
The same happens in all the other cases as well.

484–486

Should we really abuse the division by zero checker here?
Can't we just use an ExprInspection call here?
Maybe it requires a specific BugPath visitor, and that is why we do it this way?

511

How did that comma appear there?
https://godbolt.org/z/4En3E5

517–524

This test case is also bad.
https://godbolt.org/z/89s48K

526–533

Also. https://godbolt.org/z/8c3dxP

This revision now requires changes to proceed.Aug 25 2020, 2:55 AM
Szelethus planned changes to this revision.Aug 25 2020, 4:15 AM
Szelethus marked an inline comment as done.

Thanks! I'll get these fixed.

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
901

This is intentional, it meant to replicate the Lexer's interface. I would prefer to keep this as-is.

1338–1339

# and ## respectively. The test cases you pointed out as flawed refer to this FIXME, though a FIXME in the tests themselves wouldn't hurt.

clang/test/Analysis/plist-macros-with-expansion.cpp
481

You are correct, though the point of macro expansion testing is to see whether we nailed what the preprocessor is supposed to do -- not whether the code it creates makes such sense. In fact, I would argue that most GNU extensions to the preprocessor shouldn't be a thing, but we still need to support it.

484–486

We could totally use ExprInspection -- but I'd argue that using something else isn't an abuse of the specific checker :) Since the entire file is already written this way, and would demand changes in the large plist file, I'd prefer to keep it this way.

steakhal added a comment.Aug 25 2020, 7:59 AM

I'm not sure about the status of this patch.
If you say that further improvements will be done later and this functionality is enough, I'm fine with that.

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
901

Sure, be it.

1338–1339

Maybe HashtagHashtag?
Or an example would be even better like: ##__VA_ARGS__

clang/test/Analysis/plist-macros-with-expansion.cpp
481

Oh, now I get it.
I didn't know that this was ann extension lol.

484–486

Perfectly fine. I agree with you knowing this. Thanks.

Szelethus marked an inline comment as done and an inline comment as not done.Aug 25 2020, 8:45 AM

I'll get the nits I didn't object to fixed, thats the status you're looking for :)

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
1338–1339

If you look a few lines down, you can see that its not up to us to choose this one :^)

Szelethus updated this revision to Diff 288452.Aug 27 2020, 1:59 PM
Szelethus marked 12 inline comments as done.

Fixes according to reviewer comments!

Szelethus added inline comments.Aug 27 2020, 2:00 PM
clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
896–898

Wait, isn't it naked if its not surrounded by smart pointer stuff? In any case, explicit calls to operator new and delete are indeed discouraged by the core guidelines.

1150–1161

I see what you mean, but this is why its phrased as a rough idea, not an in-depth step-by-step description of the process covering corner cases -- not in this comment, at least. Functionally, you could argue that we're lexing even if we get tokens from the injected range.

martong added inline comments.Aug 28 2020, 5:51 AM
clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
896–898

It is not enough to call a smart pointer's constructor with a result of a naked new. Because after the allocation of the object, the object's constructor itself could throw (well, not in LLVM :D) and this could happen before acquiring the ownership by the smart pointer, bumm, we have a leak.

martong added a comment.Aug 28 2020, 5:57 AM
In D86135#2235473, @Szelethus wrote:
In D86135#2233611, @martong wrote:

The fundamental problem is, we simply can't ask Preprocessor what a macro expands into without hacking really hard.

Can you summarize what is the exact problem (or give a link to a discussion, etc)? Is it an architectural problem in Clang itself?

I phrased myself poorly. The Preprocessor can tell what a macro usage immediately expands into (otherwise this project would have been practically impossible to implement), what it struggles to get done is show what a macro usage in the source code turns into in the preprocessed translation unit. As is often the case, macros may be nested into one another:

#define MACRO2(ptr) ptr = 0
#define MACRO1(x) MACRO2(x)

int *a = get();
MACRO1(a); // Step 1. Expand MACRO1.
           //        a.) Retrieve the tokens defined for MACRO1.
           //        b.) Resolve parameter x to argument a.
           // Step 2. Expand MACRO2...
*a = 5;

From this code snippet, should we be interested in what MACRO1(a) expands into, Preprocessor can pretty much only deliver on point 1a.) with any convenience. The problem here is that it was simply never engineered to be used outside of the preprocessing stage, so much so, that by the time I worked on this project about a decade after Preprocessor's inception, I still had to turn super trivial methods const. Other than that, the discussions I linked in the summary is pretty much all I can offer.

Could we somehow refactor Clang and the Preprocessor to be usable for us? I mean LLVM and Clang has the mindset to build reusable components, the Preprocessor (and the Sema) should be one of them too, not just the AST.

Working with the Preprocessor seems incredibly tedious and error prone -- mind that this is almost literally the first thing we implemented in Clang, and you can tell. Also, its performance critical, and any meaningful performance impact may need strong justification. While it would be beneficial to have the knowledge I'm crafting being integrated into the actual class, its hard to justify all the effort it would take to do so, especially now this project is so far along anyways. If I has to start from scratch, I would try to explore other approaches, but might still end up just doing what I did here.

In D86135#2233695, @xazax.hun wrote:

Is this related to https://bugs.llvm.org/show_bug.cgi?id=44493?

To some extent, but this patch unfortunately doesn't solve that bug. The problem I think is that named variadic macros aren't supported at all.

