1 /* $NetBSD: tree.c,v 1.702 2026/01/17 16:22:35 rillig Exp $ */ 2 3 /* 4 * Copyright (c) 1994, 1995 Jochen Pohl 5 * All Rights Reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Jochen Pohl for 18 * The NetBSD Project. 19 * 4. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #if HAVE_NBTOOL_CONFIG_H 35 #include "nbtool_config.h" 36 #endif 37 38 #include <sys/cdefs.h> 39 #if defined(__RCSID) 40 __RCSID("$NetBSD: tree.c,v 1.702 2026/01/17 16:22:35 rillig Exp $"); 41 #endif 42 43 #include <float.h> 44 #include <limits.h> 45 #include <math.h> 46 #include <signal.h> 47 #include <stdlib.h> 48 #include <string.h> 49 50 #include "lint1.h" 51 52 53 typedef struct integer_constraints { 54 int64_t smin; /* signed minimum */ 55 int64_t smax; /* signed maximum */ 56 uint64_t umin; /* unsigned minimum */ 57 uint64_t umax; /* unsigned maximum */ 58 uint64_t bclr; /* bits that are definitely clear */ 59 } integer_constraints; 60 61 62 static int64_t 63 s64_min(int64_t a, int64_t b) 64 { 65 return a < b ? a : b; 66 } 67 68 static int64_t 69 s64_max(int64_t a, int64_t b) 70 { 71 return a > b ? a : b; 72 } 73 74 static uint64_t 75 s64_abs(int64_t x) 76 { 77 return x >= 0 ? (uint64_t)x : -(uint64_t)x; 78 } 79 80 static int64_t 81 s64_shr(int64_t x, unsigned amount) 82 { 83 return x >= 0 84 ? (int64_t)((uint64_t)x >> amount) 85 : (int64_t)~(~(uint64_t)x >> amount); 86 } 87 88 static uint64_t 89 u64_min(uint64_t a, uint64_t b) 90 { 91 return a < b ? a : b; 92 } 93 94 static uint64_t 95 u64_max(uint64_t a, uint64_t b) 96 { 97 return a > b ? a : b; 98 } 99 100 static uint64_t 101 u64_fill_right(uint64_t x) 102 { 103 x |= x >> 1; 104 x |= x >> 2; 105 x |= x >> 4; 106 x |= x >> 8; 107 x |= x >> 16; 108 x |= x >> 32; 109 return x; 110 } 111 112 static unsigned 113 u64_width(uint64_t x) 114 { 115 unsigned m = 0; 116 if (x >> 32 != 0) 117 x >>= 32, m += 32; 118 if (x >> 16 != 0) 119 x >>= 16, m += 16; 120 if (x >> 8 != 0) 121 x >>= 8, m += 8; 122 if (x >> 4 != 0) 123 x >>= 4, m += 4; 124 if (x >> 2 != 0) 125 x >>= 2, m += 2; 126 if (x >> 1 != 0) 127 x >>= 1, m++; 128 if (x > 0) 129 m++; 130 return m; 131 } 132 133 static int 134 portable_rank_cmp(tspec_t t1, tspec_t t2) 135 { 136 const ttab_t *p1 = type_properties(t1), *p2 = type_properties(t2); 137 lint_assert(p1->tt_rank_kind == p2->tt_rank_kind); 138 lint_assert(p1->tt_rank_value > 0); 139 lint_assert(p2->tt_rank_value > 0); 140 return (int)p1->tt_rank_value - (int)p2->tt_rank_value; 141 } 142 143 static unsigned 144 width_in_bits(const type_t *tp) 145 { 146 lint_assert(is_integer(tp->t_tspec)); 147 return tp->t_bitfield 148 ? tp->t_bit_field_width 149 : size_in_bits(tp->t_tspec); 150 } 151 152 static uint64_t 153 ui_max_value(const type_t *tp) 154 { 155 return value_bits(width_in_bits(tp)); 156 } 157 158 static int64_t 159 si_max_value(const type_t *tp) 160 { 161 return (int64_t)(ui_max_value(tp) >> 1); 162 } 163 164 static int64_t 165 si_min_value(const type_t *tp) 166 { 167 return -si_max_value(tp) - 1; 168 } 169 170 static int64_t 171 si_mult_sat(const type_t *tp, int64_t l, int64_t r) 172 { 173 uint64_t al = s64_abs(l); 174 uint64_t ar = s64_abs(r); 175 bool neg = (l >= 0) != (r >= 0); 176 int64_t max = si_max_value(tp); 177 uint64_t max_prod = (uint64_t)max + (neg ? 1 : 0); 178 if (al == 0 || ar <= max_prod / al) 179 return l * r; 180 else if (neg) 181 return -1 - max; 182 else 183 return max; 184 } 185 186 static int64_t 187 si_plus_sat(const type_t *tp, int64_t a, int64_t b) 188 { 189 if (b >= 0) { 190 int64_t max = si_max_value(tp); 191 return a <= max - b ? a + b : max; 192 } else { 193 int64_t min = si_min_value(tp); 194 return a >= min - b ? a + b : min; 195 } 196 } 197 198 static int64_t 199 si_minus_sat(const type_t *tp, int64_t a, int64_t b) 200 { 201 if (b >= 0) { 202 int64_t min = si_min_value(tp); 203 return a >= min + b ? a - b : min; 204 } else { 205 int64_t max = si_max_value(tp); 206 return a <= max + b ? a - b : max; 207 } 208 } 209 210 static bool 211 ic_maybe_signed(const type_t *tp, integer_constraints ic) 212 { 213 return !is_uinteger(tp->t_tspec) && ic.bclr >> 63 == 0; 214 } 215 216 static bool 217 ic_maybe_signed_binary(const type_t *tp, 218 integer_constraints a, integer_constraints b) 219 { 220 return !is_uinteger(tp->t_tspec) && (a.bclr & b.bclr) >> 63 == 0; 221 } 222 223 static integer_constraints 224 ic_any(const type_t *tp) 225 { 226 integer_constraints c; 227 228 unsigned width = width_in_bits(tp); 229 uint64_t vbits = value_bits(width); 230 if (is_uinteger(tp->t_tspec)) { 231 c.smin = width < 64 ? 0 : INT64_MIN; 232 c.smax = width < 64 ? (int64_t)vbits : INT64_MAX; 233 c.umin = 0; 234 c.umax = vbits; 235 c.bclr = ~c.umax; 236 } else { 237 c.smin = -1 - (int64_t)(vbits >> 1); 238 c.smax = (int64_t)(vbits >> 1); 239 c.umin = 0; 240 c.umax = UINT64_MAX; 241 c.bclr = 0; 242 } 243 return c; 244 } 245 246 static integer_constraints 247 ic_mult(const type_t *tp, integer_constraints a, integer_constraints b) 248 { 249 integer_constraints c; 250 251 if (ic_maybe_signed_binary(tp, a, b)) { 252 int64_t ll = si_mult_sat(tp, a.smin, b.smin); 253 int64_t lu = si_mult_sat(tp, a.smin, b.smax); 254 int64_t ul = si_mult_sat(tp, a.smax, b.smin); 255 int64_t uu = si_mult_sat(tp, a.smax, b.smax); 256 257 c.smin = s64_min(ll, s64_min(lu, s64_min(ul, uu))); 258 c.smax = s64_max(ll, s64_max(lu, s64_max(ul, uu))); 259 c.umin = c.smin >= 0 ? (uint64_t)c.smin : 0; 260 c.umax = c.smin >= 0 ? (uint64_t)c.smax : UINT64_MAX; 261 c.bclr = ~u64_fill_right(c.umax); 262 return c; 263 } 264 265 if (a.umax > 0 && b.umax > ic_any(tp).umax / a.umax) 266 return ic_any(tp); 267 268 c.smin = INT64_MIN; 269 c.smax = INT64_MAX; 270 c.umin = a.umin * b.umin; 271 c.umax = a.umax * b.umax; 272 c.bclr = ~u64_fill_right(c.umax); 273 return c; 274 } 275 276 static integer_constraints 277 ic_div(const type_t *tp, integer_constraints a, integer_constraints b) 278 { 279 if (ic_maybe_signed_binary(tp, a, b)) { 280 if (b.smin >= 0) 281 return a; 282 return ic_any(tp); 283 } 284 285 integer_constraints c; 286 c.smin = INT64_MIN; 287 c.smax = INT64_MAX; 288 c.umin = a.umin / u64_max(b.umax, 1); 289 c.umax = a.umax / u64_max(b.umin, 1); 290 c.bclr = ~u64_fill_right(c.umax); 291 return c; 292 } 293 294 static integer_constraints 295 ic_mod(const type_t *tp, integer_constraints a, integer_constraints b) 296 { 297 if (ic_maybe_signed_binary(tp, a, b)) { 298 uint64_t max_abs_b = u64_max(s64_abs(b.smin), s64_abs(b.smax)); 299 if (max_abs_b >> 63 != 0 || max_abs_b == 0) 300 return a; 301 302 integer_constraints c; 303 c.smin = s64_max(a.smin, -(int64_t)(max_abs_b - 1)); 304 c.smax = s64_min(a.smax, (int64_t)(max_abs_b - 1)); 305 c.umin = 0; 306 c.umax = UINT64_MAX; 307 c.bclr = 0; 308 return c; 309 } 310 311 integer_constraints c; 312 c.smin = INT64_MIN; 313 c.smax = INT64_MAX; 314 c.umin = 0; 315 c.umax = b.umax - 1; 316 c.bclr = ~u64_fill_right(c.umax); 317 return c; 318 } 319 320 static integer_constraints 321 ic_plus(const type_t *tp, integer_constraints a, integer_constraints b) 322 { 323 if (ic_maybe_signed_binary(tp, a, b)) { 324 integer_constraints c; 325 c.smin = si_plus_sat(tp, a.smin, b.smin); 326 c.smax = si_plus_sat(tp, a.smax, b.smax); 327 c.umin = c.smin >= 0 ? (uint64_t)c.smin : 0; 328 c.umax = c.smin >= 0 ? (uint64_t)c.smax : UINT64_MAX; 329 c.bclr = 0; 330 return c; 331 } 332 333 uint64_t max = ui_max_value(tp); 334 integer_constraints c; 335 c.smin = INT64_MIN; 336 c.smax = INT64_MAX; 337 if (b.umax <= max - a.umax) { 338 c.umin = a.umin + b.umin; 339 c.umax = a.umax + b.umax; 340 } else { 341 c.umin = 0; 342 c.umax = max; 343 } 344 if (c.umax >> 63 == 0) { 345 c.smin = 0; 346 c.smax = (int64_t)c.umax; 347 } 348 c.bclr = ~u64_fill_right(c.umax); 349 return c; 350 } 351 352 static integer_constraints 353 ic_minus(const type_t *tp, integer_constraints a, integer_constraints b) 354 { 355 integer_constraints c; 356 c.smin = si_minus_sat(tp, a.smin, b.smax); 357 c.smax = si_minus_sat(tp, a.smax, b.smin); 358 359 if (ic_maybe_signed_binary(tp, a, b)) { 360 c.umin = c.smin >= 0 ? (uint64_t)c.smin : 0; 361 c.umax = c.smin >= 0 ? (uint64_t)c.smax : UINT64_MAX; 362 } else if (a.umin >= b.umax) { 363 c.umin = a.umin - b.umax; 364 c.umax = a.umax - b.umin; 365 } else { 366 c.umin = 0; 367 c.umax = is_uinteger(tp->t_tspec) ? ui_max_value(tp) 368 : UINT64_MAX; 369 } 370 c.bclr = ~u64_fill_right(c.umax); 371 return c; 372 } 373 374 static integer_constraints 375 ic_shl(const type_t *tp, integer_constraints a, integer_constraints b) 376 { 377 if (ic_maybe_signed(tp, a)) 378 return ic_any(tp); 379 380 unsigned amount; 381 if (b.smin == b.smax && b.smin >= 0 && b.smin < 64) 382 amount = (unsigned)b.smin; 383 else if (b.umin == b.umax && b.umin < 64) 384 amount = (unsigned)b.umin; 385 else 386 return ic_any(tp); 387 388 integer_constraints c; 389 c.umin = a.umin << amount; 390 c.umax = a.umax << amount; 391 if (c.umax >> (width_in_bits(tp) - 1) == 0) { 392 c.smin = (int64_t)c.umin; 393 c.smax = (int64_t)c.umax; 394 } else { 395 c.smin = INT64_MIN; 396 c.smax = INT64_MAX; 397 } 398 c.bclr = a.bclr << amount | (((uint64_t)1 << amount) - 1); 399 return c; 400 } 401 402 static integer_constraints 403 ic_shr(const type_t *tp, integer_constraints a, integer_constraints b) 404 { 405 if (ic_maybe_signed(tp, a)) 406 return ic_any(tp); 407 408 unsigned amount; 409 if (b.smin == b.smax && b.smin >= 0 && b.smin < 64) 410 amount = (unsigned)b.smin; 411 else if (b.umin == b.umax && b.umin < 64) 412 amount = (unsigned)b.umin; 413 else 414 return ic_any(tp); 415 416 integer_constraints c; 417 c.smin = s64_shr(a.smin, amount); 418 c.smax = s64_shr(a.smax, amount); 419 c.umin = a.umin >> amount; 420 c.umax = a.umax >> amount; 421 c.bclr = a.bclr >> amount | ~(~(uint64_t)0 >> amount); 422 return c; 423 } 424 425 static integer_constraints 426 ic_bitand(integer_constraints a, integer_constraints b) 427 { 428 integer_constraints c; 429 c.smin = a.smin & b.smin; 430 c.smax = a.smax & b.smax; 431 c.umin = a.umin & b.umin; 432 c.umax = a.umax & b.umax; 433 c.bclr = a.bclr | b.bclr; 434 return c; 435 } 436 437 static integer_constraints 438 ic_bitxor(const type_t *tp, integer_constraints a, integer_constraints b) 439 { 440 if (ic_maybe_signed_binary(tp, a, b)) 441 return ic_any(tp); 442 443 integer_constraints c; 444 c.smin = a.smin & b.smin; 445 c.smax = a.smax | b.smax; 446 c.umin = a.umin & b.umin; 447 c.umax = a.umax | b.umax; 448 c.bclr = a.bclr & b.bclr; 449 return c; 450 } 451 452 static integer_constraints 453 ic_bitor(integer_constraints a, integer_constraints b) 454 { 455 integer_constraints c; 456 c.smin = a.smin | b.smin; 457 c.smax = a.smax | b.smax; 458 c.umin = a.umin | b.umin; 459 c.umax = a.umax | b.umax; 460 c.bclr = a.bclr & b.bclr; 461 return c; 462 } 463 464 static integer_constraints 465 ic_quest_colon(integer_constraints a, integer_constraints b) 466 { 467 integer_constraints c; 468 c.smin = s64_min(a.smin, b.smin); 469 c.smax = s64_max(a.smax, b.smax); 470 c.umin = u64_min(a.umin, b.umin); 471 c.umax = u64_max(a.umax, b.umax); 472 c.bclr = a.bclr & b.bclr; 473 return c; 474 } 475 476 static integer_constraints 477 ic_con(const type_t *tp, const val_t *v) 478 { 479 lint_assert(is_integer(tp->t_tspec)); 480 int64_t si = v->u.integer; 481 uint64_t ui = (uint64_t)si; 482 483 integer_constraints c; 484 c.smin = si; 485 c.smax = si; 486 c.umin = ui; 487 c.umax = ui; 488 c.bclr = ~ui; 489 return c; 490 } 491 492 static integer_constraints 493 ic_cvt(const type_t *ntp, const type_t *otp, integer_constraints a) 494 { 495 unsigned new_width = width_in_bits(ntp); 496 unsigned old_width = width_in_bits(otp); 497 bool new_unsigned = is_uinteger(ntp->t_tspec); 498 bool old_unsigned = is_uinteger(otp->t_tspec); 499 500 if (new_width >= old_width && new_unsigned == old_unsigned) 501 return a; 502 if (new_width > old_width && old_unsigned) 503 return a; 504 if (new_unsigned && (~value_bits(new_width) & ~a.bclr) == 0) 505 return a; 506 return ic_any(ntp); 507 } 508 509 static integer_constraints 510 ic_unsigned_range(uint64_t minimum, uint64_t maximum) 511 { 512 integer_constraints c; 513 lint_assert(minimum <= maximum); 514 c.smin = maximum <= INT64_MAX ? (int64_t)minimum : INT64_MIN; 515 c.smax = maximum <= INT64_MAX ? (int64_t)maximum : INT64_MAX; 516 c.umin = minimum; 517 c.umax = maximum; 518 c.bclr = ~c.umax; 519 return c; 520 } 521 522 static integer_constraints 523 ic_signed_range(int64_t minimum, int64_t maximum) 524 { 525 integer_constraints c; 526 lint_assert(minimum <= maximum); 527 c.smin = minimum; 528 c.smax = maximum; 529 c.umin = minimum >= 0 ? (uint64_t)minimum : 0; 530 c.umax = minimum >= 0 ? (uint64_t)maximum : UINT64_MAX; 531 c.bclr = ~c.umax; 532 return c; 533 } 534 535 static integer_constraints 536 ic_call(const function_call *call) 537 { 538 if (!