Thanks, for the detailed explanation, makes it easier to understand the reasons!

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
1225

Why do we have to push back the tokens in case of __VA_ARGS? And what is in PrevParamMap here. Is it possible that at can fail here? Perhaps an example could make this hunk way easier to understand. To be honest, this hunk is a mystique for me in this form.

Szelethus updated this revision to Diff 290290.Sep 7 2020, 7:51 AM

Added some documentation to the code snippet pointed out by @martong.

Szelethus marked 3 inline comments as done.Sep 7 2020, 7:52 AM
steakhal added a comment.Sep 7 2020, 8:05 AM

Perfectly clear, thank you. However, I would still rely on the others to accept this :|

BTW why does the plist-macros-with-expansion.cpp.plist change? It makes the diff somewhat noisy :s

Szelethus added a comment.Sep 7 2020, 8:33 AM
In D86135#2259325, @steakhal wrote:

Perfectly clear, thank you. However, I would still rely on the others to accept this :|

BTW why does the plist-macros-with-expansion.cpp.plist change? It makes the diff somewhat noisy :s

Well, I removed a line, so every other entry about file position is changed in the plist file. I think I could just remove the entire thing altogether, its not like the actual plist output is what we're looking for, at least not in its many-thousand-line entirety.

martong accepted this revision.Sep 8 2020, 6:11 AM

LGTM! Thanks for the clarification and the example you gave.
(I agree with @steakhal and I wish if we could get rid of the many lines not-descriptive plist stuff, but that is rather unrelated)

This revision was not accepted when it landed; it landed in state Needs Review.Sep 11 2020, 5:08 AM
Closed by commit rGbe0d79f32930: [analyzer][MacroExpansion] Fix a crash where multiple parameters resolved to… (authored by Szelethus). · Explain Why
This revision was automatically updated to reflect the committed changes.
Szelethus added a commit: rGbe0d79f32930: [analyzer][MacroExpansion] Fix a crash where multiple parameters resolved to….
Szelethus mentioned this in D72705: [analyzer] Added new checker 'alpha.unix.ErrorReturn'..Sep 29 2020, 9:59 AM
steakhal mentioned this in D93222: [analyzer] Introduce MacroExpansionContext to libAnalysis.Dec 14 2020, 8:19 AM
Balazs Benics <balazsbenics@sigmatechnology.se> mentioned this in rG6e3071007b4c: [analyzer] Introduce MacroExpansionContext to libAnalysis.Feb 22 2021, 2:07 AM

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
81 lines
test/
Analysis/
Inputs/
expected-plists/
675 lines
59 lines

Diff 286252

clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp

Show All 21 Lines
#include "clang/Rewrite/Core/HTMLRewrite.h" #include "clang/Rewrite/Core/HTMLRewrite.h"
#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h" #include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"
#include "clang/StaticAnalyzer/Core/IssueHash.h" #include "clang/StaticAnalyzer/Core/IssueHash.h"
#include "clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h" #include "clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h"
#include "llvm/ADT/SmallPtrSet.h" #include "llvm/ADT/SmallPtrSet.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/Support/Casting.h" #include "llvm/Support/Casting.h"
#include <memory>
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
using namespace markup; using namespace markup;
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Declarations of helper classes and functions for emitting bug reports in // Declarations of helper classes and functions for emitting bug reports in
// plist format. // plist format.
▲ Show 20 LinesShow All 836 Lines▼ Show 20 Lines TokenPrinter(llvm::raw_ostream &OS, const Preprocessor &PP)
: OS(OS), PP(PP), ConcatInfo(PP) { : OS(OS), PP(PP), ConcatInfo(PP) {
PrevTok.setKind(tok::unknown); PrevTok.setKind(tok::unknown);
PrevPrevTok.setKind(tok::unknown); PrevPrevTok.setKind(tok::unknown);
} }
void printToken(const Token &Tok); void printToken(const Token &Tok);
}; };
/// Wrapper around a Lexer object that can lex tokens one-by-one. Optionally,
steakhalUnsubmitted
Done
ReplyInline Actions

Optionally -> Additionally?

steakhal: `Optionally` -> `Additionally`?
/// one can "inject" a range of tokens into the stream, in which case the next
/// token is retrieved from the next element of the range, until the end of the
/// range is reached.
class TokenStream {
public:
TokenStream(SourceLocation ExpanLoc, const SourceManager &SM,
const LangOptions &LangOpts)
: ExpanLoc(ExpanLoc) {
std::pair<FileID, unsigned> LocInfo = SM.getDecomposedLoc(ExpanLoc);
const llvm::MemoryBuffer *MB = SM.getBuffer(LocInfo.first);
const char *MacroNameTokenPos = MB->getBufferStart() + LocInfo.second;
steakhalUnsubmitted
Done
ReplyInline Actions

It should be more readable if you use tie. That way you can give names to the parts.

steakhal: It should be more readable if you use `tie`. That way you can give names to the parts.
RawLexer.reset(new Lexer(SM.getLocForStartOfFile(LocInfo.first), LangOpts,
MB->getBufferStart(), MacroNameTokenPos,
MB->getBufferEnd()));
steakhalUnsubmitted
Done
ReplyInline Actions

I'm always puzzled if I see a naked new.
Couldn't we use the assignment operator and std::make_unique here?

steakhal: I'm always puzzled if I see a naked `new`. Couldn't we use the assignment operator and `std…
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

Wait, isn't it naked if its not surrounded by smart pointer stuff? In any case, explicit calls to operator new and delete are indeed discouraged by the core guidelines.

Szelethus: Wait, isn't it naked if its //not// surrounded by smart pointer stuff? In any case, explicit…
martongUnsubmitted
Done
ReplyInline Actions

It is not enough to call a smart pointer's constructor with a result of a naked new. Because after the allocation of the object, the object's constructor itself could throw (well, not in LLVM :D) and this could happen before acquiring the ownership by the smart pointer, bumm, we have a leak.

martong: It is not enough to call a smart pointer's constructor with a result of a naked new. Because…
}
void next(Token &Result) {
steakhalUnsubmitted
Done
ReplyInline Actions

I don't like output parameters.
If we really need them, we should at least have a suspicious name.
Unfortunately, I can not come up with anything useful :|

steakhal: I don't like output parameters. If we really need them, we should at least have a suspicious…
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

This is intentional, it meant to replicate the Lexer's interface. I would prefer to keep this as-is.

Szelethus: This is intentional, it meant to replicate the `Lexer`'s interface. I would prefer to keep this…
steakhalUnsubmitted
Done
ReplyInline Actions

Sure, be it.

steakhal: Sure, be it.
if (CurrTokenIt == TokenRange.end()) {
RawLexer->LexFromRawLexer(Result);
return;
}
Result = *CurrTokenIt;
CurrTokenIt++;
}
void injextRange(const ArgTokensTy &Range) {
martongUnsubmitted
Done
ReplyInline Actions

typo? injectRange ?

martong: typo? `injectRange` ?
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

Yep.