(call->func->tn_op == ADDR 539 && call->func->u.ops.left->tn_op == NAME)) 540 goto any; 541 542 const char *name = call->func->u.ops.left->u.sym->s_name; 543 544 if (strcmp(name, "strlen") == 0 545 || strcmp(name, "strcspn") == 0 546 || strcmp(name, "strspn") == 0 547 || strcmp(name, "strlcpy") == 0 548 || strcmp(name, "strlcat") == 0) 549 return ic_unsigned_range(0, INT_MAX - 1); 550 if ((strcmp(name, "read") == 0 || strcmp(name, "write") == 0) 551 && call->args_len == 3 552 && call->args[2]->tn_op == CON 553 && is_uinteger(call->args[2]->tn_type->t_tspec) 554 && call->args[2]->u.value.u.integer >= 0) 555 return ic_signed_range(-1, call->args[2]->u.value.u.integer); 556 557 any: 558 return ic_any(call->func->tn_type->t_subt->t_subt); 559 } 560 561 static integer_constraints 562 ic_expr(const tnode_t *tn) 563 { 564 integer_constraints lc, rc; 565 566 lint_assert(is_integer(tn->tn_type->t_tspec)); 567 568 switch (tn->tn_op) { 569 case MULT: 570 lc = ic_expr(tn->u.ops.left); 571 rc = ic_expr(tn->u.ops.right); 572 return ic_mult(tn->tn_type, lc, rc); 573 case DIV: 574 lc = ic_expr(tn->u.ops.left); 575 rc = ic_expr(tn->u.ops.right); 576 return ic_div(tn->tn_type, lc, rc); 577 case MOD: 578 lc = ic_expr(tn->u.ops.left); 579 rc = ic_expr(tn->u.ops.right); 580 return ic_mod(tn->tn_type, lc, rc); 581 case PLUS: 582 lc = ic_expr(tn->u.ops.left); 583 rc = ic_expr(tn->u.ops.right); 584 return ic_plus(tn->tn_type, lc, rc); 585 case MINUS: 586 if (tn->u.ops.left->tn_type->t_tspec == PTR) 587 return ic_any(tn->tn_type); 588 lc = ic_expr(tn->u.ops.left); 589 rc = ic_expr(tn->u.ops.right); 590 return ic_minus(tn->tn_type, lc, rc); 591 case SHL: 592 lc = ic_expr(tn->u.ops.left); 593 rc = ic_expr(tn->u.ops.right); 594 return ic_shl(tn->tn_type, lc, rc); 595 case SHR: 596 lc = ic_expr(tn->u.ops.left); 597 rc = ic_expr(tn->u.ops.right); 598 return ic_shr(tn->tn_type, lc, rc); 599 case BITAND: 600 lc = ic_expr(tn->u.ops.left); 601 rc = ic_expr(tn->u.ops.right); 602 return ic_bitand(lc, rc); 603 case BITXOR: 604 lc = ic_expr(tn->u.ops.left); 605 rc = ic_expr(tn->u.ops.right); 606 return ic_bitxor(tn->tn_type, lc, rc); 607 case BITOR: 608 lc = ic_expr(tn->u.ops.left); 609 rc = ic_expr(tn->u.ops.right); 610 return ic_bitor(lc, rc); 611 case QUEST: 612 lc = ic_expr(tn->u.ops.right->u.ops.left); 613 rc = ic_expr(tn->u.ops.right->u.ops.right); 614 return ic_quest_colon(lc, rc); 615 case CON: 616 return ic_con(tn->tn_type, &tn->u.value); 617 case CVT: 618 if (!is_integer(tn->u.ops.left->tn_type->t_tspec)) 619 return ic_any(tn->tn_type); 620 lc = ic_expr(tn->u.ops.left); 621 return ic_cvt(tn->tn_type, tn->u.ops.left->tn_type, lc); 622 case CALL: 623 return ic_call(tn->u.call); 624 default: 625 return ic_any(tn->tn_type); 626 } 627 } 628 629 uint64_t 630 possible_bits(const tnode_t *tn) 631 { 632 return ~ic_expr(tn).bclr; 633 } 634 635 bool 636 attributes_contain(const attribute_list *attrs, const char *str) 637 { 638 for (size_t i = 0, n = attrs->len; i < n; i++) { 639 const attribute *attr = attrs->attrs + i; 640 if (attr->prefix == NULL && strcmp(attr->name, str) == 0) 641 return true; 642 } 643 return false; 644 } 645 646 /* Build 'pointer to tp', 'array of tp' or 'function returning tp'. */ 647 type_t * 648 block_derive_type(type_t *tp, tspec_t t) 649 { 650 651 type_t *tp2 = block_zero_alloc(sizeof(*tp2), "type"); 652 tp2->t_tspec = t; 653 tp2->t_subt = tp; 654 return tp2; 655 } 656 657 /* 658 * Derive 'pointer to tp' or 'function returning tp'. 659 * The memory is freed at the end of the current expression. 660 */ 661 type_t * 662 expr_derive_type(type_t *tp, tspec_t t) 663 { 664 665 type_t *tp2 = expr_zero_alloc(sizeof(*tp2), "type"); 666 tp2->t_tspec = t; 667 tp2->t_subt = tp; 668 return tp2; 669 } 670 671 static const char * 672 function_call_descr(const function_call *call) 673 { 674 if ((call->func->tn_op == ADDR || call->func->tn_op == LOAD) 675 && call->func->u.ops.left->tn_op == NAME) 676 return call->func->u.ops.left->u.sym->s_name; 677 return type_name(call->func->tn_type->t_subt); 678 } 679 680 static size_t 681 str_len(const tnode_t *tn) 682 { 683 const buffer *buf = tn->u.str_literals; 684 if (tn->tn_type->t_subt->t_tspec != CHAR) 685 return buf->len; 686 quoted_iterator it = { .end = 0 }; 687 size_t len = 0; 688 while (quoted_next(buf, &it)) 689 len++; 690 return len; 691 } 692 693 /* Create an expression from a unary or binary operator and its operands. */ 694 static tnode_t * 695 build_op(op_t op, bool sys, type_t *type, tnode_t *ln, tnode_t *rn) 696 { 697 698 tnode_t *ntn = expr_alloc_tnode(); 699 ntn->tn_op = op; 700 ntn->tn_type = type; 701 ntn->tn_sys = sys; 702 ntn->u.ops.left = ln; 703 ntn->u.ops.right = rn; 704 705 if (op == INDIR || op == FSEL) { 706 lint_assert(ln->tn_type->t_tspec == PTR); 707 tspec_t t = ln->tn_type->t_subt->t_tspec; 708 ntn->tn_lvalue = t != FUNC && t != VOID; 709 } 710 711 return ntn; 712 } 713 714 tnode_t * 715 build_constant(type_t *tp, val_t *v) 716 { 717 718 tnode_t *n = expr_alloc_tnode(); 719 n->tn_op = CON; 720 n->tn_type = tp; 721 n->u.value = *v; 722 n->u.value.v_tspec = tp->t_tspec; 723 free(v); 724 return n; 725 } 726 727 static tnode_t * 728 build_integer_constant(tspec_t t, int64_t si) 729 { 730 731 tnode_t *n = expr_alloc_tnode(); 732 n->tn_op = CON; 733 n->tn_type = gettyp(t); 734 n->u.value.v_tspec = t; 735 n->u.value.v_unsigned_since_c90 = false; 736 n->u.value.v_char_constant = false; 737 n->u.value.u.integer = si; 738 return n; 739 } 740 741 static void 742 fallback_symbol(sym_t *sym) 743 { 744 745 if (Tflag && fallback_symbol_strict_bool(sym)) 746 return; 747 748 if (funcsym != NULL && (strcmp(sym->s_name, "__FUNCTION__") == 0 || 749 strcmp(sym->s_name, "__PRETTY_FUNCTION__") == 0)) { 750 /* __FUNCTION__/__PRETTY_FUNCTION__ is a GCC extension */ 751 gnuism(316); 752 goto return_function_name; 753 } 754 755 if (funcsym != NULL && strcmp(sym->s_name, "__func__") == 0) { 756 if (!allow_c99) 757 /* __func__ is a C99 feature */ 758 warning(317); 759 /* C11 6.4.2.2 */ 760 return_function_name: 761 sym->s_type = block_derive_type(gettyp(CHAR), ARRAY); 762 sym->s_type->t_const = true; 763 sym->s_type->u.dimension = (int)strlen(funcsym->s_name) + 1; 764 return; 765 } 766 767 /* '%s' undefined */ 768 error(99, sym->s_name); 769 } 770 771 /* 772 * Functions that are predeclared by GCC or other compilers can be called 773 * with arbitrary arguments. Since lint usually runs after a successful 774 * compilation, it's the compiler's job to catch any errors. 775 */ 776 bool 777 is_compiler_builtin(const char *name) 778 { 779 /* https://gcc.gnu.org/onlinedocs/gcc/C-Extensions.html */ 780 if (allow_gcc) { 781 if (strncmp(name, "__atomic_", 9) == 0 || 782 strncmp(name, "__builtin_", 10) == 0 || 783 strcmp(name, "alloca") == 0 || 784 /* obsolete but still in use, as of 2021 */ 785 strncmp(name, "__sync_", 7) == 0) 786 return true; 787 } 788 789 /* https://software.intel.com/sites/landingpage/IntrinsicsGuide/ */ 790 if (strncmp(name, "_mm_", 4) == 0) 791 return true; 792 793 return false; 794 } 795 796 static bool 797 str_ends_with(const char *haystack, const char *needle) 798 { 799 size_t hlen = strlen(haystack); 800 size_t nlen = strlen(needle); 801 802 return nlen <= hlen && 803 memcmp(haystack + hlen - nlen, needle, nlen) == 0; 804 } 805 806 /* https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html */ 807 static bool 808 is_gcc_bool_builtin(const char *name) 809 { 810 return strncmp(name, "__builtin_", 10) == 0 && 811 (str_ends_with(name, "_overflow") || 812 str_ends_with(name, "_overflow_p")); 813 } 814 815 static void 816 build_name_call(sym_t *sym) 817 { 818 819 if (is_compiler_builtin(sym->s_name)) { 820 /* 821 * Do not warn about these, just assume that they are regular 822 * functions compatible with non-prototype calling conventions. 823 */ 824 if (allow_gcc && is_gcc_bool_builtin(sym->s_name)) 825 sym->s_type = gettyp(BOOL); 826 } else if (allow_c99) 827 /* function '%s' implicitly declared to return int */ 828 error(215, sym->s_name); 829 else if (!allow_trad) 830 /* function '%s' implicitly declared to return int */ 831 warning(215, sym->s_name); 832 833 /* XXX if !allow_c90, the symbol should be exported to level 0 */ 834 sym->s_type = block_derive_type(sym->s_type, FUNC); 835 } 836 837 /* Create a node for a name (symbol table entry). */ 838 tnode_t * 839 build_name(sym_t *sym, bool is_funcname) 840 { 841 842 if (sym->s_scl == NO_SCL && !in_gcc_attribute) { 843 sym->s_scl = EXTERN; 844 sym->s_def = DECL; 845 if (is_funcname) 846 build_name_call(sym); 847 else 848 fallback_symbol(sym); 849 } 850 851 lint_assert(sym->s_kind == SK_VCFT || sym->s_kind == SK_MEMBER); 852 853 tnode_t *n = expr_alloc_tnode(); 854 n->tn_type = sym->s_type; 855 if (sym->s_scl == BOOL_CONST) { 856 n->tn_op = CON; 857 n->u.value.v_tspec = BOOL; 858 n->u.value.v_unsigned_since_c90 = false; 859 n->u.value.v_char_constant = false; 860 n->u.value.u.integer = sym->u.s_bool_constant ? 1 : 0; 861 } else if (sym->s_scl == ENUM_CONST) { 862 n->tn_op = CON; 863 n->u.value.v_tspec = INT; /* ENUM is in n->tn_type */ 864 n->u.value.v_unsigned_since_c90 = false; 865 n->u.value.v_char_constant = false; 866 n->u.value.u.integer = sym->u.s_enum_constant; 867 } else { 868 n->tn_op = NAME; 869 n->u.sym = sym; 870 if (sym->s_kind == SK_VCFT && sym->s_type->t_tspec != FUNC) 871 n->tn_lvalue = true; 872 } 873 874 return n; 875 } 876 877 tnode_t * 878 build_string(buffer *lit) 879 { 880 size_t value_len = lit->len; 881 if (lit->data != NULL) { 882 quoted_iterator it = { .end = 0 }; 883 for (value_len = 0; quoted_next(lit, &it); value_len++) 884 continue; 885 } 886 887 type_t *tp = expr_zero_alloc(sizeof(*tp), "type"); 888 tp->t_tspec = ARRAY; 889 tp->t_subt = gettyp(lit->data != NULL ? CHAR : WCHAR_TSPEC); 890 tp->u.dimension = (int)(value_len + 1); 891 892 tnode_t *n = expr_alloc_tnode(); 893 n->tn_op = STRING; 894 n->tn_type = tp; 895 n->tn_lvalue = true; 896 897 n->u.str_literals = expr_zero_alloc(sizeof(*n->u.str_literals), "tnode.string"); 898 n->u.str_literals->len = lit->len; 899 900 if (lit->data != NULL) { 901 n->u.str_literals->data = expr_zero_alloc(lit->len + 1, 902 "tnode.string.data"); 903 (void)memcpy(n->u.str_literals->data, lit->data, lit->len + 1); 904 free(lit->data); 905 } 906 free(lit); 907 908 return n; 909 } 910 911 static tnode_t * 912 unconst_tnode(const tnode_t *p) 913 { 914 void *r; 915 916 memcpy(&r, &p, sizeof(r)); 917 return r; 918 } 919 920 tnode_t * 921 build_generic_selection(const tnode_t *expr, 922 struct generic_association *sel) 923 { 924 tnode_t *default_result = NULL; 925 926 if (expr != NULL) 927 expr = cconv(unconst_tnode(expr)); /* C23 6.5.2.1p2 */ 928 929 for (; sel != NULL; sel = sel->ga_prev) { 930 if (expr != NULL && 931 types_compatible(sel->ga_arg, expr->tn_type, 932 true, false, NULL)) 933 return sel->ga_result; 934 if (sel->ga_arg == NULL) 935 default_result = sel->ga_result; 936 } 937 return default_result; 938 } 939 940 static bool 941 is_out_of_char_range(const tnode_t *tn) 942 { 943 return tn->tn_op == CON && 944 !tn->u.value.v_char_constant && 945 !(0 <= tn->u.value.u.integer && 946 tn->u.value.u.integer < 1 << (CHAR_SIZE - 1)); 947 } 948 949 static bool 950 check_nonportable_char_comparison(op_t op, 951 const tnode_t *ln, tspec_t lt, 952 const tnode_t *rn, tspec_t rt) 953 { 954 if (!(hflag || pflag)) 955 return true; 956 957 if (lt == CHAR && is_out_of_char_range(rn)) { 958 char buf[128]; 959 (void)snprintf(buf, sizeof(buf), "%s %d", 960 op_name(op), (int)rn->u.value.u.integer); 961 /* nonportable character comparison '%s' */ 962 warning(230, buf); 963 return false; 964 } 965 if (rt == CHAR && is_out_of_char_range(ln)) { 966 char buf[128]; 967 (void)snprintf(buf, sizeof(buf), "%d %s ?", 968 (int)ln->u.value.u.integer, op_name(op)); 969 /* nonportable character comparison '%s' */ 970 warning(230, buf); 971 return false; 972 } 973 return true; 974 } 975 976 static void 977 check_integer_comparison(op_t op, tnode_t *ln, tnode_t *rn) 978 { 979 980 tspec_t lt = ln->tn_type->t_tspec; 981 tspec_t rt = rn->tn_type->t_tspec; 982 983 if (ln->tn_op != CON && rn->tn_op != CON) 984 return; 985 986 if (!is_integer(lt) || !is_integer(rt)) 987 return; 988 989 if (any_query_enabled && !in_system_header) { 990 if (lt == CHAR && rn->tn_op == CON && 991 !rn->u.value.v_char_constant) { 992 /* comparison '%s' of 'char' with plain integer %d */ 993 query_message(14, 994 op_name(op), (int)rn->u.value.u.integer); 995 } 996 if (rt == CHAR && ln->tn_op == CON && 997 !ln->u.value.v_char_constant) { 998 /* comparison '%s' of 'char' with plain integer %d */ 999 query_message(14, 1000 op_name(op), (int)ln->u.value.u.integer); 1001 } 1002 } 1003 1004 if (!check_nonportable_char_comparison(op, ln, lt, rn, rt)) 1005 return; 1006 1007 if (is_uinteger(lt) && !is_uinteger(rt) && 1008 rn->tn_op == CON && rn->u.value.u.integer <= 0) { 1009 if (rn->u.value.u.integer < 0) { 1010 /* operator '%s' compares '%s' with '%s' */ 1011 warning(162, op_name(op), 1012 expr_type_name(ln), "negative constant"); 1013 } else if (op == LT || op == GE) 1014 /* operator '%s' compares '%s' with '%s' */ 1015 warning(162, op_name(op), expr_type_name(ln), "0"); 1016 return; 1017 } 1018 if (is_uinteger(rt) && !is_uinteger(lt) && 1019 ln->tn_op == CON && ln->u.value.u.integer <= 0) { 1020 if (ln->u.value.u.integer < 0) { 1021 /* operator '%s' compares '%s' with '%s' */ 1022 warning(162, op_name(op), 1023 "negative constant", expr_type_name(rn)); 1024 } else if (op == GT || op == LE) 1025 /* operator '%s' compares '%s' with '%s' */ 1026 warning(162, op_name(op), "0", expr_type_name(rn)); 1027 return; 1028 } 1029 } 1030 1031 static const tspec_t arith_rank[] = { 1032 LDOUBLE, DOUBLE, FLOAT, 1033 UINT128, INT128, 1034 ULLONG, LLONG, 1035 ULONG, LONG, 1036 UINT, INT, 1037 }; 1038 1039 /* Keep unsigned in traditional C */ 1040 static tspec_t 1041 usual_arithmetic_conversion_trad(tspec_t lt, tspec_t rt) 1042 { 1043 1044 size_t i; 1045 for (i = 0; arith_rank[i] != INT; i++) 1046 if (lt == arith_rank[i] || rt == arith_rank[i]) 1047 break; 1048 1049 tspec_t t = arith_rank[i]; 1050 if (is_uinteger(lt) || is_uinteger(rt)) 1051 if (is_integer(t) && !is_uinteger(t)) 1052 return unsigned_type(t); 1053 return t; 1054 } 1055 1056 static tspec_t 1057 usual_arithmetic_conversion_c90(tspec_t lt, tspec_t rt) 1058 { 1059 1060 if (lt == rt) 1061 return lt; 1062 1063 if (lt == LCOMPLEX || rt == LCOMPLEX) 1064 return LCOMPLEX; 1065 if (lt == DCOMPLEX || rt == DCOMPLEX) 1066 return DCOMPLEX; 1067 if (lt == FCOMPLEX || rt == FCOMPLEX) 1068 return FCOMPLEX; 1069 if (lt == LDOUBLE || rt == LDOUBLE) 1070 return LDOUBLE; 1071 if (lt == DOUBLE || rt == DOUBLE) 1072 return DOUBLE; 1073 if (lt == FLOAT || rt == FLOAT) 1074 return FLOAT; 1075 1076 if (size_in_bits(lt) > size_in_bits(rt)) 1077 return lt; 1078 if (size_in_bits(lt) < size_in_bits(rt)) 1079 return rt; 1080 1081 size_t i; 1082 for (i = 3; arith_rank[i] != INT; i++) 1083 if (arith_rank[i] == lt || arith_rank[i] == rt) 1084 break; 1085 if ((is_uinteger(lt) || is_uinteger(rt)) && 1086 !is_uinteger(arith_rank[i])) 1087 i--; 1088 return arith_rank[i]; 1089 } 1090 1091 static tnode_t * 1092 apply_usual_arithmetic_conversions(op_t op, tnode_t *tn, tspec_t t) 1093 { 1094 type_t *ntp = expr_dup_type(tn->tn_type); 1095 ntp->t_tspec = t; 1096 if (tn->tn_op != CON) { 1097 /* usual arithmetic conversion for '%s' from '%s' to '%s' */ 1098 query_message(4, op_name(op), 1099 expr_type_name(tn), type_name(ntp)); 1100 } 1101 return convert(op, 0, ntp, tn); 1102 } 1103 1104 /* 1105 * Apply the "usual arithmetic conversions" (C99 6.3.1.8), which gives both 1106 * operands the same type. 1107 */ 1108 static void 1109 balance(op_t op, tnode_t **lnp, tnode_t **rnp) 1110 { 1111 1112 tspec_t lt = (*lnp)->tn_type->t_tspec; 1113 tspec_t rt = (*rnp)->tn_type->t_tspec; 1114 if (!is_arithmetic(lt) || !is_arithmetic(rt)) 1115 return; 1116 1117 tspec_t t = allow_c90 1118 ? usual_arithmetic_conversion_c90(lt, rt) 1119 : usual_arithmetic_conversion_trad(lt, rt); 1120 1121 if (modtab[op].m_comparison 1122 && is_integer(lt) && (*lnp)->tn_op != CON 1123 && is_floating(t) && (*rnp)->tn_op == CON) 1124 /* comparing integer '%s' to floating point constant %Lg */ 1125 warning(379, expr_type_name(*lnp), 1126 (*rnp)->u.value.u.floating); 1127 1128 if (t != lt) 1129 *lnp = apply_usual_arithmetic_conversions(op, *lnp, t); 1130 if (t != rt) 1131 *rnp = apply_usual_arithmetic_conversions(op, *rnp, t); 1132 1133 if (is_integer(t)) { 1134 unsigned lw = width_in_bits((*lnp)->tn_type); 1135 unsigned rw = width_in_bits((*rnp)->tn_type); 1136 if (lw < rw) 1137 *lnp = convert(NOOP, 0, (*rnp)->tn_type, *lnp); 1138 if (rw < lw) 1139 *rnp = convert(NOOP, 0, (*lnp)->tn_type, *rnp); 1140 } 1141 } 1142 1143 static tnode_t * 1144 build_address(bool sys, tnode_t *tn) 1145 { 1146 /* eliminate '&*' */ 1147 if (tn->tn_op == INDIR && 1148 tn->u.ops.left->tn_type->t_tspec == PTR && 1149 tn->u.ops.left->tn_type->t_subt == tn->tn_type) { 1150 return tn->u.ops.left; 1151 } 1152 1153 return build_op(ADDR, sys, expr_derive_type(tn->tn_type, PTR), 1154 tn, NULL); 1155 } 1156 1157 static uint64_t 1158 fold_unsigned_integer(op_t op, uint64_t l, uint64_t r, 1159 uint64_t max_value, bool *overflow) 1160 { 1161 switch (op) { 1162 case COMPL: 1163 return ~l & max_value; 1164 case UPLUS: 1165 return +l; 1166 case UMINUS: 1167 return -l & max_value; 1168 case MULT: 1169 *overflow = r > 0 && l > max_value / r; 1170 return l * r; 1171 case DIV: 1172 if (r == 0) { 1173 /* division by 0 */ 1174 error(139); 1175 return max_value; 1176 } 1177 return l / r; 1178 case MOD: 1179 if (r == 0) { 1180 /* modulus by 0 */ 1181 error(140); 1182 return 0; 1183 } 1184 return l % r; 1185 case PLUS: 1186 *overflow = l > max_value - r; 1187 return l + r; 1188 case MINUS: 1189 *overflow = l < r; 1190 return l - r; 1191 case SHL: 1192 /* TODO: warn about out-of-bounds 'r'. */ 1193 /* TODO: warn about overflow. */ 1194 return l << (r & 63); 1195 case SHR: 1196 /* TODO: warn about out-of-bounds 'r'. */ 1197 return l >> (r & 63); 1198 case LT: 1199 return l < r ? 1 : 0; 1200 case LE: 1201 return l <= r ? 1 : 0; 1202 case GT: 1203 return l > r ? 1 : 0; 1204 case GE: 1205 return l >= r ? 1 : 0; 1206 case EQ: 1207 return l == r ? 1 : 0; 1208 case NE: 1209 return l != r ? 1 : 0; 1210 case BITAND: 1211 return l & r; 1212 case BITXOR: 1213 return l ^ r; 1214 case BITOR: 1215 return l | r; 1216 default: 1217 lint_assert(false); 1218 /* NOTREACHED */ 1219 } 1220 } 1221 1222 static int64_t 1223 fold_signed_integer(op_t op, int64_t l, int64_t r, 1224 int64_t min_value, int64_t max_value, bool *overflow) 1225 { 1226 switch (op) { 1227 case COMPL: 1228 return ~l; 1229 case UPLUS: 1230 return +l; 1231 case UMINUS: 1232 *overflow = l == min_value; 1233 return *overflow ? l : -l; 1234 case MULT:; 1235 uint64_t al = s64_abs(l); 1236 uint64_t ar = s64_abs(r); 1237 bool neg = (l >= 0) != (r >= 0); 1238 uint64_t max_prod = (uint64_t)max_value + (neg ? 1 : 0); 1239 if (al > 0 && ar > max_prod / al) { 1240 *overflow = true; 1241 return neg ? min_value : max_value; 1242 } 1243 return l * r; 1244 case DIV: 1245 if (r == 0) { 1246 /* division by 0 */ 1247 error(139); 1248 return max_value; 1249 } 1250 if (l == min_value && r == -1) { 1251 *overflow = true; 1252 return l; 1253 } 1254 return l / r; 1255 case MOD: 1256 if (r == 0) { 1257 /* modulus by 0 */ 1258 error(140); 1259 return 0; 1260 } 1261 if (l == min_value && r == -1) { 1262 *overflow = true; 1263 return 0; 1264 } 1265 return l % r; 1266 case PLUS: 1267 if (r > 0 && l > max_value - r) { 1268 *overflow = true; 1269 return max_value; 1270 } 1271 if (r < 0 && l < min_value - r) { 1272 *overflow = true; 1273 return min_value; 1274 } 1275 return l + r; 1276 case MINUS: 1277 if (r > 0 && l < min_value + r) { 1278 *overflow = true; 1279 return min_value; 1280 } 1281 if (r < 0 && l > max_value + r) { 1282 *overflow = true; 1283 return max_value; 1284 } 1285 return l - r; 1286 case SHL: 1287 /* TODO: warn about out-of-bounds 'r'. */ 1288 /* TODO: warn about overflow. */ 1289 return (int64_t)((uint64_t)l << (r & 63)); 1290 case SHR: 1291 /* TODO: warn about out-of-bounds 'r'. */ 1292 return s64_shr(l, r & 63); 1293 case LT: 1294 return l < r ? 1 : 0; 1295 case LE: 1296 return l <= r ? 1 : 0; 1297 case GT: 1298 return l > r ? 1 : 0; 1299 case GE: 1300 return l >= r ? 1 : 0; 1301 case EQ: 1302 return l == r ? 1 : 0; 1303 case NE: 1304 return l != r ? 1 : 0; 1305 case BITAND: 1306 return l & r; 1307 case BITXOR: 1308 return l ^ r; 1309 case BITOR: 1310 return l | r; 1311 default: 1312 lint_assert(false); 1313 /* NOTREACHED */ 1314 } 1315 } 1316 1317 static tnode_t * 1318 fold_constant_integer(tnode_t *tn) 1319 { 1320 1321 lint_assert(has_operands(tn)); 1322 tspec_t t = tn->u.ops.left->tn_type->t_tspec; 1323 int64_t l = tn->u.ops.left->u.value.u.integer; 1324 int64_t r = is_binary(tn) ? tn->u.ops.right->u.value.u.integer : 0; 1325 uint64_t mask = value_bits(size_in_bits(t)); 1326 1327 int64_t res; 1328 bool overflow = false; 1329 if (!is_integer(t) || is_uinteger(t)) { 1330 uint64_t u_res = fold_unsigned_integer(tn->tn_op, 1331 (uint64_t)l, (uint64_t)r, mask, &overflow); 1332 if (u_res > mask) 1333 overflow = true; 1334 res = (int64_t)u_res; 1335 if (overflow && hflag) { 1336 char buf[128]; 1337 if (is_binary(tn)) { 1338 snprintf(buf, sizeof(buf), "%ju %s %ju", 1339 (uintmax_t)l, op_name(tn->tn_op), 1340 (uintmax_t)r); 1341 } else { 1342 snprintf(buf, sizeof(buf), "%s%ju", 1343 op_name(tn->tn_op), (uintmax_t)l); 1344 } 1345 /* '%s' overflows '%s' */ 1346 warning(141, buf, expr_type_name(tn)); 1347 } 1348 } else { 1349 int64_t max_value = (int64_t)(mask >> 1); 1350 int64_t min_value = -max_value - 1; 1351 res = fold_signed_integer(tn->tn_op, 1352 l, r, min_value, max_value, &overflow); 1353 if (res < min_value || res > max_value) 1354 overflow = true; 1355 if (overflow && hflag) { 1356 char buf[128]; 1357 if (is_binary(tn)) { 1358 snprintf(buf, sizeof(buf), "%jd %s %jd", 1359 (intmax_t)l, op_name(tn->tn_op), 1360 (intmax_t)r); 1361 } else if (tn->tn_op == UMINUS && l < 0) { 1362 snprintf(buf, sizeof(buf), "-(%jd)", 1363 (intmax_t)l); 1364 } else { 1365 snprintf(buf, sizeof(buf), "%s%jd", 1366 op_name(tn->tn_op), (intmax_t)l); 1367 } 1368 /* '%s' overflows '%s' */ 1369 warning(141, buf, expr_type_name(tn)); 1370 } 1371 } 1372 1373 val_t *v = xcalloc(1, sizeof(*v)); 1374 v->v_tspec = tn->tn_type->t_tspec; 1375 v->u.integer = convert_integer(res, t, size_in_bits(t)); 1376 1377 tnode_t *cn = build_constant(tn->tn_type, v); 1378 if (tn->u.ops.left->tn_system_dependent) 1379 cn->tn_system_dependent = true; 1380 if (is_binary(tn) && tn->u.ops.right->tn_system_dependent) 1381 cn->tn_system_dependent = true; 1382 1383 return cn; 1384 } 1385 1386 static tnode_t * 1387 build_struct_access(op_t op, bool sys, tnode_t *ln, tnode_t *rn) 1388 { 1389 1390 lint_assert(rn->tn_op == NAME); 1391 lint_assert(is_member(rn->u.sym)); 1392 1393 bool lvalue = op == ARROW || ln->tn_lvalue; 1394 1395 if (op == POINT) 1396 ln = build_address(sys, ln); 1397 else if (ln->tn_type->t_tspec != PTR) { 1398 lint_assert(!allow_c90); 1399 lint_assert(is_integer(ln->tn_type->t_tspec)); 1400 ln = convert(NOOP, 0, expr_derive_type(gettyp(VOID), PTR), ln); 1401 } 1402 1403 tnode_t *ctn = build_integer_constant(PTRDIFF_TSPEC, 1404 rn->u.sym->u.s_member.sm_offset_in_bits / CHAR_SIZE); 1405 1406 type_t *ptr_tp = expr_derive_type(rn->tn_type, PTR); 1407 tnode_t *ntn = build_op(PLUS, sys, ptr_tp, ln, ctn); 1408 if (ln->tn_op == CON) 1409 ntn = fold_constant_integer(ntn); 1410 1411 op_t nop = rn->tn_type->t_bitfield ? FSEL : INDIR; 1412 ntn = build_op(nop, sys, ntn->tn_type->t_subt, ntn, NULL); 1413 if (!lvalue) 1414 ntn->tn_lvalue = false; 1415 1416 return ntn; 1417 } 1418 1419 /* 1420 * Get the size in bytes of type tp->t_subt, as a constant expression of type 1421 * ptrdiff_t as seen from the target platform. 1422 */ 1423 static tnode_t * 1424 subt_size_in_bytes(type_t *tp) 1425 { 1426 1427 lint_assert(tp->t_tspec == PTR); 1428 tp = tp->t_subt; 1429 1430 int elem = 1; 1431 while (tp->t_tspec == ARRAY) { 1432 elem *= tp->u.dimension; 1433 tp = tp->t_subt; 1434 } 1435 1436 int elsz_in_bits = 0; 1437 switch (tp->t_tspec) { 1438 case FUNC: 1439 /* pointer to function is not allowed here */ 1440 error(110); 1441 break; 1442 case VOID: 1443 /* cannot do pointer arithmetic on operand of unknown size */ 1444 gnuism(136); 1445 break; 1446 case STRUCT: 1447 case UNION: 1448 if ((elsz_in_bits = (int)tp->u.sou->sou_size_in_bits) == 0) 1449 /* cannot do pointer arithmetic on operand of ... */ 1450 error(136); 1451 break; 1452 case ENUM: 1453 if (is_incomplete(tp)) 1454 /* cannot do pointer arithmetic on operand of ... */ 1455 warning(136); 1456 /* FALLTHROUGH */ 1457 default: 1458 if ((elsz_in_bits = size_in_bits(tp->t_tspec)) == 0) 1459 /* cannot do pointer arithmetic on operand of ... */ 1460 error(136); 1461 else 1462 lint_assert(elsz_in_bits != -1); 1463 break; 1464 } 1465 1466 if (elem == 0 && elsz_in_bits != 0) 1467 /* cannot do pointer arithmetic on operand of unknown size */ 1468 error(136); 1469 1470 if (elsz_in_bits == 0) 1471 elsz_in_bits = CHAR_SIZE; 1472 1473 return build_integer_constant(PTRDIFF_TSPEC, 1474 (int64_t)(elem * elsz_in_bits / CHAR_SIZE)); 1475 } 1476 1477 static tnode_t * 1478 build_prepost_incdec(op_t op, bool sys, tnode_t *ln) 1479 { 1480 1481 lint_assert(ln != NULL); 1482 tnode_t *cn = ln->tn_type->t_tspec == PTR 1483 ? subt_size_in_bytes(ln->tn_type) 1484 : build_integer_constant(INT, 1); 1485 return build_op(op, sys, ln->tn_type, ln, cn); 1486 } 1487 1488 static void 1489 check_enum_array_index(const tnode_t *ln, const tnode_t *rn) 1490 { 1491 1492 if (ln->tn_op != ADDR) 1493 return; 1494 ln = ln->u.ops.left; 1495 if (ln->tn_op != NAME && ln->tn_op != STRING) 1496 return; 1497 1498 const type_t *ltp = ln->tn_type; 1499 if (ltp->t_tspec != ARRAY || ltp->t_incomplete_array) 1500 return; 1501 1502 if (rn->tn_op != CVT || !rn->tn_type->t_is_enum) 1503 return; 1504 if (rn->u.ops.left->tn_op != LOAD) 1505 return; 1506 1507 const type_t *rtp = rn->u.ops.left->tn_type; 1508 const sym_t *ec = rtp->u.enumer->en_first_enumerator; 1509 const sym_t *max_ec = ec; 1510 lint_assert(ec != NULL); 1511 for (ec = ec->s_next; ec != NULL; ec = ec->s_next) 1512 if (ec->u.s_enum_constant > max_ec->u.s_enum_constant) 1513 max_ec = ec; 1514 1515 int64_t max_enum_value = max_ec->u.s_enum_constant; 1516 lint_assert(INT_MIN <= max_enum_value && max_enum_value <= INT_MAX); 1517 1518 int max_array_index = ltp->u.dimension - 1; 1519 size_t nonnull_dimension = ln->tn_op == STRING 1520 ? str_len(ln) 1521 : ln->u.sym->u.s_array_nonnull_dimension; 1522 if (nonnull_dimension > 0) 1523 max_array_index = (int)nonnull_dimension - 1; 1524 if (max_enum_value == max_array_index) 1525 return; 1526 1527 if (max_enum_value == max_array_index + 1 && 1528 (strstr(max_ec->s_name, "MAX") != NULL || 1529 strstr(max_ec->s_name, "max") != NULL || 1530 strstr(max_ec->s_name, "NUM") != NULL || 1531 strstr(max_ec->s_name, "num") != NULL || 1532 strncmp(max_ec->s_name, "N_", 2) == 0)) 1533 return; 1534 1535 /* maximum value %d for '%s' of type '%s' does not match maximum array index %d */ 1536 warning(348, (int)max_enum_value, max_ec->s_name, type_name(rtp), 1537 max_array_index); 1538 print_previous_declaration(max_ec); 1539 } 1540 1541 static tnode_t * 1542 build_plus_minus(op_t op, bool sys, tnode_t *ln, tnode_t *rn) 1543 { 1544 1545 if (rn->tn_type->t_tspec == PTR && is_integer(ln->tn_type->t_tspec)) { 1546 tnode_t *tmp = ln; 1547 ln = rn; 1548 rn = tmp; 1549 /* pointer addition has integer on the left-hand side */ 1550 query_message(5); 1551 } 1552 1553 /* pointer +- integer */ 1554 tspec_t lt = ln->tn_type->t_tspec; 1555 tspec_t rt = rn->tn_type->t_tspec; 1556 if (lt == PTR && rt != PTR) { 1557 lint_assert(is_integer(rt)); 1558 1559 check_ctype_macro_invocation(ln, rn); 1560 check_enum_array_index(ln, rn); 1561 1562 tnode_t *elsz = subt_size_in_bytes(ln->tn_type); 1563 tspec_t szt = elsz->tn_type->t_tspec; 1564 if (rt != szt && rt != unsigned_type(szt)) 1565 rn = convert(NOOP, 0, elsz->tn_type, rn); 1566 1567 tnode_t *prod = build_op(MULT, sys, rn->tn_type, rn, elsz); 1568 if (rn->tn_op == CON) 1569 prod = fold_constant_integer(prod); 1570 1571 return build_op(op, sys, ln->tn_type, ln, prod); 1572 } 1573 1574 /* pointer - pointer */ 1575 if (rt == PTR) { 1576 lint_assert(lt == PTR); 1577 lint_assert(op == MINUS); 1578 1579 type_t *ptrdiff = gettyp(PTRDIFF_TSPEC); 1580 tnode_t *raw_diff = build_op(op, sys, ptrdiff, ln, rn); 1581 if (ln->tn_op == CON && rn->tn_op == CON) 1582 raw_diff = fold_constant_integer(raw_diff); 1583 1584 tnode_t *elsz = subt_size_in_bytes(ln->tn_type); 1585 balance(NOOP, &raw_diff, &elsz); 1586 1587 return build_op(DIV, sys, ptrdiff, raw_diff, elsz); 1588 } 1589 1590 return build_op(op, sys, ln->tn_type, ln, rn); 1591 } 1592 1593 static tnode_t * 1594 build_bit_shift(op_t op, bool sys, tnode_t *ln, tnode_t *rn) 1595 { 1596 1597 if (!allow_c90 && rn->tn_type->t_tspec != INT) 1598 // XXX: C1978 7.5 says: "Both [operators] perform the usual 1599 // arithmetic conversions on their operands." 