Szelethus: Yep.
TokenRange = Range;
CurrTokenIt = TokenRange.begin();
}
std::unique_ptr<Lexer> RawLexer;
ArgTokensTy TokenRange;
ArgTokensTy::iterator CurrTokenIt = TokenRange.begin();
SourceLocation ExpanLoc;
};
} // end of anonymous namespace } // end of anonymous namespace
/// The implementation method of getMacroExpansion: It prints the expansion of /// The implementation method of getMacroExpansion: It prints the expansion of
/// a macro to \p Printer, and returns with the name of the macro. /// a macro to \p Printer, and returns with the name of the macro.
/// ///
/// Since macros can be nested in one another, this function may call itself /// Since macros can be nested in one another, this function may call itself
/// recursively. /// recursively.
/// ///
Show All 38 Lines
/// *ptr = 5; /// *ptr = 5;
/// ///
/// When \p ExpanLoc references the last line, the macro name "NOT_SUSPICIOUS" /// When \p ExpanLoc references the last line, the macro name "NOT_SUSPICIOUS"
/// and the MacroArgMap map { (a, &ptr) } will be returned. /// and the MacroArgMap map { (a, &ptr) } will be returned.
/// ///
/// When \p ExpanLoc references "SET_TO_NULL(a)" within the definition of /// When \p ExpanLoc references "SET_TO_NULL(a)" within the definition of
/// "NOT_SUSPICOUS", the macro name "SET_TO_NULL" and the MacroArgMap map /// "NOT_SUSPICOUS", the macro name "SET_TO_NULL" and the MacroArgMap map
/// { (x, a) } will be returned. /// { (x, a) } will be returned.
static MacroExpansionInfo getMacroExpansionInfo(SourceLocation ExpanLoc, static MacroExpansionInfo
const Preprocessor &PP); getMacroExpansionInfo(const MacroParamMap &PrevParamMap,
SourceLocation ExpanLoc, const Preprocessor &PP);
/// Retrieves the ')' token that matches '(' \p It points to. /// Retrieves the ')' token that matches '(' \p It points to.
static MacroInfo::tokens_iterator getMatchingRParen( static MacroInfo::tokens_iterator getMatchingRParen(
MacroInfo::tokens_iterator It, MacroInfo::tokens_iterator It,
MacroInfo::tokens_iterator End); MacroInfo::tokens_iterator End);
/// Retrieves the macro info for \p II refers to at \p Loc. This is important /// Retrieves the macro info for \p II refers to at \p Loc. This is important
/// because macros can be redefined or undefined. /// because macros can be redefined or undefined.
Show All 29 Lines
static std::string getMacroNameAndPrintExpansion( static std::string getMacroNameAndPrintExpansion(
TokenPrinter &Printer, SourceLocation MacroLoc, const Preprocessor &PP, TokenPrinter &Printer, SourceLocation MacroLoc, const Preprocessor &PP,
const MacroParamMap &PrevParamMap, const MacroParamMap &PrevParamMap,
llvm::SmallPtrSet<IdentifierInfo *, 8> &AlreadyProcessedTokens) { llvm::SmallPtrSet<IdentifierInfo *, 8> &AlreadyProcessedTokens) {
const SourceManager &SM = PP.getSourceManager(); const SourceManager &SM = PP.getSourceManager();
MacroExpansionInfo MExpInfo = MacroExpansionInfo MExpInfo =
getMacroExpansionInfo(SM.getExpansionLoc(MacroLoc), PP); getMacroExpansionInfo(PrevParamMap, SM.getExpansionLoc(MacroLoc), PP);
IdentifierInfo *MacroNameII = PP.getIdentifierInfo(MExpInfo.Name); IdentifierInfo *MacroNameII = PP.getIdentifierInfo(MExpInfo.Name);
// TODO: If the macro definition contains another symbol then this function is // TODO: If the macro definition contains another symbol then this function is
// called recursively. In case this symbol is the one being defined, it will // called recursively. In case this symbol is the one being defined, it will
// be an infinite recursion which is stopped by this "if" statement. However, // be an infinite recursion which is stopped by this "if" statement. However,
// in this case we don't get the full expansion text in the Plist file. See // in this case we don't get the full expansion text in the Plist file. See
// the test file where "value" is expanded to "garbage_" instead of // the test file where "value" is expanded to "garbage_" instead of
// "garbage_value". // "garbage_value".
▲ Show 20 LinesShow All 80 Lines▼ Show 20 Lines for (auto It = MExpInfo.MI->tokens_begin(), E = MExpInfo.MI->tokens_end();
Printer.printToken(T); Printer.printToken(T);
} }
AlreadyProcessedTokens.erase(MacroNameII); AlreadyProcessedTokens.erase(MacroNameII);
return MExpInfo.Name; return MExpInfo.Name;
} }
static MacroExpansionInfo getMacroExpansionInfo(SourceLocation ExpanLoc, static MacroExpansionInfo
const Preprocessor &PP) { getMacroExpansionInfo(const MacroParamMap &PrevParamMap,
SourceLocation ExpanLoc, const Preprocessor &PP) {
const SourceManager &SM = PP.getSourceManager(); const SourceManager &SM = PP.getSourceManager();
const LangOptions &LangOpts = PP.getLangOpts(); const LangOptions &LangOpts = PP.getLangOpts();
// First, we create a Lexer to lex *at the expansion location* the tokens // First, we create a Lexer to lex *at the expansion location* the tokens
// referring to the macro's name and its arguments. // referring to the macro's name and its arguments.
std::pair<FileID, unsigned> LocInfo = SM.getDecomposedLoc(ExpanLoc); TokenStream TStream(ExpanLoc, SM, LangOpts);
const llvm::MemoryBuffer *MB = SM.getBuffer(LocInfo.first);
const char *MacroNameTokenPos = MB->getBufferStart() + LocInfo.second;
Lexer RawLexer(SM.getLocForStartOfFile(LocInfo.first), LangOpts,
MB->getBufferStart(), MacroNameTokenPos, MB->getBufferEnd());
// Acquire the macro's name. // Acquire the macro's name.
Token TheTok; Token TheTok;
RawLexer.LexFromRawLexer(TheTok); TStream.next(TheTok);
std::string MacroName = PP.getSpelling(TheTok); std::string MacroName = PP.getSpelling(TheTok);
const auto *II = PP.getIdentifierInfo(MacroName); const auto *II = PP.getIdentifierInfo(MacroName);
assert(II && "Failed to acquire the IndetifierInfo for the macro!"); assert(II && "Failed to acquire the IndetifierInfo for the macro!");
const MacroInfo *MI = getMacroInfoForLocation(PP, SM, II, ExpanLoc); const MacroInfo *MI = getMacroInfoForLocation(PP, SM, II, ExpanLoc);
// assert(MI && "The macro must've been defined at it's expansion location!"); // assert(MI && "The macro must've been defined at it's expansion location!");
// //
// We should always be able to obtain the MacroInfo in a given TU, but if // We should always be able to obtain the MacroInfo in a given TU, but if
// we're running the analyzer with CTU, the Preprocessor won't contain the // we're running the analyzer with CTU, the Preprocessor won't contain the
// directive history (or anything for that matter) from another TU. // directive history (or anything for that matter) from another TU.
// TODO: assert when we're not running with CTU. // TODO: assert when we're not running with CTU.
if (!MI) if (!MI)
return { MacroName, MI, {} }; return { MacroName, MI, {} };
// Acquire the macro's arguments at the expansion point. // Acquire the macro's arguments at the expansion point.
// //
// The rough idea here is to lex from the first left parentheses to the last // The rough idea here is to lex from the first left parentheses to the last
// right parentheses, and map the macro's parameter to what they will be // right parentheses, and map the macro's parameter to what they will be
// expanded to. A macro argument may contain several token (like '3 + 4'), so // expanded to. A macro argument may contain several token (like '3 + 4'), so
// we'll lex until we find a tok::comma or tok::r_paren, at which point we // we'll lex until we find a tok::comma or tok::r_paren, at which point we
// start lexing the next argument or finish. // start lexing the next argument or finish.
ArrayRef<const IdentifierInfo *> MacroParams = MI->params(); ArrayRef<const IdentifierInfo *> MacroParams = MI->params();
if (MacroParams.empty()) if (MacroParams.empty())
return { MacroName, MI, {} }; return { MacroName, MI, {} };
RawLexer.LexFromRawLexer(TheTok); TStream.next(TheTok);
steakhalUnsubmitted
Done
ReplyInline Actions

By lexing one might think we use the actual lexer. Should we change this comment?

steakhal: By //lexing// one might think we use the actual lexer. Should we change this comment?
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

I see what you mean, but this is why its phrased as a rough idea, not an in-depth step-by-step description of the process covering corner cases -- not in this comment, at least. Functionally, you could argue that we're lexing even if we get tokens from the injected range.