1600 // TODO: Add a test to exercise this part of the code. 1601 rn = convert(NOOP, 0, gettyp(INT), rn); 1602 return build_op(op, sys, ln->tn_type, ln, rn); 1603 } 1604 1605 static bool 1606 is_null_pointer(const tnode_t *tn) 1607 { 1608 tspec_t t = tn->tn_type->t_tspec; 1609 1610 // TODO: Investigate how other pointers are stored, in particular, 1611 // whether a pointer constant can have a non-zero value. 1612 // If not, simplify the code below. 1613 return ((t == PTR && tn->tn_type->t_subt->t_tspec == VOID) 1614 || is_integer(t)) 1615 && (tn->tn_op == CON && tn->u.value.u.integer == 0); 1616 } 1617 1618 /* Return a type based on tp1, with added qualifiers from tp2. */ 1619 static type_t * 1620 merge_qualifiers(type_t *tp1, const type_t *tp2) 1621 { 1622 1623 lint_assert(tp1->t_tspec == PTR); 1624 lint_assert(tp2->t_tspec == PTR); 1625 1626 bool c1 = tp1->t_subt->t_const; 1627 bool c2 = tp2->t_subt->t_const; 1628 bool v1 = tp1->t_subt->t_volatile; 1629 bool v2 = tp2->t_subt->t_volatile; 1630 1631 if (c1 == (c1 | c2) && v1 == (v1 | v2)) 1632 return tp1; 1633 1634 type_t *nstp = expr_dup_type(tp1->t_subt); 1635 nstp->t_const |= c2; 1636 nstp->t_volatile |= v2; 1637 1638 type_t *ntp = expr_dup_type(tp1); 1639 ntp->t_subt = nstp; 1640 return ntp; 1641 } 1642 1643 /* See C99 6.5.15 "Conditional operator". */ 1644 static tnode_t * 1645 build_colon(bool sys, tnode_t *ln, tnode_t *rn) 1646 { 1647 tspec_t lt = ln->tn_type->t_tspec; 1648 tspec_t rt = rn->tn_type->t_tspec; 1649 1650 type_t *tp; 1651 if (is_arithmetic(lt) && is_arithmetic(rt)) 1652 /* The operands were already balanced in build_binary. */ 1653 tp = ln->tn_type; 1654 else if (lt == BOOL && rt == BOOL) 1655 tp = ln->tn_type; 1656 else if (lt == VOID || rt == VOID) 1657 tp = gettyp(VOID); 1658 else if (is_struct_or_union(lt)) { 1659 lint_assert(is_struct_or_union(rt)); 1660 lint_assert(ln->tn_type->u.sou == rn->tn_type->u.sou); 1661 if (is_incomplete(ln->tn_type)) { 1662 /* unknown operand size, op '%s' */ 1663 error(138, op_name(COLON)); 1664 return NULL; 1665 } 1666 tp = ln->tn_type; 1667 } else if (lt == PTR && is_integer(rt)) { 1668 if (rt != PTRDIFF_TSPEC) 1669 rn = convert(NOOP, 0, gettyp(PTRDIFF_TSPEC), rn); 1670 tp = ln->tn_type; 1671 } else if (rt == PTR && is_integer(lt)) { 1672 if (lt != PTRDIFF_TSPEC) 1673 ln = convert(NOOP, 0, gettyp(PTRDIFF_TSPEC), ln); 1674 tp = rn->tn_type; 1675 } else if (lt == PTR && is_null_pointer(rn)) 1676 tp = merge_qualifiers(ln->tn_type, rn->tn_type); 1677 else if (rt == PTR && is_null_pointer(ln)) 1678 tp = merge_qualifiers(rn->tn_type, ln->tn_type); 1679 else if (lt == PTR && ln->tn_type->t_subt->t_tspec == VOID) 1680 tp = merge_qualifiers(ln->tn_type, rn->tn_type); 1681 else if (rt == PTR && rn->tn_type->t_subt->t_tspec == VOID) 1682 tp = merge_qualifiers(rn->tn_type, ln->tn_type); 1683 else { 1684 /* 1685 * XXX For now we simply take the left type. This is probably 1686 * wrong, if one type contains a function prototype and the 1687 * other one, at the same place, only an old-style declaration. 1688 */ 1689 tp = merge_qualifiers(ln->tn_type, rn->tn_type); 1690 } 1691 1692 return build_op(COLON, sys, tp, ln, rn); 1693 } 1694 1695 /* TODO: check for varargs */ 1696 static bool 1697 is_cast_redundant(const tnode_t *tn) 1698 { 1699 const type_t *ntp = tn->tn_type, *otp = tn->u.ops.left->tn_type; 1700 tspec_t nt = ntp->t_tspec, ot = otp->t_tspec; 1701 1702 if (nt == BOOL || ot == BOOL) 1703 return nt == BOOL && ot == BOOL; 1704 1705 if (is_integer(nt) && is_integer(ot)) { 1706 unsigned int nw = width_in_bits(ntp), ow = width_in_bits(otp); 1707 if (is_uinteger(nt) == is_uinteger(ot)) 1708 return nw >= ow; 1709 return is_uinteger(ot) && nw > ow; 1710 } 1711 1712 if (is_complex(nt) || is_complex(ot)) 1713 return is_complex(nt) && is_complex(ot) && 1714 size_in_bits(nt) >= size_in_bits(ot); 1715 1716 if (is_floating(nt) && is_floating(ot)) 1717 return size_in_bits(nt) >= size_in_bits(ot); 1718 1719 if (nt == PTR && ot == PTR) { 1720 if (!ntp->t_subt->t_const && otp->t_subt->t_const) 1721 return false; 1722 if (!ntp->t_subt->t_volatile && otp->t_subt->t_volatile) 1723 return false; 1724 1725 if (ntp->t_subt->t_tspec == VOID || 1726 otp->t_subt->t_tspec == VOID || 1727 types_compatible(ntp->t_subt, otp->t_subt, 1728 false, false, NULL)) 1729 return true; 1730 } 1731 1732 return false; 1733 } 1734 1735 static bool 1736 is_assignment(op_t op) 1737 { 1738 1739 return op == ASSIGN || 1740 op == MULASS || 1741 op == DIVASS || 1742 op == MODASS || 1743 op == ADDASS || 1744 op == SUBASS || 1745 op == SHLASS || 1746 op == SHRASS || 1747 op == ANDASS || 1748 op == XORASS || 1749 op == ORASS || 1750 op == RETURN || 1751 op == INIT; 1752 } 1753 1754 static tnode_t * 1755 build_assignment(op_t op, bool sys, tnode_t *ln, tnode_t *rn) 1756 { 1757 1758 tspec_t lt = ln->tn_type->t_tspec; 1759 tspec_t rt = rn->tn_type->t_tspec; 1760 1761 if (is_assignment(rn->tn_op)) 1762 /* chained assignment with '%s' and '%s' */ 1763 query_message(10, op_name(op), op_name(rn->tn_op)); 1764 1765 if ((op == ADDASS || op == SUBASS) && lt == PTR) { 1766 lint_assert(is_integer(rt)); 1767 tnode_t *ctn = subt_size_in_bytes(ln->tn_type); 1768 if (rn->tn_type->t_tspec != ctn->tn_type->t_tspec) 1769 rn = convert(NOOP, 0, ctn->tn_type, rn); 1770 rn = build_op(MULT, sys, rn->tn_type, rn, ctn); 1771 if (rn->u.ops.left->tn_op == CON) 1772 rn = fold_constant_integer(rn); 1773 } 1774 1775 if ((op == ASSIGN || op == RETURN || op == INIT) && 1776 (lt == STRUCT || rt == STRUCT)) { 1777 lint_assert(lt == rt); 1778 lint_assert(ln->tn_type->u.sou == rn->tn_type->u.sou); 1779 if (is_incomplete(ln->tn_type)) { 1780 if (op == RETURN) 1781 /* cannot return incomplete type */ 1782 error(212); 1783 else 1784 /* unknown operand size, op '%s' */ 1785 error(138, op_name(op)); 1786 return NULL; 1787 } 1788 } 1789 1790 if (op == SHLASS && hflag && allow_trad && allow_c90 1791 && portable_rank_cmp(lt, rt) < 0) 1792 /* '%s' %s '%s' differs between traditional C and C90 */ 1793 warning(118, tspec_name(lt), "<<=", tspec_name(rt)); 1794 1795 if (op != SHLASS && op != SHRASS 1796 && (op == ASSIGN || lt != PTR) 1797 && (lt != rt || (ln->tn_type->t_bitfield && rn->tn_op == CON))) { 1798 rn = convert(op, 0, ln->tn_type, rn); 1799 rt = lt; 1800 } 1801 1802 if (lt == PTR && ln->tn_type->t_subt->t_tspec != VOID 1803 && rt == PTR && rn->tn_type->t_subt->t_tspec == VOID 1804 && !is_null_pointer(rn)) 1805 /* implicit narrowing conversion from void ... */ 1806 query_message(20, type_name(ln->tn_type)); 1807 1808 if (any_query_enabled && rn->tn_op == CVT && rn->tn_cast && 1809 types_compatible(ln->tn_type, rn->tn_type, false, false, NULL) && 1810 is_cast_redundant(rn)) { 1811 /* redundant cast from '%s' to '%s' before assignment */ 1812 query_message(7, expr_type_name(rn->u.ops.left), 1813 type_name(rn->tn_type)); 1814 } 1815 1816 return build_op(op, sys, ln->tn_type, ln, rn); 1817 } 1818 1819 static tnode_t * 1820 build_real_imag(op_t op, bool sys, tnode_t *ln) 1821 { 1822 1823 lint_assert(ln != NULL); 1824 if (ln->tn_op == NAME) { 1825 /* 1826 * This may be too much, but it avoids wrong warnings. See 1827 * d_c99_complex_split.c. 1828 */ 1829 mark_as_used(ln->u.sym, false, false); 1830 mark_as_set(ln->u.sym); 1831 } 1832 1833 tspec_t t; 1834 switch (ln->tn_type->t_tspec) { 1835 case LCOMPLEX: 1836 t = LDOUBLE; 1837 break; 1838 case DCOMPLEX: 1839 t = DOUBLE; 1840 break; 1841 case FCOMPLEX: 1842 t = FLOAT; 1843 break; 1844 default: 1845 /* '__%s__' is invalid for type '%s' */ 1846 error(276, op == REAL ? "real" : "imag", 1847 type_name(ln->tn_type)); 1848 return NULL; 1849 } 1850 1851 tnode_t *ntn = build_op(op, sys, gettyp(t), ln, NULL); 1852 ntn->tn_lvalue = true; 1853 return ntn; 1854 } 1855 1856 static bool 1857 is_confusing_precedence(op_t op, const tnode_t *operand, op_t *cop) 1858 { 1859 if (operand->tn_parenthesized) 1860 return false; 1861 op_t oop = operand->tn_op; 1862 1863 if (op == SHL || op == SHR) { 1864 if (oop == PLUS || oop == MINUS) 1865 return *cop = oop, true; 1866 return false; 1867 } 1868 1869 if (op == LOGOR) { 1870 if (oop == LOGAND) 1871 return *cop = oop, true; 1872 return false; 1873 } 1874 1875 lint_assert(op == BITAND || op == BITXOR || op == BITOR); 1876 if (oop != op 1877 && (oop == PLUS || oop == MINUS || oop == BITAND || oop == BITXOR)) 1878 return *cop = oop, true; 1879 return false; 1880 } 1881 1882 /* 1883 * Print a warning if the given node has operands which should be 1884 * parenthesized. 1885 * 1886 * XXX Does not work if an operand is a constant expression. Constant 1887 * expressions are already folded. 1888 */ 1889 static void 1890 check_precedence_confusion(tnode_t *tn) 1891 { 1892 tnode_t *ln, *rn; 1893 1894 if (!hflag) 1895 return; 1896 1897 debug_node(tn); 1898 1899 lint_assert(is_binary(tn)); 1900 for (ln = tn->u.ops.left; ln->tn_op == CVT; ln = ln->u.ops.left) 1901 continue; 1902 for (rn = tn->u.ops.right; rn->tn_op == CVT; rn = rn->u.ops.left) 1903 continue; 1904 1905 op_t cop; 1906 if (is_confusing_precedence(tn->tn_op, ln, &cop) || 1907 is_confusing_precedence(tn->tn_op, rn, &cop)) { 1908 /* possible precedence confusion between '%s' and '%s' */ 1909 warning(169, op_name(tn->tn_op), op_name(cop)); 1910 } 1911 } 1912 1913 static tnode_t * 1914 fold_constant_compare_zero(tnode_t *tn) 1915 { 1916 1917 val_t *v = xcalloc(1, sizeof(*v)); 1918 v->v_tspec = tn->tn_type->t_tspec; 1919 lint_assert(v->v_tspec == INT || (Tflag && v->v_tspec == BOOL)); 1920 1921 lint_assert(has_operands(tn)); 1922 bool l = constant_is_nonzero(tn->u.ops.left); 1923 bool r = is_binary(tn) && constant_is_nonzero(tn->u.ops.right); 1924 1925 switch (tn->tn_op) { 1926 case NOT: 1927 v->u.integer = !l ? 1 : 0; 1928 break; 1929 case LOGAND: 1930 v->u.integer = l && r ? 1 : 0; 1931 break; 1932 case LOGOR: 1933 v->u.integer = l || r ? 1 : 0; 1934 break; 1935 default: 1936 lint_assert(false); 1937 } 1938 1939 return build_constant(tn->tn_type, v); 1940 } 1941 1942 static long double 1943 floating_error_value(tspec_t t, long double lv) 1944 { 1945 if (t == FLOAT) 1946 return lv < 0 ? -FLT_MAX : FLT_MAX; 1947 if (t == DOUBLE) 1948 return lv < 0 ? -DBL_MAX : DBL_MAX; 1949 /* 1950 * When NetBSD is cross-built in MKLINT=yes mode on x86_64 for sparc64, 1951 * tools/lint checks this code while building usr.bin/xlint. In that 1952 * situation, lint uses the preprocessor for sparc64, in which the type 1953 * 'long double' is IEEE-754-binary128, affecting the macro LDBL_MAX 1954 * below. The type 'long double', as well as the strtold 1955 * implementation, comes from the host platform x86_64 though, where 1956 * 'long double' consumes 128 bits as well but only uses 80 of them. 1957 * The exponent range of the two 'long double' types is the same, but 1958 * the maximum finite value differs due to the extended precision on 1959 * sparc64. 1960 * 1961 * To properly handle the data types of the target platform, lint would 1962 * have to implement the floating-point types in a platform-independent 1963 * way, which is not worth the effort, given how few programs 1964 * practically use 'long double'. 1965 */ 1966 /* LINTED 248: floating-point constant out of range */ 1967 long double max = LDBL_MAX; 1968 return lv < 0 ? -max : max; 1969 } 1970 1971 static bool 1972 is_floating_overflow(tspec_t t, long double val) 1973 { 1974 if (fpe != 0 || isfinite(val) == 0) 1975 return true; 1976 if (t == FLOAT && (val > FLT_MAX || val < -FLT_MAX)) 1977 return true; 1978 if (t == DOUBLE && (val > DBL_MAX || val < -DBL_MAX)) 1979 return true; 1980 return false; 1981 } 1982 1983 static tnode_t * 1984 fold_constant_floating(tnode_t *tn) 1985 { 1986 1987 fpe = 0; 1988 1989 tspec_t t = tn->tn_type->t_tspec; 1990 1991 val_t *v = xcalloc(1, sizeof(*v)); 1992 v->v_tspec = t; 1993 1994 lint_assert(is_floating(t)); 1995 lint_assert(has_operands(tn)); 1996 lint_assert(t == tn->u.ops.left->tn_type->t_tspec); 1997 lint_assert(!is_binary(tn) || t == tn->u.ops.right->tn_type->t_tspec); 1998 1999 long double lv = tn->u.ops.left->u.value.u.floating; 2000 long double rv = is_binary(tn) ? tn->u.ops.right->u.value.u.floating 2001 : 0.0; 2002 2003 switch (tn->tn_op) { 2004 case UPLUS: 2005 v->u.floating = lv; 2006 break; 2007 case UMINUS: 2008 v->u.floating = -lv; 2009 break; 2010 case MULT: 2011 v->u.floating = lv * rv; 2012 break; 2013 case DIV: 2014 if (rv == 0.0) { 2015 /* division by 0 */ 2016 error(139); 2017 v->u.floating = floating_error_value(t, lv); 2018 } else { 2019 v->u.floating = lv / rv; 2020 } 2021 break; 2022 case PLUS: 2023 v->u.floating = lv + rv; 2024 break; 2025 case MINUS: 2026 v->u.floating = lv - rv; 2027 break; 2028 case LT: 2029 v->u.integer = lv < rv ? 1 : 0; 2030 break; 2031 case LE: 2032 v->u.integer = lv <= rv ? 1 : 0; 2033 break; 2034 case GE: 2035 v->u.integer = lv >= rv ? 1 : 0; 2036 break; 2037 case GT: 2038 v->u.integer = lv > rv ? 1 : 0; 2039 break; 2040 case EQ: 2041 v->u.integer = lv == rv ? 1 : 0; 2042 break; 2043 case NE: 2044 v->u.integer = lv != rv ? 1 : 0; 2045 break; 2046 default: 2047 lint_assert(false); 2048 } 2049 2050 // XXX: Must not access u.floating after setting u.integer. 2051 lint_assert(fpe != 0 || isnan(v->u.floating) == 0); 2052 if (is_complex(v->v_tspec)) { 2053 /* 2054 * Don't warn, as lint doesn't model the imaginary part of 2055 * complex numbers. 2056 */ 2057 fpe = 0; 2058 } else if (is_floating_overflow(t, v->u.floating)) { 2059 /* operator '%s' produces floating point overflow */ 2060 warning(142, op_name(tn->tn_op)); 2061 v->u.floating = floating_error_value(t, v->u.floating); 2062 fpe = 0; 2063 } 2064 2065 return build_constant(tn->tn_type, v); 2066 } 2067 2068 static void 2069 use(const tnode_t *tn) 2070 { 2071 if (tn == NULL) 2072 return; 2073 switch (tn->tn_op) { 2074 case NAME: 2075 mark_as_used(tn->u.sym, false /* XXX */, false /* XXX */); 2076 break; 2077 case CON: 2078 case STRING: 2079 break; 2080 case CALL:; 2081 const function_call *call = tn->u.call; 2082 for (size_t i = 0, n = call->args_len; i < n; i++) 2083 use(call->args[i]); 2084 break; 2085 default: 2086 lint_assert(has_operands(tn)); 2087 use(tn->u.ops.left); 2088 if (is_binary(tn)) 2089 use(tn->u.ops.right); 2090 } 2091 } 2092 2093 /* 2094 * Create a tree node for a binary operator and its two operands. Also called 2095 * for unary operators; in that case rn is NULL. 2096 * 2097 * Function calls, sizeof and casts are handled elsewhere. 2098 */ 2099 tnode_t * 2100 build_binary(tnode_t *ln, op_t op, bool sys, tnode_t *rn) 2101 { 2102 const mod_t *mp = &modtab[op]; 2103 2104 /* If there was an error in one of the operands, return. */ 2105 if (ln == NULL || (mp->m_binary && rn == NULL)) 2106 return NULL; 2107 2108 if (mp->m_value_context || mp->m_compares_with_zero) 2109 ln = cconv(ln); 2110 if (mp->m_binary && op != ARROW && op != POINT) 2111 rn = cconv(rn); 2112 2113 if (mp->m_comparison) 2114 check_integer_comparison(op, ln, rn); 2115 2116 if (mp->m_value_context || mp->m_compares_with_zero) 2117 ln = promote(op, false, ln); 2118 if (mp->m_binary && op != ARROW && op != POINT && 2119 op != ASSIGN && op != RETURN && op != INIT) 2120 rn = promote(op, false, rn); 2121 2122 if (mp->m_warn_if_left_unsigned_in_c90 && 2123 ln->tn_op == CON && ln->u.value.v_unsigned_since_c90) { 2124 /* C90 treats constant as unsigned, op '%s' */ 2125 warning(218, op_name(op)); 2126 ln->u.value.v_unsigned_since_c90 = false; 2127 } 2128 if (mp->m_warn_if_right_unsigned_in_c90 && 2129 rn->tn_op == CON && rn->u.value.v_unsigned_since_c90) { 2130 /* C90 treats constant as unsigned, op '%s' */ 2131 warning(218, op_name(op)); 2132 rn->u.value.v_unsigned_since_c90 = false; 2133 } 2134 2135 if (mp->m_balance_operands || (!allow_c90 && (op == SHL || op == SHR))) 2136 balance(op, &ln, &rn); 2137 2138 if (!typeok(op, NULL, 0, ln, rn)) 2139 return NULL; 2140 2141 tnode_t *ntn; 2142 switch (op) { 2143 case POINT: 2144 case ARROW: 2145 ntn = build_struct_access(op, sys, ln, rn); 2146 break; 2147 case INCAFT: 2148 case DECAFT: 2149 case INCBEF: 2150 case DECBEF: 2151 ntn = build_prepost_incdec(op, sys, ln); 2152 break; 2153 case ADDR: 2154 ntn = build_address(sys, ln); 2155 break; 2156 case INDIR: 2157 ntn = build_op(INDIR, sys, ln->tn_type->t_subt, ln, NULL); 2158 break; 2159 case PLUS: 2160 case MINUS: 2161 ntn = build_plus_minus(op, sys, ln, rn); 2162 break; 2163 case SHL: 2164 case SHR: 2165 ntn = build_bit_shift(op, sys, ln, rn); 2166 break; 2167 case COLON: 2168 ntn = build_colon(sys, ln, rn); 2169 break; 2170 case ASSIGN: 2171 case MULASS: 2172 case DIVASS: 2173 case MODASS: 2174 case ADDASS: 2175 case SUBASS: 2176 case SHLASS: 2177 case SHRASS: 2178 case ANDASS: 2179 case XORASS: 2180 case ORASS: 2181 case RETURN: 2182 case INIT: 2183 ntn = build_assignment(op, sys, ln, rn); 2184 break; 2185 case COMMA: 2186 /* comma operator with types '%s' and '%s' */ 2187 query_message(12, 2188 expr_type_name(ln), expr_type_name(rn)); 2189 /* FALLTHROUGH */ 2190 case QUEST: 2191 ntn = build_op(op, sys, rn->tn_type, ln, rn); 2192 break; 2193 case REAL: 2194 case IMAG: 2195 ntn = build_real_imag(op, sys, ln); 2196 break; 2197 default: 2198 lint_assert(mp->m_binary == (rn != NULL)); 2199 if ((op == NOT || op == LOGAND || op == LOGOR) 2200 && ln->tn_op == ASSIGN && ln->u.ops.right->tn_op == CON) { 2201 /* constant assignment of type '%s' in operand ... */ 2202 warning(382, expr_type_name(ln), op_name(op), 2203 is_nonzero_val(&ln->u.ops.right->u.value) 2204 ? "true" : "false"); 2205 } 2206 if ((op == LOGAND || op == LOGOR) 2207 && rn->tn_op == ASSIGN && rn->u.ops.right->tn_op == CON) { 2208 /* constant assignment of type '%s' in operand ... */ 2209 warning(382, expr_type_name(rn), op_name(op), 2210 is_nonzero_val(&rn->u.ops.right->u.value) 2211 ? "true" : "false"); 2212 } 2213 type_t *rettp = mp->m_returns_bool 2214 ? gettyp(Tflag ? BOOL : INT) : ln->tn_type; 2215 ntn = build_op(op, sys, rettp, ln, rn); 2216 break; 2217 } 2218 2219 if (ntn == NULL) 2220 return NULL; 2221 2222 if (mp->m_possible_precedence_confusion) 2223 check_precedence_confusion(ntn); 2224 2225 if (mp->m_fold_constant_operands && ln->tn_op == CON) { 2226 if (!mp->m_binary || rn->tn_op == CON) { 2227 if (mp->m_compares_with_zero) 2228 ntn = fold_constant_compare_zero(ntn); 2229 else if (is_floating(ntn->tn_type->t_tspec)) 2230 ntn = fold_constant_floating(ntn); 2231 else 2232 ntn = fold_constant_integer(ntn); 2233 } else if (op == QUEST) { 2234 lint_assert(has_operands(rn)); 2235 use(ln->u.value.u.integer != 0 2236 ? rn->u.ops.right : rn->u.ops.left); 2237 ntn = ln->u.value.u.integer != 0 2238 ? rn->u.ops.left : rn->u.ops.right; 2239 } 2240 } 2241 2242 return ntn; 2243 } 2244 2245 tnode_t * 2246 build_unary(op_t op, bool sys, tnode_t *tn) 2247 { 2248 return build_binary(tn, op, sys, NULL); 2249 } 2250 2251 static bool 2252 are_members_compatible(const sym_t *a, const sym_t *b) 2253 { 2254 if (a->u.s_member.sm_offset_in_bits != b->u.s_member.sm_offset_in_bits) 2255 return false; 2256 2257 const type_t *atp = a->s_type; 2258 const type_t *btp = b->s_type; 2259 bool w = false; 2260 if (!types_compatible(atp, btp, false, false, &w) && !w) 2261 return false; 2262 if (a->s_bitfield != b->s_bitfield) 2263 return false; 2264 if (a->s_bitfield) { 2265 if (atp->t_bit_field_width != btp->t_bit_field_width) 2266 return false; 2267 if (atp->t_bit_field_offset != btp->t_bit_field_offset) 2268 return false; 2269 } 2270 return true; 2271 } 2272 2273 /* 2274 * Return whether all struct/union members with the same name have the same 2275 * type and offset. 2276 */ 2277 static bool 2278 all_members_compatible(const sym_t *msym) 2279 { 2280 for (const sym_t *csym = msym; 2281 csym != NULL; csym = csym->s_symtab_next) { 2282 if (!is_member(csym)) 2283 continue; 2284 if (strcmp(msym->s_name, csym->s_name) != 0) 2285 continue; 2286 2287 for (const sym_t *sym = csym->s_symtab_next; 2288 sym != NULL; sym = sym->s_symtab_next) { 2289 if (is_member(sym) 2290 && strcmp(csym->s_name, sym->s_name) == 0 2291 && !are_members_compatible(csym, sym)) 2292 return false; 2293 } 2294 } 2295 return true; 2296 } 2297 2298 sym_t * 2299 find_member(const struct_or_union *sou, const char *name) 2300 { 2301 for (sym_t *mem = sou->sou_first_member; 2302 mem != NULL; mem = mem->s_next) { 2303 lint_assert(is_member(mem)); 2304 lint_assert(mem->u.s_member.sm_containing_type == sou); 2305 if (strcmp(mem->s_name, name) == 0) 2306 return mem; 2307 } 2308 2309 for (sym_t *mem = sou->sou_first_member; 2310 mem != NULL; mem = mem->s_next) { 2311 if (is_struct_or_union(mem->s_type->t_tspec) 2312 && mem->s_name == unnamed) { 2313 sym_t *nested_mem = 2314 find_member(mem->s_type->u.sou, name); 2315 if (nested_mem != NULL) 2316 return nested_mem; 2317 } 2318 } 2319 return NULL; 2320 } 2321 2322 /* 2323 * Remove the member if it was unknown until now, which means 2324 * that no defined struct or union has a member with the same name. 2325 */ 2326 static void 2327 remove_unknown_member(tnode_t *tn, sym_t *msym) 2328 { 2329 /* type '%s' does not have member '%s' */ 2330 error(101, type_name(tn->tn_type), msym->s_name); 2331 symtab_remove_forever(msym); 2332 msym->s_kind = SK_MEMBER; 2333 msym->s_scl = STRUCT_MEMBER; 2334 2335 struct_or_union *sou = expr_zero_alloc(sizeof(*sou), 2336 "struct_or_union"); 2337 sou->sou_tag = expr_zero_alloc(sizeof(*sou->sou_tag), "sym"); 2338 sou->sou_tag->s_name = unnamed; 2339 2340 msym->u.s_member.sm_containing_type = sou; 2341 /* 2342 * The member sm_offset_in_bits is not needed here since this symbol 2343 * can only be used for error reporting. 2344 */ 2345 } 2346 2347 /* 2348 * Returns a symbol which has the same name as 'msym' and is a member of the 2349 * struct or union specified by 'tn'. 2350 */ 2351 static sym_t * 2352 struct_or_union_member(tnode_t *tn, op_t op, sym_t *msym) 2353 { 2354 2355 /* Determine the tag type of which msym is expected to be a member. */ 2356 const type_t *tp = NULL; 2357 if (op == POINT && is_struct_or_union(tn->tn_type->t_tspec)) 2358 tp = tn->tn_type; 2359 if (op == ARROW && tn->tn_type->t_tspec == PTR 2360 && is_struct_or_union(tn->tn_type->t_subt->t_tspec)) 2361 tp = tn->tn_type->t_subt; 2362 struct_or_union *sou = tp != NULL ? tp->u.sou : NULL; 2363 2364 if (sou != NULL) { 2365 sym_t *nested_mem = find_member(sou, msym->s_name); 2366 if (nested_mem != NULL) 2367 return nested_mem; 2368 } 2369 2370 if (msym->s_scl == NO_SCL) { 2371 remove_unknown_member(tn, msym); 2372 return msym; 2373 } 2374 2375 bool eq = all_members_compatible(msym); 2376 2377 /* 2378 * Now handle the case in which the left operand refers really to a 2379 * struct/union, but the right operand is not member of it. 2380 */ 2381 if (sou != NULL) { 2382 if (eq && !allow_c90) 2383 /* invalid use of member '%s' */ 2384 warning(102, msym->s_name); 2385 else 2386 /* invalid use of member '%s' */ 2387 error(102, msym->s_name); 2388 return msym; 2389 } 2390 2391 if (eq) { 2392 if (op == POINT) { 2393 if (!allow_c90) 2394 /* left operand of '.' must be struct ... */ 2395 warning(103, expr_type_name(tn)); 2396 else 2397 /* left operand of '.' must be struct ... */ 2398 error(103, expr_type_name(tn)); 2399 } else { 2400 if (!allow_c90 && tn->tn_type->t_tspec == PTR) 2401 /* left operand of '->' must be pointer ... */ 2402 warning(104, expr_type_name(tn)); 2403 else 2404 /* left operand of '->' must be pointer ... */ 2405 error(104, expr_type_name(tn)); 2406 } 2407 } else { 2408 if (!allow_c90) 2409 /* non-unique member requires struct/union %s */ 2410 error(105, op == POINT ? "object" : "pointer"); 2411 else 2412 /* unacceptable operand of '%s' */ 2413 error(111, op_name(op)); 2414 } 2415 2416 return msym; 2417 } 2418 2419 tnode_t * 2420 build_member_access(tnode_t *ln, op_t op, bool sys, sbuf_t *member) 2421 { 2422 sym_t *msym; 2423 2424 if (ln == NULL) 2425 return NULL; 2426 2427 if (op == ARROW) 2428 /* must do this before struct_or_union_member is called */ 2429 ln = cconv(ln); 2430 msym = struct_or_union_member(ln, op, getsym(member)); 2431 return build_binary(ln, op, sys, build_name(msym, false)); 2432 } 2433 2434 /* 2435 * Perform class conversions. 2436 * 2437 * Arrays of type T are converted into pointers to type T. 2438 * Functions are converted to pointers to functions. 2439 * Lvalues are converted to rvalues. 2440 * 2441 * C99 6.3 "Conversions" 2442 * C99 6.3.2 "Other operands" 2443 * C99 6.3.2.1 "Lvalues, arrays, and function designators" 2444 */ 2445 tnode_t * 2446 cconv(tnode_t *tn) 2447 { 2448 if (tn->tn_type->t_tspec == ARRAY) { 2449 if (!tn->tn_lvalue) { 2450 /* XXX print correct operator */ 2451 /* %soperand of '%s' must be lvalue */ 2452 gnuism(114, "", op_name(ADDR)); 2453 } 2454 tn = build_op(ADDR, tn->tn_sys, 2455 expr_derive_type(tn->tn_type->t_subt, PTR), tn, NULL); 2456 } 2457 2458 if (tn->tn_type->t_tspec == FUNC) 2459 tn = build_address(tn->tn_sys, tn); 2460 2461 if (tn->tn_lvalue) { 2462 type_t *tp = expr_dup_type(tn->tn_type); 2463 /* C99 6.3.2.1p2 sentence 2 says to remove the qualifiers. */ 2464 tp->t_const = tp->t_volatile = false; 2465 tn = build_op(LOAD, tn->tn_sys, tp, tn, NULL); 2466 } 2467 2468 return tn; 2469 } 2470 2471 const tnode_t * 2472 before_conversion(const tnode_t *tn) 2473 { 2474 while (tn->tn_op == CVT && !tn->tn_cast) 2475 tn = tn->u.ops.left; 2476 return tn; 2477 } 2478 2479 /* 2480 * Most errors required by C90 are reported in struct_or_union_member(). 2481 * Here we only check for totally wrong things. 2482 */ 2483 static bool 2484 typeok_point(const tnode_t *ln, const type_t *ltp, tspec_t lt) 2485 { 2486 if (is_struct_or_union(lt)) 2487 return true; 2488 2489 if (lt == FUNC || lt == VOID || ltp->t_bitfield) 2490 goto wrong; 2491 2492 /* 2493 * Some C dialects from before C90 tolerated any lvalue on the 2494 * left-hand side of the '.' operator, allowing things like 'char 2495 * st[100]; st.st_mtime', assuming that the member 'st_mtime' only 2496 * occurred in a single struct; see typeok_arrow. 2497 */ 2498 if (ln->tn_lvalue) 2499 return true; 2500 2501 wrong: 2502 /* With allow_c90 we already got an error */ 2503 if (!allow_c90) 2504 /* unacceptable operand of '%s' */ 2505 error(111, op_name(POINT)); 2506 2507 return false; 2508 } 2509 2510 static bool 2511 typeok_arrow(tspec_t lt) 2512 { 2513 /* 2514 * C1978 Appendix A 14.1 says: <quote>In fact, any lvalue is allowed 2515 * before '.', and that lvalue is then assumed to have the form of the 2516 * structure of which the name of the right is a member. [...] Such 2517 * constructions are non-portable.