Szelethus: I see what you mean, but this is why its phrased as a rough idea, not an in-depth step-by-step…
// When this is a token which expands to another macro function then its // When this is a token which expands to another macro function then its
// parentheses are not at its expansion locaiton. For example: // parentheses are not at its expansion locaiton. For example:
// //
// #define foo(x) int bar() { return x; } // #define foo(x) int bar() { return x; }
// #define apply_zero(f) f(0) // #define apply_zero(f) f(0)
// apply_zero(foo) // apply_zero(foo)
// ^ // ^
// This is not a tok::l_paren, but foo is a function. // This is not a tok::l_paren, but foo is a function.
Show All 27 Lines for (const IdentifierInfo *CurrParamII : MacroParams) {
// //
// int *ptr; // int *ptr;
// VARIADIC(ptr); // Note that there are no commas, this isn't just an // VARIADIC(ptr); // Note that there are no commas, this isn't just an
// // empty parameter -- there are no parameters for '...'. // // empty parameter -- there are no parameters for '...'.
// In any other case, ParenthesesDepth mustn't be 0 here. // In any other case, ParenthesesDepth mustn't be 0 here.
if (ParenthesesDepth != 0) { if (ParenthesesDepth != 0) {
// Lex the first token of the next macro parameter. // Lex the first token of the next macro parameter.
RawLexer.LexFromRawLexer(TheTok); TStream.next(TheTok);
while ( while (
!(ParenthesesDepth == 1 && !(ParenthesesDepth == 1 &&
(CurrParamII == __VA_ARGS__II ? false : TheTok.is(tok::comma)))) { (CurrParamII == __VA_ARGS__II ? false : TheTok.is(tok::comma)))) {
assert(TheTok.isNot(tok::eof) && assert(TheTok.isNot(tok::eof) &&
"EOF encountered while looking for expanded macro args!"); "EOF encountered while looking for expanded macro args!");
if (TheTok.is(tok::l_paren)) if (TheTok.is(tok::l_paren))
++ParenthesesDepth; ++ParenthesesDepth;
if (TheTok.is(tok::r_paren)) if (TheTok.is(tok::r_paren))
--ParenthesesDepth; --ParenthesesDepth;
if (ParenthesesDepth == 0) if (ParenthesesDepth == 0)
break; break;
if (TheTok.is(tok::raw_identifier)) if (TheTok.is(tok::raw_identifier)) {
PP.LookUpIdentifierInfo(TheTok); PP.LookUpIdentifierInfo(TheTok);
if (TheTok.getIdentifierInfo() == __VA_ARGS__II) {
TStream.injextRange(
martongUnsubmitted
Done
ReplyInline Actions

Why do we have to push back the tokens in case of __VA_ARGS? And what is in PrevParamMap here. Is it possible that at can fail here? Perhaps an example could make this hunk way easier to understand. To be honest, this hunk is a mystique for me in this form.

martong: Why do we have to push back the tokens in case of __VA_ARGS? And what is in PrevParamMap here.
const_cast<MacroParamMap &>(PrevParamMap)[__VA_ARGS__II]);
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

Oh, this has to be fixed as well. at() should be fine, we messed something up really bad if the information we gathered from containing macro has no mention of __VA_ARGS__.

Szelethus: Oh, this has to be fixed as well. `at()` should be fine, we messed something up really bad if…
TStream.next(TheTok);
continue;
}
}
ArgTokens.push_back(TheTok); ArgTokens.push_back(TheTok);
RawLexer.LexFromRawLexer(TheTok); TStream.next(TheTok);
} }
} else { } else {
// FIXME: Handle when multiple parameters map to a single argument.
// Currently, we only handle when multiple arguments map to the same
// parameter.
assert(CurrParamII == __VA_ARGS__II && assert(CurrParamII == __VA_ARGS__II &&
"No more macro arguments are found, but the current parameter " "No more macro arguments are found, but the current parameter "
"isn't __VA_ARGS__!"); "isn't __VA_ARGS__!");
} }
ParamMap.emplace(CurrParamII, std::move(ArgTokens)); ParamMap.emplace(CurrParamII, std::move(ArgTokens));
} }
▲ Show 20 LinesShow All 86 Lines▼ Show 20 Linesstatic void dumpArgTokensToStream(llvm::raw_ostream &Out,
const Preprocessor &PP, const Preprocessor &PP,
const ArgTokensTy &Toks) { const ArgTokensTy &Toks) {
TokenPrinter Printer(Out, PP); TokenPrinter Printer(Out, PP);
for (Token Tok : Toks) for (Token Tok : Toks)
Printer.printToken(Tok); Printer.printToken(Tok);
} }
void TokenPrinter::printToken(const Token &Tok) { void TokenPrinter::printToken(const Token &Tok) {
// TODO: Handle the case where hash and hashhash occurs right before
// __VA_ARGS__.
steakhalUnsubmitted
Done
ReplyInline Actions

What does hashhash mean? I might lack some context though :D

steakhal: What does //hashhash// mean? I might lack some context though :D
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

# and ## respectively. The test cases you pointed out as flawed refer to this FIXME, though a FIXME in the tests themselves wouldn't hurt.

Szelethus: `#` and `##` respectively. The test cases you pointed out as flawed refer to this FIXME, though…
steakhalUnsubmitted
Done
ReplyInline Actions

Maybe HashtagHashtag?
Or an example would be even better like: ##__VA_ARGS__

steakhal: Maybe `HashtagHashtag`? Or an example would be even better like: `##__VA_ARGS__`
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

If you look a few lines down, you can see that its not up to us to choose this one :^)

Szelethus: If you look a few lines down, you can see that its not up to us to choose this one :^)
// If this is the first token to be printed, don't print space. // If this is the first token to be printed, don't print space.
if (PrevTok.isNot(tok::unknown)) { if (PrevTok.isNot(tok::unknown)) {
// If the tokens were already space separated, or if they must be to avoid // If the tokens were already space separated, or if they must be to avoid
// them being implicitly pasted, add a space between them. // them being implicitly pasted, add a space between them.
if(Tok.hasLeadingSpace() || ConcatInfo.AvoidConcat(PrevPrevTok, PrevTok, if(Tok.hasLeadingSpace() || ConcatInfo.AvoidConcat(PrevPrevTok, PrevTok,
Tok)) { Tok)) {
// AvoidConcat doesn't check for ##, don't print a space around it. // AvoidConcat doesn't check for ##, don't print a space around it.
if (PrevTok.isNot(tok::hashhash) && Tok.isNot(tok::hashhash)) { if (PrevTok.isNot(tok::hashhash) && Tok.isNot(tok::hashhash)) {
Show All 15 Lines