</quote> 2518 */ 2519 if (lt == PTR || (!allow_c90 && is_integer(lt))) 2520 return true; 2521 2522 /* With allow_c90 we already got an error */ 2523 if (!allow_c90) 2524 /* unacceptable operand of '%s' */ 2525 error(111, op_name(ARROW)); 2526 return false; 2527 } 2528 2529 static bool 2530 typeok_incdec(op_t op, const tnode_t *tn, const type_t *tp) 2531 { 2532 /* operand has scalar type (checked in typeok) */ 2533 if (!tn->tn_lvalue) { 2534 if (tn->tn_op == CVT && tn->tn_cast && 2535 tn->u.ops.left->tn_op == LOAD) 2536 /* a cast does not yield an lvalue */ 2537 error(163); 2538 /* %soperand of '%s' must be lvalue */ 2539 error(114, "", op_name(op)); 2540 return false; 2541 } 2542 if (tp->t_const && allow_c90) 2543 /* %soperand of '%s' must be modifiable lvalue */ 2544 warning(115, "", op_name(op)); 2545 return true; 2546 } 2547 2548 static bool 2549 typeok_address(op_t op, const tnode_t *tn, const type_t *tp, tspec_t t) 2550 { 2551 if (t == ARRAY || t == FUNC) { 2552 /* ok, a warning comes later (in build_address()) */ 2553 } else if (!tn->tn_lvalue) { 2554 if (tn->tn_op == CVT && tn->tn_cast && 2555 tn->u.ops.left->tn_op == LOAD) 2556 /* a cast does not yield an lvalue */ 2557 error(163); 2558 /* %soperand of '%s' must be lvalue */ 2559 error(114, "", op_name(op)); 2560 return false; 2561 } else if (is_scalar(t)) { 2562 if (tp->t_bitfield) { 2563 /* cannot take address of bit-field */ 2564 error(112); 2565 return false; 2566 } 2567 } else if (t != STRUCT && t != UNION) { 2568 /* unacceptable operand of '%s' */ 2569 error(111, op_name(op)); 2570 return false; 2571 } 2572 if (tn->tn_op == NAME && tn->u.sym->s_register) { 2573 /* cannot take address of register '%s' */ 2574 error(113, tn->u.sym->s_name); 2575 return false; 2576 } 2577 return true; 2578 } 2579 2580 static bool 2581 typeok_indir(const type_t *tp, tspec_t t) 2582 { 2583 2584 if (t != PTR) { 2585 /* cannot dereference non-pointer type '%s' */ 2586 error(96, type_name(tp)); 2587 return false; 2588 } 2589 return true; 2590 } 2591 2592 static void 2593 warn_incompatible_types(op_t op, 2594 const type_t *ltp, tspec_t lt, 2595 const type_t *rtp, tspec_t rt) 2596 { 2597 bool binary = modtab[op].m_binary; 2598 2599 if (lt == VOID || (binary && rt == VOID)) { 2600 /* void type invalid in expression */ 2601 error(109); 2602 } else if (op == ASSIGN) 2603 /* cannot assign to '%s' from '%s' */ 2604 error(171, type_name(ltp), type_name(rtp)); 2605 else if (binary) 2606 /* operands of '%s' have incompatible types '%s' and '%s' */ 2607 error(107, op_name(op), type_name(ltp), type_name(rtp)); 2608 else { 2609 lint_assert(rt == NO_TSPEC); 2610 /* operand of '%s' has invalid type '%s' */ 2611 error(108, op_name(op), type_name(ltp)); 2612 } 2613 } 2614 2615 static bool 2616 typeok_plus(op_t op, 2617 const type_t *ltp, tspec_t lt, 2618 const type_t *rtp, tspec_t rt) 2619 { 2620 /* operands have scalar types (checked in typeok) */ 2621 if ((lt == PTR && !is_integer(rt)) || (rt == PTR && !is_integer(lt))) { 2622 warn_incompatible_types(op, ltp, lt, rtp, rt); 2623 return false; 2624 } 2625 return true; 2626 } 2627 2628 static bool 2629 typeok_minus(op_t op, 2630 const type_t *ltp, tspec_t lt, 2631 const type_t *rtp, tspec_t rt) 2632 { 2633 /* operands have scalar types (checked in typeok) */ 2634 if ((lt == PTR && rt != PTR && !is_integer(rt)) || 2635 (lt != PTR && rt == PTR)) { 2636 warn_incompatible_types(op, ltp, lt, rtp, rt); 2637 return false; 2638 } 2639 if (lt == PTR && rt == PTR && 2640 !types_compatible(ltp->t_subt, rtp->t_subt, true, false, NULL)) { 2641 /* invalid pointer subtraction */ 2642 error(116); 2643 } 2644 return true; 2645 } 2646 2647 static void 2648 typeok_shr(const tnode_t *ln, tspec_t lt, 2649 const tnode_t *rn, tspec_t rt) 2650 { 2651 tspec_t olt = before_conversion(ln)->tn_type->t_tspec; 2652 tspec_t ort = before_conversion(rn)->tn_type->t_tspec; 2653 2654 if (is_uinteger(olt)) 2655 return; 2656 2657 if (pflag) { 2658 integer_constraints lc = ic_expr(ln); 2659 if (lc.bclr >> 63 != 0) 2660 return; 2661 2662 if (ln->tn_op != CON) 2663 /* bitwise '%s' on signed '%s' possibly nonportable */ 2664 warning(117, ">>", expr_type_name(ln)); 2665 else if (ln->u.value.u.integer < 0) 2666 /* bitwise '%s' on signed '%s' nonportable */ 2667 warning(120, ">>", expr_type_name(ln)); 2668 return; 2669 } 2670 2671 /* The left operand would become unsigned in traditional C. */ 2672 if (allow_trad && allow_c90 && hflag && is_uinteger(ort) 2673 && !(ln->tn_op == CON && ln->u.value.u.integer >= 0)) 2674 /* '%s' %s '%s' differs between traditional C and C90 */ 2675 warning(118, tspec_name(lt), ">>", tspec_name(rt)); 2676 2677 /* 2678 * In traditional C, the left operand would be extended 2679 * (possibly sign-extended) and then shifted. 2680 */ 2681 if (allow_trad && allow_c90 && hflag && !is_uinteger(ort) 2682 && portable_rank_cmp(lt, rt) < 0 2683 && !(ln->tn_op == CON && ln->u.value.u.integer >= 0)) 2684 /* '%s' %s '%s' differs between traditional C and C90 */ 2685 warning(118, tspec_name(lt), ">>", tspec_name(rt)); 2686 } 2687 2688 // C90 does not mention signed shift-left. Later standards mention that case 2689 // but leave open whether 'uint8_t << 24' is supposed to have an unsigned or a 2690 // signed result type. It depends on whether E1 is interpreted to be the left 2691 // operand's type before or after integral promotions. 2692 static void 2693 typeok_shl_signed_to_msb(const tnode_t *ln, const tnode_t *rn) 2694 { 2695 integer_constraints lc = ic_expr(ln); 2696 int64_t n; 2697 unsigned lw = width_in_bits(ln->tn_type); 2698 if (!is_uinteger(ln->tn_type->t_tspec) 2699 && ln->tn_op != CON 2700 && ((lc.smin == 0 && lc.smax != 0 && lc.smax != INT64_MAX 2701 && (lc.smax & (lc.smax + 1)) == 0) 2702 || (lc.smin != INT64_MAX && lc.smax != INT64_MIN 2703 && lc.smin + 1 == -lc.smax)) 2704 && rn->tn_op == CON 2705 && (n = rn->u.value.u.integer, 1 <= n && n <= lw) 2706 && u64_width((uint64_t)lc.smax - (uint64_t)lc.smin) + n == lw) 2707 /* bitwise '%s' on signed '%s' possibly nonportable */ 2708 warning(117, "<<", expr_type_name(ln)); 2709 } 2710 2711 static void 2712 typeok_shl(const tnode_t *ln, tspec_t lt, const tnode_t *rn, tspec_t rt) 2713 { 2714 /* 2715 * Traditional C performs the usual arithmetic conversions on the 2716 * operands, C90 and later don't. 2717 */ 2718 if (hflag && allow_trad && allow_c90 && portable_rank_cmp(lt, rt) < 0) 2719 /* '%s' %s '%s' differs between traditional C and C90 */ 2720 warning(118, tspec_name(lt), "<<", tspec_name(rt)); 2721 2722 typeok_shl_signed_to_msb(ln, rn); 2723 } 2724 2725 static void 2726 typeok_shift(const tnode_t *ln, tspec_t lt, const tnode_t *rn, tspec_t rt) 2727 { 2728 if (rn->tn_op != CON) 2729 return; 2730 2731 if (!is_uinteger(rt) && rn->u.value.u.integer < 0) 2732 /* negative shift */ 2733 warning(121); 2734 else if ((uint64_t)rn->u.value.u.integer == size_in_bits(lt)) 2735 /* shift amount %u equals bit-size of '%s' */ 2736 warning(267, 2737 (unsigned)rn->u.value.u.integer, expr_type_name(ln)); 2738 else if ((uint64_t)rn->u.value.u.integer > size_in_bits(lt)) { 2739 /* shift amount %llu is greater than bit-size %llu of '%s' */ 2740 warning(122, (unsigned long long)rn->u.value.u.integer, 2741 (unsigned long long)size_in_bits(lt), 2742 expr_type_name(ln)); 2743 } 2744 } 2745 2746 static bool 2747 is_typeok_eq(const tnode_t *ln, tspec_t lt, const tnode_t *rn, tspec_t rt) 2748 { 2749 if (lt == PTR && is_null_pointer(rn)) 2750 return true; 2751 if (rt == PTR && is_null_pointer(ln)) 2752 return true; 2753 return false; 2754 } 2755 2756 static void 2757 warn_incompatible_pointers(op_t op, const type_t *ltp, const type_t *rtp) 2758 { 2759 lint_assert(ltp->t_tspec == PTR); 2760 lint_assert(rtp->t_tspec == PTR); 2761 2762 tspec_t lt = ltp->t_subt->t_tspec; 2763 tspec_t rt = rtp->t_subt->t_tspec; 2764 2765 if (is_struct_or_union(lt) && is_struct_or_union(rt)) { 2766 if (op == RETURN) 2767 /* invalid structure pointer combination */ 2768 warning(244); 2769 else { 2770 /* incompatible structure pointers: '%s' '%s' '%s' */ 2771 warning(245, type_name(ltp), 2772 op_name(op), type_name(rtp)); 2773 } 2774 } else { 2775 if (op == RETURN) 2776 /* invalid combination of '%s' and '%s' */ 2777 warning(184, type_name(ltp), type_name(rtp)); 2778 else { 2779 /* invalid combination of '%s' and '%s', op '%s' */ 2780 warning(124, 2781 type_name(ltp), type_name(rtp), op_name(op)); 2782 } 2783 } 2784 } 2785 2786 static void 2787 check_pointer_comparison(op_t op, const tnode_t *ln, const tnode_t *rn) 2788 { 2789 type_t *ltp = ln->tn_type, *rtp = rn->tn_type; 2790 tspec_t lst = ltp->t_subt->t_tspec, rst = rtp->t_subt->t_tspec; 2791 2792 if (lst == VOID || rst == VOID) { 2793 /* TODO: C99 behaves like C90 here. */ 2794 if (!allow_trad && !allow_c99 && 2795 (lst == FUNC || rst == FUNC)) { 2796 /* (void *)0 is already handled in typeok() */ 2797 const char *lsts, *rsts; 2798 *(lst == FUNC ? &lsts : &rsts) = "function pointer"; 2799 *(lst == VOID ? &lsts : &rsts) = "'void *'"; 2800 /* C90 or later forbid comparison of %s with %s */ 2801 warning(274, lsts, rsts); 2802 } 2803 return; 2804 } 2805 2806 if (!types_compatible(ltp->t_subt, rtp->t_subt, true, false, NULL)) { 2807 warn_incompatible_pointers(op, ltp, rtp); 2808 return; 2809 } 2810 2811 if (lst == FUNC && rst == FUNC) { 2812 /* TODO: C99 behaves like C90 here, see C99 6.5.8p2. */ 2813 if (!allow_trad && !allow_c99 && op != EQ && op != NE) 2814 /* pointers to functions can only be compared ... */ 2815 warning(125); 2816 } 2817 } 2818 2819 static bool 2820 typeok_compare(op_t op, 2821 const tnode_t *ln, const type_t *ltp, tspec_t lt, 2822 const tnode_t *rn, const type_t *rtp, tspec_t rt) 2823 { 2824 if (lt == PTR && rt == PTR) { 2825 check_pointer_comparison(op, ln, rn); 2826 return true; 2827 } 2828 2829 if (lt != PTR && rt != PTR) 2830 return true; 2831 2832 if (!is_integer(lt) && !is_integer(rt)) { 2833 warn_incompatible_types(op, ltp, lt, rtp, rt); 2834 return false; 2835 } 2836 2837 const char *lx = lt == PTR ? "pointer" : "integer"; 2838 const char *rx = rt == PTR ? "pointer" : "integer"; 2839 /* invalid combination of %s '%s' and %s '%s', op '%s' */ 2840 warning(123, lx, type_name(ltp), rx, type_name(rtp), op_name(op)); 2841 return true; 2842 } 2843 2844 static bool 2845 typeok_quest(tspec_t lt, const tnode_t *rn) 2846 { 2847 if (!is_scalar(lt)) { 2848 /* first operand of '?' must have scalar type */ 2849 error(170); 2850 return false; 2851 } 2852 lint_assert(before_conversion(rn)->tn_op == COLON); 2853 return true; 2854 } 2855 2856 static void 2857 typeok_colon_pointer(const type_t *ltp, const type_t *rtp) 2858 { 2859 type_t *lstp = ltp->t_subt; 2860 type_t *rstp = rtp->t_subt; 2861 tspec_t lst = lstp->t_tspec; 2862 tspec_t rst = rstp->t_tspec; 2863 2864 if ((lst == VOID && rst == FUNC) || (lst == FUNC && rst == VOID)) { 2865 /* (void *)0 is handled in typeok_colon */ 2866 /* TODO: C99 behaves like C90 here. */ 2867 if (!allow_trad && !allow_c99) 2868 /* conversion of %s to %s requires a cast, op %s */ 2869 warning(305, "function pointer", "'void *'", 2870 op_name(COLON)); 2871 return; 2872 } 2873 2874 if (pointer_types_are_compatible(lstp, rstp, true)) 2875 return; 2876 if (!types_compatible(lstp, rstp, true, false, NULL)) 2877 warn_incompatible_pointers(COLON, ltp, rtp); 2878 } 2879 2880 static bool 2881 typeok_colon(const tnode_t *ln, const type_t *ltp, tspec_t lt, 2882 const tnode_t *rn, const type_t *rtp, tspec_t rt) 2883 { 2884 2885 if (is_arithmetic(lt) && is_arithmetic(rt)) 2886 return true; 2887 if (lt == BOOL && rt == BOOL) 2888 return true; 2889 2890 if (lt == STRUCT && rt == STRUCT && ltp->u.sou == rtp->u.sou) 2891 return true; 2892 if (lt == UNION && rt == UNION && ltp->u.sou == rtp->u.sou) 2893 return true; 2894 2895 if (lt == PTR && is_null_pointer(rn)) 2896 return true; 2897 if (rt == PTR && is_null_pointer(ln)) 2898 return true; 2899 2900 if ((lt == PTR && is_integer(rt)) || (is_integer(lt) && rt == PTR)) { 2901 const char *lx = lt == PTR ? "pointer" : "integer"; 2902 const char *rx = rt == PTR ? "pointer" : "integer"; 2903 /* invalid combination of %s '%s' and %s '%s', op '%s' */ 2904 warning(123, lx, type_name(ltp), 2905 rx, type_name(rtp), op_name(COLON)); 2906 return true; 2907 } 2908 2909 if (lt == VOID || rt == VOID) { 2910 if (lt != VOID || rt != VOID) 2911 /* incompatible types '%s' and '%s' in conditional */ 2912 warning(126, expr_type_name(ln), expr_type_name(rn)); 2913 return true; 2914 } 2915 2916 if (lt == PTR && rt == PTR) { 2917 typeok_colon_pointer(ltp, rtp); 2918 return true; 2919 } 2920 2921 /* incompatible types '%s' and '%s' in conditional */ 2922 error(126, expr_type_name(ln), expr_type_name(rn)); 2923 return false; 2924 } 2925 2926 static bool 2927 has_constant_member(const type_t *tp) 2928 { 2929 lint_assert(is_struct_or_union(tp->t_tspec)); 2930 2931 for (sym_t *m = tp->u.sou->sou_first_member; 2932 m != NULL; m = m->s_next) { 2933 const type_t *mtp = m->s_type; 2934 if (mtp->t_const) 2935 return true; 2936 if (is_struct_or_union(mtp->t_tspec) && 2937 has_constant_member(mtp)) 2938 return true; 2939 } 2940 return false; 2941 } 2942 2943 static bool 2944 typeok_assign(op_t op, const tnode_t *ln, const type_t *ltp, tspec_t lt) 2945 { 2946 if (op == RETURN || op == INIT || op == FARG) 2947 return true; 2948 2949 if (!ln->tn_lvalue) { 2950 if (ln->tn_op == CVT && ln->tn_cast && 2951 ln->u.ops.left->tn_op == LOAD) 2952 /* a cast does not yield an lvalue */ 2953 error(163); 2954 /* %soperand of '%s' must be lvalue */ 2955 error(114, "left ", op_name(op)); 2956 return false; 2957 } else if (ltp->t_const 2958 || (is_struct_or_union(lt) && has_constant_member(ltp))) { 2959 if (allow_c90) 2960 /* %soperand of '%s' must be modifiable lvalue */ 2961 warning(115, "left ", op_name(op)); 2962 } 2963 return true; 2964 } 2965 2966 static bool 2967 typeok_scalar(op_t op, const mod_t *mp, 2968 const type_t *ltp, tspec_t lt, 2969 const type_t *rtp, tspec_t rt) 2970 { 2971 if (mp->m_takes_bool && lt == BOOL && rt == BOOL) 2972 return true; 2973 if (mp->m_requires_integer) { 2974 if (!is_integer(lt) || (mp->m_binary && !is_integer(rt))) { 2975 warn_incompatible_types(op, ltp, lt, rtp, rt); 2976 return false; 2977 } 2978 } else if (mp->m_requires_integer_or_complex) { 2979 if ((!is_integer(lt) && !is_complex(lt)) || 2980 (mp->m_binary && (!is_integer(rt) && !is_complex(rt)))) { 2981 warn_incompatible_types(op, ltp, lt, rtp, rt); 2982 return false; 2983 } 2984 } else if (mp->m_requires_scalar) { 2985 if (!is_scalar(lt) || (mp->m_binary && !is_scalar(rt))) { 2986 warn_incompatible_types(op, ltp, lt, rtp, rt); 2987 return false; 2988 } 2989 } else if (mp->m_requires_arith) { 2990 if (!is_arithmetic(lt) || 2991 (mp->m_binary && !is_arithmetic(rt))) { 2992 warn_incompatible_types(op, ltp, lt, rtp, rt); 2993 return false; 2994 } 2995 } 2996 return true; 2997 } 2998 2999 static void 3000 check_assign_void_pointer(op_t op, int arg, 3001 tspec_t lt, tspec_t lst, 3002 tspec_t rt, tspec_t rst) 3003 { 3004 3005 if (!