clang/test/Analysis/Inputs/expected-plists/plist-macros-with-expansion.cpp.plist

Show First 20 LinesShow All 6,106 Lines▼ Show 20 Lines
<dict> <dict>
<key>0</key> <key>0</key>
<array> <array>
<integer>470</integer> <integer>470</integer>
<integer>471</integer> <integer>471</integer>
</array> </array>
</dict> </dict>
</dict> </dict>
<dict>
<key>path</key>
<array>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>483</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>483</integer>
<key>col</key><integer>5</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>484</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>484</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>484</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>484</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>484</integer>
<key>col</key><integer>28</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
<key>message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>485</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>485</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>485</integer>
<key>col</key><integer>15</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Division by zero</string>
<key>message</key>
<string>Division by zero</string>
</dict>
</array>
<key>macro_expansions</key>
<array>
<dict>
<key>location</key>
<dict>
<key>line</key><integer>484</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>name</key><string>DISPATCH</string>
<key>expansion</key><string>foo(x, &quot;LF1M healer&quot;);x = 0;;</string>
</dict>
</array>
<key>description</key><string>Division by zero</string>
<key>category</key><string>Logic error</string>
<key>type</key><string>Division by zero</string>
<key>check_name</key><string>core.DivideZero</string>
<!-- This hash is experimental and going to change! -->
<key>issue_hash_content_of_line_in_context</key><string>0911a97774745d4fa0ac03cd9680dfe1</string>
<key>issue_context_kind</key><string>function</string>
<key>issue_context</key><string>mulitpleParamsResolveToVA_ARGS</string>
<key>issue_hash_function_offset</key><string>3</string>
<key>location</key>
<dict>
<key>line</key><integer>485</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ExecutedLines</key>
<dict>
<key>0</key>
<array>
<integer>482</integer>
<integer>483</integer>
<integer>484</integer>
<integer>485</integer>
</array>
</dict>
</dict>
<dict>
<key>path</key>
<array>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>496</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>496</integer>
<key>col</key><integer>5</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>497</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>497</integer>
<key>col</key><integer>16</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>497</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>497</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>497</integer>
<key>col</key><integer>71</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
<key>message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>498</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>498</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>498</integer>
<key>col</key><integer>15</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Division by zero</string>
<key>message</key>
<string>Division by zero</string>
</dict>
</array>
<key>macro_expansions</key>
<array>
<dict>
<key>location</key>
<dict>
<key>line</key><integer>497</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>name</key><string>CONCAT_VA_ARGS</string>
<key>expansion</key><string>variadicCFunction(x, &quot;You need to construct additional pylons.&quot;,&apos;c&apos;, 9);x = 0;</string>
</dict>
</array>
<key>description</key><string>Division by zero</string>
<key>category</key><string>Logic error</string>
<key>type</key><string>Division by zero</string>
<key>check_name</key><string>core.DivideZero</string>
<!-- This hash is experimental and going to change! -->
<key>issue_hash_content_of_line_in_context</key><string>ed592fb952ed786e7efdc81bbc538e94</string>
<key>issue_context_kind</key><string>function</string>
<key>issue_context</key><string>concatVA_ARGS</string>
<key>issue_hash_function_offset</key><string>3</string>
<key>location</key>
<dict>
<key>line</key><integer>498</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ExecutedLines</key>
<dict>
<key>0</key>
<array>
<integer>495</integer>
<integer>496</integer>
<integer>497</integer>
<integer>498</integer>
</array>
</dict>
</dict>
<dict>
<key>path</key>
<array>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>504</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>504</integer>
<key>col</key><integer>5</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>505</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>505</integer>
<key>col</key><integer>16</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>505</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>505</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>505</integer>
<key>col</key><integer>44</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
<key>message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>506</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>506</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>506</integer>
<key>col</key><integer>15</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Division by zero</string>
<key>message</key>
<string>Division by zero</string>
</dict>
</array>
<key>macro_expansions</key>
<array>
<dict>
<key>location</key>
<dict>
<key>line</key><integer>505</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>name</key><string>CONCAT_VA_ARGS</string>
<key>expansion</key><string>variadicCFunction(x, &quot;You need to construct&quot;,);x = 0;</string>
</dict>
</array>
<key>description</key><string>Division by zero</string>
<key>category</key><string>Logic error</string>
<key>type</key><string>Division by zero</string>
<key>check_name</key><string>core.DivideZero</string>
<!-- This hash is experimental and going to change! -->
<key>issue_hash_content_of_line_in_context</key><string>4b0ab46d7a972d0a388b4bb59351480a</string>
<key>issue_context_kind</key><string>function</string>
<key>issue_context</key><string>concatVA_ARGSEmpty</string>
<key>issue_hash_function_offset</key><string>3</string>
<key>location</key>
<dict>
<key>line</key><integer>506</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ExecutedLines</key>
<dict>
<key>0</key>
<array>
<integer>503</integer>
<integer>504</integer>
<integer>505</integer>
<integer>506</integer>
</array>
</dict>
</dict>
<dict>
<key>path</key>
<array>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>516</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>516</integer>
<key>col</key><integer>5</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>517</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>517</integer>
<key>col</key><integer>21</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>517</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>517</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>517</integer>
<key>col</key><integer>71</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
<key>message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>518</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>518</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>518</integer>
<key>col</key><integer>15</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Division by zero</string>
<key>message</key>
<string>Division by zero</string>
</dict>
</array>
<key>macro_expansions</key>
<array>
<dict>
<key>location</key>
<dict>
<key>line</key><integer>517</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>name</key><string>STRINGIFIED_VA_ARGS</string>
<key>expansion</key><string>variadicCFunction(x, &quot;Additional supply depots required.&quot;, &quot;&apos;a&apos;&quot;, 10);x = 0;</string>
</dict>
</array>
<key>description</key><string>Division by zero</string>
<key>category</key><string>Logic error</string>
<key>type</key><string>Division by zero</string>
<key>check_name</key><string>core.DivideZero</string>
<!-- This hash is experimental and going to change! -->
<key>issue_hash_content_of_line_in_context</key><string>6622e3f0651f97e6cbf4e075e6b07707</string>
<key>issue_context_kind</key><string>function</string>
<key>issue_context</key><string>stringifyVA_ARGS</string>
<key>issue_hash_function_offset</key><string>3</string>
<key>location</key>
<dict>
<key>line</key><integer>518</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ExecutedLines</key>
<dict>
<key>0</key>
<array>
<integer>515</integer>
<integer>516</integer>
<integer>517</integer>
<integer>518</integer>
</array>
</dict>
</dict>
<dict>
<key>path</key>
<array>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>525</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>525</integer>
<key>col</key><integer>5</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>526</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>526</integer>
<key>col</key><integer>21</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>526</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>526</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>526</integer>
<key>col</key><integer>62</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
<key>message</key>
<string>The value 0 is assigned to &apos;x&apos;</string>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>527</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>527</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>527</integer>
<key>col</key><integer>15</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Division by zero</string>
<key>message</key>
<string>Division by zero</string>
</dict>
</array>
<key>macro_expansions</key>
<array>
<dict>
<key>location</key>
<dict>
<key>line</key><integer>526</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<key>name</key><string>STRINGIFIED_VA_ARGS</string>
<key>expansion</key><string>variadicCFunction(x, &quot;Additional supply depots required.&quot;, &quot;)&quot;;x = 0;</string>
</dict>
</array>
<key>description</key><string>Division by zero</string>
<key>category</key><string>Logic error</string>
<key>type</key><string>Division by zero</string>
<key>check_name</key><string>core.DivideZero</string>
<!-- This hash is experimental and going to change! -->
<key>issue_hash_content_of_line_in_context</key><string>86c6e52c81f1129e6c9f51e6938d9ee7</string>
<key>issue_context_kind</key><string>function</string>
<key>issue_context</key><string>stringifyVA_ARGSEmpty</string>
<key>issue_hash_function_offset</key><string>3</string>
<key>location</key>
<dict>
<key>line</key><integer>527</integer>
<key>col</key><integer>13</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ExecutedLines</key>
<dict>
<key>0</key>
<array>
<integer>524</integer>
<integer>525</integer>
<integer>526</integer>
<integer>527</integer>
</array>
</dict>
</dict>
</array> </array>
<key>files</key> <key>files</key>
<array> <array>
</array> </array>
</dict> </dict>
</plist> </plist>

clang/test/Analysis/plist-macros-with-expansion.cpp

Show First 20 LinesShow All 466 Lines▼ Show 20 Lines
#define BAR(x) int bar() { return x; } #define BAR(x) int bar() { return x; }
#define APPLY_ZERO2 BAR(0) #define APPLY_ZERO2 BAR(0)
APPLY_ZERO2 APPLY_ZERO2
void useZeroApplier2() { (void)(1 / bar()); } // expected-warning{{Division by zero}} void useZeroApplier2() { (void)(1 / bar()); } // expected-warning{{Division by zero}}
// CHECK: <key>name</key><string>APPLY_ZERO2</string> // CHECK: <key>name</key><string>APPLY_ZERO2</string>
// CHECK-NEXT: <key>expansion</key><string>int bar() { return 0; }</string> // CHECK-NEXT: <key>expansion</key><string>int bar() { return 0; }</string>
void foo(int &x, const char *str);
#define PARAMS_RESOLVE_TO_VA_ARGS(i, fmt) \
foo(i, fmt); \
i = 0;
#define DISPATCH(...) PARAMS_RESOLVE_TO_VA_ARGS(__VA_ARGS__);
steakhalUnsubmitted
Done
ReplyInline Actions

You don't need an ending semicolon here. It will be already there at the expansion location.
This way you introduce an empty expression after the macro expansion.
The same happens in all the other cases as well.

steakhal: You don't need an ending semicolon here. It will be already there at the expansion location.
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

You are correct, though the point of macro expansion testing is to see whether we nailed what the preprocessor is supposed to do -- not whether the code it creates makes such sense. In fact, I would argue that most GNU extensions to the preprocessor shouldn't be a thing, but we still need to support it.

Szelethus: You are correct, though the point of macro expansion testing is to see whether we nailed what…
steakhalUnsubmitted
Done
ReplyInline Actions

Oh, now I get it.
I didn't know that this was ann extension lol.

steakhal: Oh, now I get it. I didn't know that this was ann extension lol.
void mulitpleParamsResolveToVA_ARGS(void) {
int x = 1;
DISPATCH(x, "LF1M healer");
(void)(10 / x); // expected-warning{{Division by zero}}
steakhalUnsubmitted
Done
ReplyInline Actions

Should we really abuse the division by zero checker here?
Can't we just use an ExprInspection call here?
Maybe it requires a specific BugPath visitor, and that is why we do it this way?

steakhal: Should we really abuse the division by zero checker here? Can't we just use an ExprInspection…
SzelethusAuthorUnsubmitted
Done
ReplyInline Actions

We could totally use ExprInspection -- but I'd argue that using something else isn't an abuse of the specific checker :) Since the entire file is already written this way, and would demand changes in the large plist file, I'd prefer to keep it this way.

Szelethus: We could totally use `ExprInspection` -- but I'd argue that using something else isn't an abuse…
steakhalUnsubmitted
Done
ReplyInline Actions

Perfectly fine. I agree with you knowing this. Thanks.

steakhal: Perfectly fine. I agree with you knowing this. Thanks.
}
// CHECK: <key>name</key><string>DISPATCH</string>
// CHECK-NEXT: <key>expansion</key><string>foo(x, &quot;LF1M healer&quot;);x = 0;;</string>
void variadicCFunction(int &x, const char *str, ...);
#define CONCAT_VA_ARGS(i, fmt, ...) \
variadicCFunction(i, fmt, ##__VA_ARGS__); \
i = 0;
void concatVA_ARGS(void) {
int x = 1;
CONCAT_VA_ARGS(x, "You need to construct additional pylons.", 'c', 9);
(void)(10 / x); // expected-warning{{Division by zero}}
}
// CHECK: <key>name</key><string>CONCAT_VA_ARGS</string>
// CHECK-NEXT: <key>expansion</key><string>variadicCFunction(x, &quot;You need to construct additional pylons.&quot;,&apos;c&apos;, 9);x = 0;</string>
void concatVA_ARGSEmpty(void) {
int x = 1;
CONCAT_VA_ARGS(x, "You need to construct");
(void)(10 / x); // expected-warning{{Division by zero}}
}
// CHECK: <key>name</key><string>CONCAT_VA_ARGS</string>
// CHECK-NEXT: <key>expansion</key><string>variadicCFunction(x, &quot;You need to construct&quot;,);x = 0;</string>
steakhalUnsubmitted
Done
ReplyInline Actions

How did that comma appear there?
https://godbolt.org/z/4En3E5

steakhal: How did that comma appear there? https://godbolt.org/z/4En3E5
#define STRINGIFIED_VA_ARGS(i, fmt, ...) \
variadicCFunction(i, fmt, #__VA_ARGS__); \
i = 0;
void stringifyVA_ARGS(void) {
int x = 1;
STRINGIFIED_VA_ARGS(x, "Additional supply depots required.", 'a', 10);
(void)(10 / x); // expected-warning{{Division by zero}}
}
// CHECK: <key>name</key><string>STRINGIFIED_VA_ARGS</string>
// CHECK-NEXT: <key>expansion</key><string>variadicCFunction(x, &quot;Additional supply depots required.&quot;, &quot;&apos;a&apos;&quot;, 10);x = 0;</string>
steakhalUnsubmitted
Done
ReplyInline Actions

This test case is also bad.
https://godbolt.org/z/89s48K

steakhal: This test case is also bad. https://godbolt.org/z/89s48K
void stringifyVA_ARGSEmpty(void) {
int x = 1;
STRINGIFIED_VA_ARGS(x, "Additional supply depots required.");
(void)(10 / x); // expected-warning{{Division by zero}}
}
// CHECK: <key>name</key><string>STRINGIFIED_VA_ARGS</string>
// CHECK-NEXT: <key>expansion</key><string>variadicCFunction(x, &quot;Additional supply depots required.&quot;, &quot;)&quot;;x = 0;</string>
steakhalUnsubmitted
Done
ReplyInline Actions

Also. https://godbolt.org/z/8c3dxP

steakhal: Also. https://godbolt.org/z/8c3dxP