(lt == PTR && rt == PTR && (lst == VOID || rst == VOID))) 3006 return; 3007 /* two pointers, at least one pointer to void */ 3008 3009 /* TODO: C99 behaves like C90 here. */ 3010 if (!(!allow_trad && !allow_c99 && (lst == FUNC || rst == FUNC))) 3011 return; 3012 /* comb. of ptr to func and ptr to void */ 3013 3014 const char *lts, *rts; 3015 *(lst == FUNC ? <s : &rts) = "function pointer"; 3016 *(lst == VOID ? <s : &rts) = "'void *'"; 3017 3018 switch (op) { 3019 case INIT: 3020 case RETURN: 3021 /* conversion of %s to %s requires a cast */ 3022 warning(303, rts, lts); 3023 break; 3024 case FARG: 3025 /* conversion of %s to %s requires a cast, arg #%d */ 3026 warning(304, rts, lts, arg); 3027 break; 3028 default: 3029 /* conversion of %s to %s requires a cast, op %s */ 3030 warning(305, rts, lts, op_name(op)); 3031 break; 3032 } 3033 } 3034 3035 static bool 3036 is_direct_function_call(const tnode_t *tn, const char **out_name) 3037 { 3038 3039 if (tn->tn_op == CALL 3040 && tn->u.call->func->tn_op == ADDR 3041 && tn->u.call->func->u.ops.left->tn_op == NAME) { 3042 *out_name = tn->u.call->func->u.ops.left->u.sym->s_name; 3043 return true; 3044 } 3045 return false; 3046 } 3047 3048 static bool 3049 is_unconst_function(const char *name) 3050 { 3051 3052 return strcmp(name, "memchr") == 0 || 3053 strcmp(name, "strchr") == 0 || 3054 strcmp(name, "strpbrk") == 0 || 3055 strcmp(name, "strrchr") == 0 || 3056 strcmp(name, "strstr") == 0; 3057 } 3058 3059 static bool 3060 is_const_char_pointer(const tnode_t *tn) 3061 { 3062 /* 3063 * For traditional reasons, C99 6.4.5p5 defines that string literals 3064 * have type 'char[]'. They are often implicitly converted to 'char 3065 * *', for example when they are passed as function arguments. 3066 * 3067 * C99 6.4.5p6 further defines that modifying a string that is 3068 * constructed from a string literal invokes undefined behavior. 3069 * 3070 * Out of these reasons, string literals are treated as 'effectively 3071 * const' here. 3072 */ 3073 if (tn->tn_op == CVT && 3074 tn->u.ops.left->tn_op == ADDR && 3075 tn->u.ops.left->u.ops.left->tn_op == STRING) 3076 return true; 3077 3078 const type_t *tp = before_conversion(tn)->tn_type; 3079 return tp->t_tspec == PTR && 3080 tp->t_subt->t_tspec == CHAR && 3081 tp->t_subt->t_const; 3082 } 3083 3084 static bool 3085 is_const_pointer(const tnode_t *tn) 3086 { 3087 const type_t *tp = before_conversion(tn)->tn_type; 3088 return tp->t_tspec == PTR && tp->t_subt->t_const; 3089 } 3090 3091 static void 3092 check_unconst_function(const type_t *lstp, const tnode_t *rn) 3093 { 3094 const char *function_name; 3095 3096 if (lstp->t_tspec == CHAR && !lstp->t_const && 3097 is_direct_function_call(rn, &function_name) && 3098 is_unconst_function(function_name) && 3099 rn->u.call->args_len >= 1 && 3100 is_const_char_pointer(rn->u.call->args[0])) { 3101 /* call to '%s' effectively discards 'const' from argument */ 3102 warning(346, function_name); 3103 } 3104 3105 if (!lstp->t_const && 3106 is_direct_function_call(rn, &function_name) && 3107 strcmp(function_name, "bsearch") == 0 && 3108 rn->u.call->args_len >= 2 && 3109 is_const_pointer(rn->u.call->args[1])) { 3110 /* call to '%s' effectively discards 'const' from argument */ 3111 warning(346, function_name); 3112 } 3113 } 3114 3115 static bool 3116 check_assign_void_pointer_compat(op_t op, const function_call *call, int arg, 3117 tspec_t lt, 3118 const type_t *lstp, tspec_t lst, 3119 const tnode_t *rn, 3120 const type_t *rtp, tspec_t rt, 3121 const type_t *rstp, tspec_t rst) 3122 { 3123 if (!(lt == PTR && rt == PTR && (lst == VOID || rst == VOID || 3124 types_compatible(lstp, rstp, 3125 true, false, NULL)))) 3126 return false; 3127 3128 /* compatible pointer types (qualifiers ignored) */ 3129 char qualifiers[32]; 3130 snprintf(qualifiers, sizeof(qualifiers), "%s%s", 3131 !lstp->t_const && rstp->t_const ? " const" : "", 3132 !lstp->t_volatile && rstp->t_volatile ? " volatile" : ""); 3133 if (allow_c90 && qualifiers[0] != '\0') { 3134 switch (op) { 3135 case INIT: 3136 case RETURN: 3137 /* '%s' discards '%s' from '%s' */ 3138 warning(182, op_name(op), 3139 qualifiers + 1, type_name(rtp)); 3140 break; 3141 case FARG: 3142 /* passing '%s' as argument %d to '%s' discards '%s' */ 3143 warning(383, type_name(rtp), arg, 3144 function_call_descr(call), qualifiers + 1); 3145 break; 3146 default: 3147 /* operator '%s' discards '%s' from '%s' */ 3148 warning(128, op_name(op), 3149 qualifiers + 1, type_name(rtp)); 3150 break; 3151 } 3152 } 3153 3154 if (allow_c90) 3155 check_unconst_function(lstp, rn); 3156 3157 return true; 3158 } 3159 3160 static bool 3161 check_assign_pointer_integer(op_t op, int arg, 3162 const type_t *ltp, tspec_t lt, 3163 const type_t *rtp, tspec_t rt) 3164 { 3165 3166 if (!((lt == PTR && is_integer(rt)) || (is_integer(lt) && rt == PTR))) 3167 return false; 3168 3169 const char *lx = lt == PTR ? "pointer" : "integer"; 3170 const char *rx = rt == PTR ? "pointer" : "integer"; 3171 3172 switch (op) { 3173 case INIT: 3174 case RETURN: 3175 /* invalid combination of %s '%s' and %s '%s' for '%s' */ 3176 warning(183, 3177 lx, type_name(ltp), rx, type_name(rtp), op_name(op)); 3178 break; 3179 case FARG: 3180 /* invalid combination of %s '%s' and %s '%s', arg #%d */ 3181 warning(154, 3182 lx, type_name(ltp), rx, type_name(rtp), arg); 3183 break; 3184 default: 3185 /* invalid combination of %s '%s' and %s '%s', op '%s' */ 3186 warning(123, 3187 lx, type_name(ltp), rx, type_name(rtp), op_name(op)); 3188 break; 3189 } 3190 return true; 3191 } 3192 3193 static bool 3194 check_assign_pointer(op_t op, int arg, 3195 const type_t *ltp, tspec_t lt, 3196 const type_t *rtp, tspec_t rt) 3197 { 3198 if (!(lt == PTR && rt == PTR)) 3199 return false; 3200 3201 if (op == FARG) 3202 /* converting '%s' to incompatible '%s' for ... */ 3203 warning(153, type_name(rtp), type_name(ltp), arg); 3204 else 3205 warn_incompatible_pointers(op, ltp, rtp); 3206 return true; 3207 } 3208 3209 static void 3210 warn_assign(op_t op, int arg, 3211 const type_t *ltp, tspec_t lt, 3212 const type_t *rtp, tspec_t rt) 3213 { 3214 switch (op) { 3215 case INIT: 3216 /* cannot initialize '%s' from '%s' */ 3217 error(185, type_name(ltp), type_name(rtp)); 3218 break; 3219 case RETURN: 3220 /* function has return type '%s' but returns '%s' */ 3221 error(211, type_name(ltp), type_name(rtp)); 3222 break; 3223 case FARG: 3224 /* passing '%s' to incompatible '%s', arg #%d */ 3225 warning(155, type_name(rtp), type_name(ltp), arg); 3226 break; 3227 default: 3228 warn_incompatible_types(op, ltp, lt, rtp, rt); 3229 break; 3230 } 3231 } 3232 3233 /* 3234 * Checks type compatibility for ASSIGN, INIT, FARG and RETURN 3235 * and prints warnings/errors if necessary. 3236 * Returns whether the types are (almost) compatible. 3237 */ 3238 static bool 3239 check_assign_types_compatible(op_t op, const function_call *call, int arg, 3240 const tnode_t *ln, const tnode_t *rn) 3241 { 3242 tspec_t lt, rt, lst = NO_TSPEC, rst = NO_TSPEC; 3243 type_t *ltp, *rtp, *lstp = NULL, *rstp = NULL; 3244 3245 if ((lt = (ltp = ln->tn_type)->t_tspec) == PTR) 3246 lst = (lstp = ltp->t_subt)->t_tspec; 3247 if ((rt = (rtp = rn->tn_type)->t_tspec) == PTR) 3248 rst = (rstp = rtp->t_subt)->t_tspec; 3249 3250 if (lt == BOOL && is_scalar(rt)) /* C99 6.3.1.2 */ 3251 return true; 3252 3253 if (is_arithmetic(lt) && (is_arithmetic(rt) || rt == BOOL)) 3254 return true; 3255 3256 if (is_struct_or_union(lt) && is_struct_or_union(rt)) 3257 return ltp->u.sou == rtp->u.sou; 3258 3259 if (lt == PTR && is_null_pointer(rn)) { 3260 if (is_integer(rn->tn_type->t_tspec)) 3261 /* implicit conversion from integer 0 to pointer ... */ 3262 query_message(15, type_name(ltp)); 3263 return true; 3264 } 3265 3266 check_assign_void_pointer(op, arg, lt, lst, rt, rst); 3267 3268 if (check_assign_void_pointer_compat(op, call, arg, 3269 lt, lstp, lst, rn, rtp, rt, rstp, rst)) 3270 return true; 3271 3272 if (check_assign_pointer_integer(op, arg, ltp, lt, rtp, rt)) 3273 return true; 3274 3275 if (check_assign_pointer(op, arg, ltp, lt, rtp, rt)) 3276 return true; 3277 3278 warn_assign(op, arg, ltp, lt, rtp, rt); 3279 return false; 3280 } 3281 3282 static bool 3283 has_side_effect(const tnode_t *tn) /* NOLINT(misc-no-recursion) */ 3284 { 3285 op_t op = tn->tn_op; 3286 3287 if (modtab[op].m_has_side_effect) 3288 return true; 3289 3290 if (op == CVT && tn->tn_type->t_tspec == VOID) 3291 return has_side_effect(tn->u.ops.left); 3292 3293 if (op == LOGAND || op == LOGOR) 3294 return has_side_effect(tn->u.ops.right); 3295 3296 if (op == QUEST) 3297 return has_side_effect(tn->u.ops.right); 3298 3299 if (op == COLON || op == COMMA) { 3300 return has_side_effect(tn->u.ops.left) || 3301 has_side_effect(tn->u.ops.right); 3302 } 3303 3304 return false; 3305 } 3306 3307 static bool 3308 is_void_cast(const tnode_t *tn) 3309 { 3310 3311 return tn->tn_op == CVT && tn->tn_cast && 3312 tn->tn_type->t_tspec == VOID; 3313 } 3314 3315 static bool 3316 is_local_symbol(const tnode_t *tn) 3317 { 3318 3319 return tn->tn_op == LOAD && 3320 tn->u.ops.left->tn_op == NAME && 3321 tn->u.ops.left->u.sym->s_scl == AUTO; 3322 } 3323 3324 static bool 3325 is_int_constant_zero(const tnode_t *tn) 3326 { 3327 3328 return tn->tn_op == CON && 3329 tn->tn_type->t_tspec == INT && 3330 tn->u.value.u.integer == 0; 3331 } 3332 3333 static void 3334 check_null_effect(const tnode_t *tn) 3335 { 3336 3337 if (hflag && 3338 !has_side_effect(tn) && 3339 !(is_void_cast(tn) && is_local_symbol(tn->u.ops.left)) && 3340 !(is_void_cast(tn) && is_int_constant_zero(tn->u.ops.left))) { 3341 /* expression has null effect */ 3342 warning(129); 3343 } 3344 } 3345 3346 /* 3347 * Check the types for specific operators and type combinations. 3348 * 3349 * At this point, the operands already conform to the type requirements of 3350 * the operator, such as being integer, floating or scalar. 3351 */ 3352 static bool 3353 typeok_op(op_t op, const function_call *call, int arg, 3354 const tnode_t *ln, const type_t *ltp, tspec_t lt, 3355 const tnode_t *rn, const type_t *rtp, tspec_t rt) 3356 { 3357 switch (op) { 3358 case ARROW: 3359 return typeok_arrow(lt); 3360 case POINT: 3361 return typeok_point(ln, ltp, lt); 3362 case INCBEF: 3363 case DECBEF: 3364 case INCAFT: 3365 case DECAFT: 3366 return typeok_incdec(op, ln, ltp); 3367 case INDIR: 3368 return typeok_indir(ltp, lt); 3369 case ADDR: 3370 return typeok_address(op, ln, ltp, lt); 3371 case PLUS: 3372 return typeok_plus(op, ltp, lt, rtp, rt); 3373 case MINUS: 3374 return typeok_minus(op, ltp, lt, rtp, rt); 3375 case SHL: 3376 typeok_shl(ln, lt, rn, rt); 3377 goto shift; 3378 case SHR: 3379 typeok_shr(ln, lt, rn, rt); 3380 shift: 3381 typeok_shift(ln, lt, rn, rt); 3382 break; 3383 case LT: 3384 case LE: 3385 case GT: 3386 case GE: 3387 compare: 3388 return typeok_compare(op, ln, ltp, lt, rn, rtp, rt); 3389 case EQ: 3390 case NE: 3391 if (is_typeok_eq(ln, lt, rn, rt)) 3392 break; 3393 goto compare; 3394 case QUEST: 3395 return typeok_quest(lt, rn); 3396 case COLON: 3397 return typeok_colon(ln, ltp, lt, rn, rtp, rt); 3398 case ASSIGN: 3399 case INIT: 3400 case FARG: 3401 case RETURN: 3402 if (!check_assign_types_compatible(op, call, arg, ln, rn)) 3403 return false; 3404 goto assign; 3405 case MULASS: 3406 case DIVASS: 3407 case MODASS: 3408 goto assign; 3409 case ADDASS: 3410 case SUBASS: 3411 if ((lt == PTR && !is_integer(rt)) || rt == PTR) { 3412 warn_incompatible_types(op, ltp, lt, rtp, rt); 3413 return false; 3414 } 3415 goto assign; 3416 case SHLASS: 3417 goto assign; 3418 case SHRASS: 3419 if (pflag && !is_uinteger(lt) && 3420 !(!allow_c90 && is_uinteger(rt))) { 3421 /* bitwise '%s' on signed '%s' possibly nonportable */ 3422 warning(117, op_name(op), expr_type_name(rn)); 3423 } 3424 goto assign; 3425 case ANDASS: 3426 case XORASS: 3427 case ORASS: 3428 assign: 3429 return typeok_assign(op, ln, ltp, lt); 3430 case COMMA: 3431 if (!modtab[ln->tn_op].m_has_side_effect) 3432 check_null_effect(ln); 3433 break; 3434 default: 3435 break; 3436 } 3437 return true; 3438 } 3439 3440 static void 3441 check_bad_enum_operation(op_t op, const tnode_t *ln, const tnode_t *rn) 3442 { 3443 3444 if (!eflag) 3445 return; 3446 3447 /* Allow enum in array indices. */ 3448 if (op == PLUS && 3449 ((ln->tn_type->t_is_enum && rn->tn_type->t_tspec == PTR) || 3450 (rn->tn_type->t_is_enum && ln->tn_type->t_tspec == PTR))) { 3451 return; 3452 } 3453 3454 /* dubious operation '%s' on enum */ 3455 warning(241, op_name(op)); 3456 } 3457 3458 static void 3459 check_enum_type_mismatch(op_t op, int arg, const tnode_t *ln, const tnode_t *rn) 3460 { 3461 const mod_t *mp = &modtab[op]; 3462 3463 if (ln->tn_type->u.enumer != rn->tn_type->u.enumer) { 3464 switch (op) { 3465 case INIT: 3466 /* enum type mismatch between '%s' and '%s' in ... */ 3467 warning(210, 3468 type_name(ln->tn_type), type_name(rn->tn_type)); 3469 break; 3470 case FARG: 3471 /* function expects '%s', passing '%s' for arg #%d */ 3472 warning(156, 3473 type_name(ln->tn_type), type_name(rn->tn_type), 3474 arg); 3475 break; 3476 case RETURN: 3477 /* function has return type '%s' but returns '%s' */ 3478 warning(211, 3479 type_name(ln->tn_type), type_name(rn->tn_type)); 3480 break; 3481 default: 3482 /* enum type mismatch: '%s' '%s' '%s' */ 3483 warning(130, expr_type_name(before_conversion(ln)), 3484 op_name(op), 3485 expr_type_name(before_conversion(rn))); 3486 break; 3487 } 3488 } else if (Pflag && eflag && mp->m_comparison && op != EQ && op != NE) 3489 /* operator '%s' assumes that '%s' is ordered */ 3490 warning(243, op_name(op), type_name(ln->tn_type)); 3491 } 3492 3493 static void 3494 check_enum_int_mismatch(op_t op, int arg, const tnode_t *ln, const tnode_t *rn) 3495 { 3496 3497 if (!eflag) 3498 return; 3499 3500 switch (op) { 3501 case INIT: 3502 /* 3503 * Initialization with 0 is allowed. Otherwise, all implicit 3504 * initializations would need to be warned upon as well. 3505 */ 3506 if (!rn->tn_type->t_is_enum && rn->tn_op == CON && 3507 is_integer(rn->tn_type->t_tspec) && 3508 rn->u.value.u.integer == 0) { 3509 return; 3510 } 3511 /* initialization of '%s' with '%s' */ 3512 warning(277, type_name(ln->tn_type), expr_type_name(rn)); 3513 break; 3514 case FARG: 3515 /* combination of '%s' and '%s', arg #%d */ 3516 warning(278, 3517 type_name(ln->tn_type), expr_type_name(rn), arg); 3518 break; 3519 case RETURN: 3520 /* combination of '%s' and '%s' in return */ 3521 warning(279, type_name(ln->tn_type), expr_type_name(rn)); 3522 break; 3523 default: 3524 /* combination of '%s' and '%s', op '%s' */ 3525 warning(242, type_name(ln->tn_type), expr_type_name(rn), 3526 op_name(op)); 3527 break; 3528 } 3529 } 3530 3531 static void 3532 typeok_enum(op_t op, const mod_t *mp, int arg, 3533 const tnode_t *ln, const type_t *ltp, 3534 const tnode_t *rn, const type_t *rtp) 3535 { 3536 if (mp->m_bad_on_enum && 3537 (ltp->t_is_enum || (mp->m_binary && rtp->t_is_enum))) { 3538 check_bad_enum_operation(op, ln, rn); 3539 } else if (mp->m_valid_on_enum && 3540 (ltp->t_is_enum && rtp != NULL && rtp->t_is_enum)) { 3541 check_enum_type_mismatch(op, arg, ln, rn); 3542 } else if (mp->m_valid_on_enum && 3543 (ltp->t_is_enum || (rtp != NULL && rtp->t_is_enum))) { 3544 check_enum_int_mismatch(op, arg, ln, rn); 3545 } 3546 } 3547 3548 /* Perform most type checks. Return whether the types are ok. */ 3549 bool 3550 typeok(op_t op, const function_call *call, int arg, 3551 const tnode_t *ln, const tnode_t *rn) 3552 { 3553 3554 const mod_t *mp = &modtab[op]; 3555 3556 type_t *ltp = ln->tn_type; 3557 tspec_t lt = ltp->t_tspec; 3558 3559 type_t *rtp = mp->m_binary ? rn->tn_type : NULL; 3560 tspec_t rt = mp->m_binary ? rtp->t_tspec : NO_TSPEC; 3561 3562 if (Tflag && !typeok_scalar_strict_bool(op, mp, arg, ln, rn)) 3563 return false; 3564 if (!typeok_scalar(op, mp, ltp, lt, rtp, rt)) 3565 return false; 3566 3567 if (!typeok_op(op, call, arg, ln, ltp, lt, rn, rtp, rt)) 3568 return false; 3569 3570 typeok_enum(op, mp, arg, ln, ltp, rn, rtp); 3571 return true; 3572 } 3573 3574 /* In traditional C, keep unsigned and promote FLOAT to DOUBLE. */ 3575 static tspec_t 3576 promote_trad(tspec_t t) 3577 { 3578 3579 if (t == UCHAR || t == USHORT) 3580 return UINT; 3581 if (t == CHAR || t == SCHAR || t == SHORT) 3582 return INT; 3583 if (t == FLOAT) 3584 return DOUBLE; 3585 if (t == ENUM) 3586 return INT; 3587 return t; 3588 } 3589 3590 /* 3591 * C99 6.3.1.1p2 requires for types with lower rank than int that "If an int 3592 * can represent all the values of the original type, the value is converted 3593 * to an int; otherwise it is converted to an unsigned int", and that "All 3594 * other types are unchanged by the integer promotions". 3595 */ 3596 static tspec_t 3597 promote_c90(const tnode_t *tn, tspec_t t, bool farg) 3598 { 3599 if (tn->tn_type->t_bitfield) { 3600 unsigned int width = tn->tn_type->t_bit_field_width; 3601 unsigned int int_width = size_in_bits(INT); 3602 // XXX: What about _Bool bit-fields, since C99? 3603 if (width < int_width) 3604 return INT; 3605 if (width == int_width) 3606 return is_uinteger(t) ? UINT : INT; 3607 return t; 3608 } 3609 3610 if (t == CHAR || t == SCHAR) 3611 return INT; 3612 if (t == UCHAR) 3613 return size_in_bits(CHAR) < size_in_bits(INT) ? INT : UINT; 3614 if (t == SHORT) 3615 return INT; 3616 if (t == USHORT) 3617 return size_in_bits(SHORT) < size_in_bits(INT) ? INT : UINT; 3618 if (t == ENUM) 3619 return INT; 3620 if (farg && t == FLOAT) 3621 return DOUBLE; 3622 return t; 3623 } 3624 3625 /* 3626 * Performs the "integer promotions" (C99 6.3.1.1p2), which convert small 3627 * integer types to either int or unsigned int. 3628 * 3629 * If allow_c90 is unset or the operand is a function argument with no type 3630 * information (no prototype or variable # of args), converts float to double. 3631 */ 3632 tnode_t * 3633 promote(op_t op, bool farg, tnode_t *tn) 3634 { 3635 3636 const type_t *otp = tn->tn_type; 3637 tspec_t ot = otp->t_tspec; 3638 if (!is_arithmetic(ot)) 3639 return tn; 3640 3641 tspec_t nt = allow_c90 ? promote_c90(tn, ot, farg) : promote_trad(ot); 3642 if (nt == ot) 3643 return tn; 3644 3645 type_t *ntp = expr_dup_type(gettyp(nt)); 3646 ntp->t_tspec = nt; 3647 ntp->t_is_enum = otp->t_is_enum; 3648 if (ntp->t_is_enum) 3649 ntp->u.enumer = otp->u.enumer; 3650 return convert(op, 0, ntp, tn); 3651 } 3652 3653 static void 3654 check_lossy_floating_to_integer_conversion( 3655 op_t op, int arg, const type_t *tp, const tnode_t *tn) 3656 { 3657 long double x = tn->u.value.u.floating; 3658 integer_constraints ic = ic_any(tp); 3659 if (is_uinteger(tp->t_tspec) 3660 ? x >= ic.umin && x <= ic.umax && x == (uint64_t)x 3661 : x >= ic.smin && x <= ic.smax && x == (int64_t)x) 3662 return; 3663 if (op == FARG) 3664 /* lossy conversion of %Lg to '%s', arg #%d */ 3665 warning(380, x, type_name(tp), arg); 3666 else 3667 /* lossy conversion of %Lg to '%s' */ 3668 warning(381, x, type_name(tp)); 3669 } 3670 3671 static void 3672 convert_integer_from_floating( 3673 op_t op, int arg, const type_t *tp, const tnode_t *tn) 3674 { 3675 3676 if (op == CVT) 3677 /* cast from floating point '%s' to integer '%s' */ 3678 query_message(2, type_name(tn->tn_type), type_name(tp)); 3679 else 3680 /* implicit conversion from floating point '%s' to ... */ 3681 query_message(1, type_name(tn->tn_type), type_name(tp)); 3682 if (tn->tn_op == CON) 3683 check_lossy_floating_to_integer_conversion(op, arg, tp, tn); 3684 } 3685 3686 static bool 3687 should_warn_about_prototype_conversion(tspec_t nt, 3688 tspec_t ot, const tnode_t *ptn) 3689 { 3690 3691 if (nt == ot) 3692 return false; 3693 3694 if (nt == ENUM && ot == INT) 3695 return false; 3696 3697 if (is_floating(nt) != is_floating(ot) || 3698 portable_rank_cmp(nt, ot) != 0) { 3699 /* representation and/or width change */ 3700 if (!is_integer(ot)) 3701 return true; 3702 /* 3703 * XXX: Investigate whether this rule makes sense; see 3704 * tests/usr.bin/xlint/lint1/platform_long.c. 3705 */ 3706 return portable_rank_cmp(ot, INT) > 0; 3707 } 3708 3709 if (!hflag) 3710 return false; 3711 3712 /* 3713 * If the types differ only in sign and the argument has the same 3714 * representation in both types, print no warning. 3715 */ 3716 if (ptn->tn_op == CON && is_integer(nt) && 3717 signed_type(nt) == signed_type(ot) && 3718 !msb(ptn->u.value.u.integer, ot)) 3719 return false; 3720 3721 return true; 3722 } 3723 3724 /* 3725 * Warn if a prototype causes a type conversion that is different from what 3726 * would happen to the same argument in the absence of a prototype. This 3727 * check is intended for code that needs to stay compatible with pre-C90 C. 3728 * 3729 * Errors/warnings about invalid type combinations are already printed 3730 * in check_assign_types_compatible(). 3731 */ 3732 static void 3733 check_prototype_conversion(int arg, tspec_t nt, tspec_t ot, type_t *tp, 3734 tnode_t *tn) 3735 { 3736 3737 if (!is_arithmetic(nt) || !is_arithmetic(ot)) 3738 return; 3739 3740 /* 3741 * If the type of the formal parameter is char/short, a warning would 3742 * be useless, because functions declared the old style can't expect 3743 * char/short arguments. 3744 */ 3745 if (nt == CHAR || nt == SCHAR || nt == UCHAR || 3746 nt == SHORT || nt == USHORT) 3747 return; 3748 3749 tnode_t *ptn = promote(NOOP, true, tn); 3750 ot = ptn->tn_type->t_tspec; 3751 3752 if (should_warn_about_prototype_conversion(nt, ot, ptn)) { 3753 /* argument %d is converted from '%s' to '%s' ... */ 3754 warning(259, arg, expr_type_name(tn), type_name(tp)); 3755 } 3756 } 3757 3758 /* 3759 * When converting a large integer type to a small integer type, in some 3760 * cases the value of the actual expression is further restricted than the 3761 * type bounds, such as in (expr & 0xFF) or (expr % 100) or (expr >> 24). 3762 */ 3763 static bool 3764 can_represent(const type_t *tp, const tnode_t *tn) 3765 { 3766 uint64_t nmask = value_bits(width_in_bits(tp)); 3767 if (!is_uinteger(tp->t_tspec)) 3768 nmask >>= 1; 3769 3770 integer_constraints c = ic_expr(tn); 3771 if ((~c.bclr & ~nmask) == 0) 3772 return true; 3773 3774 integer_constraints tpc = ic_any(tp); 3775 if (is_uinteger(tp->t_tspec) 3776 ? tpc.umin <= c.umin && tpc.umax >= c.umax 3777 : tpc.smin <= c.smin && tpc.smax >= c.smax) 3778 return true; 3779 3780 debug_enter(); 3781 debug_step("type '%s' cannot represent:", type_name(tp)); 3782 debug_node(tn); 3783 debug_leave(); 3784 return false; 3785 } 3786 3787 static bool 3788 should_warn_about_integer_conversion(const type_t *ntp, tspec_t nt, 3789 const tnode_t *otn, tspec_t ot) 3790 { 3791 3792 // XXX: The portable_rank_cmp aims at portable mode, independent of the 3793 // current platform, while can_represent acts on the actual type sizes 3794 // from the current platform. This mix is inconsistent, but anything 3795 // else would make the exact conditions too complicated to grasp. 3796 if (aflag > 0 && portable_rank_cmp(nt, ot) < 0) { 3797 if (ot == LONG || ot == ULONG 3798 || ot == LLONG || ot == ULLONG 3799 || ot == INT128 || ot == UINT128 3800 || aflag > 1) 3801 return !can_represent(ntp, otn); 3802 } 3803 return false; 3804 } 3805 3806 static void 3807 convert_integer_from_integer(op_t op, int arg, tspec_t nt, tspec_t ot, 3808 type_t *tp, tnode_t *tn) 3809 { 3810 3811 if (tn->tn_op == CON) 3812 return; 3813 3814 if (op == CVT) 3815 return; 3816 3817 if (Pflag && pflag && aflag > 0 && 3818 portable_rank_cmp(nt, ot) > 0 && 3819 is_uinteger(nt) != is_uinteger(ot)) { 3820 if (op == FARG) 3821 /* conversion to '%s' may sign-extend ... */ 3822 warning(297, type_name(tp), arg); 3823 else 3824 /* conversion to '%s' may sign-extend ... */ 3825 warning(131, type_name(tp)); 3826 } 3827 3828 if (Pflag && portable_rank_cmp(nt, ot) > 0 && 3829 (tn->tn_op == PLUS || tn->tn_op == MINUS || tn->tn_op == MULT || 3830 tn->tn_op == SHL)) { 3831 /* suggest cast from '%s' to '%s' on op '%s' to ... */ 3832 warning(324, type_name(gettyp(ot)), type_name(tp), 3833 op_name(tn->tn_op)); 3834 } 3835 3836 if (should_warn_about_integer_conversion(tp, nt, tn, ot)) { 3837 if (op == FARG) 3838 /* conversion from '%s' to '%s' may lose ... */ 3839 warning(298, expr_type_name(tn), type_name(tp), arg); 3840 else 3841 /* conversion from '%s' to '%s' may lose accuracy */ 3842 warning(132, expr_type_name(tn), type_name(tp)); 3843 } 3844 3845 if (is_uinteger(nt) != is_uinteger(ot)) 3846 /* implicit conversion changes sign from '%s' to '%s' */ 3847 query_message(3, expr_type_name(tn), type_name(tp)); 3848 } 3849 3850 static void 3851 convert_integer_from_pointer(op_t op, tspec_t nt, type_t *tp, tnode_t *tn) 3852 { 3853 3854 if (tn->tn_op == CON) 3855 return; 3856 if (op != CVT) 3857 return; /* We already got an error. */ 3858 if (portable_rank_cmp(nt, PTR) >= 0) 3859 return; 3860 3861 if (pflag && size_in_bits(nt) >= size_in_bits(PTR)) { 3862 /* conversion of pointer to '%s' may lose bits */ 3863 warning(134, type_name(tp)); 3864 } else { 3865 /* conversion of pointer to '%s' loses bits */ 3866 warning(133, type_name(tp)); 3867 } 3868 } 3869 3870 static bool 3871 struct_starts_with(const type_t *struct_tp, const type_t *member_tp) 3872 { 3873 3874 return struct_tp->u.sou->sou_first_member != NULL && 3875 types_compatible(struct_tp->u.sou->sou_first_member->s_type, 3876 member_tp, true, false, NULL); 3877 } 3878 3879 static bool 3880 is_byte_array(const type_t *tp) 3881 { 3882 3883 return tp->t_tspec == ARRAY && 3884 (tp->t_subt->t_tspec == CHAR || tp->t_subt->t_tspec == UCHAR); 3885 } 3886 3887 static bool 3888 union_contains(const type_t *utp, const type_t *mtp) 3889 { 3890 for (const sym_t *mem = utp->u.sou->sou_first_member; 3891 mem != NULL; mem = mem->s_next) { 3892 if (types_compatible(mem->s_type, mtp, true, false, NULL)) 3893 return true; 3894 } 3895 return false; 3896 } 3897 3898 static bool 3899 should_warn_about_pointer_cast(const type_t *nstp, tspec_t nst, 3900 const type_t *ostp, tspec_t ost) 3901 { 3902 3903 while (nst == ARRAY) 3904 nstp = nstp->t_subt, nst = nstp->t_tspec; 3905 while (ost == ARRAY) 3906 ostp = ostp->t_subt, ost = ostp->t_tspec; 3907 3908 if (nst == STRUCT && ost == STRUCT && 3909 (struct_starts_with(nstp, ostp) || 3910 struct_starts_with(ostp, nstp))) 3911 return false; 3912 3913 if (is_incomplete(nstp) || is_incomplete(ostp)) 3914 return false; 3915 3916 if (nst == CHAR || nst == UCHAR) 3917 return false; /* for the sake of traditional C code */ 3918 if (ost == CHAR || ost == UCHAR) 3919 return false; /* for the sake of traditional C code */ 3920 3921 /* Allow cast between pointers to sockaddr variants. */ 3922 if (nst == STRUCT && ost == STRUCT) { 3923 const sym_t *nmem = nstp->u.sou->sou_first_member; 3924 const sym_t *omem = ostp->u.sou->sou_first_member; 3925 while (nmem != NULL && omem != NULL && 3926 types_compatible(nmem->s_type, omem->s_type, 3927 true, false, NULL)) 3928 nmem = nmem->s_next, omem = omem->s_next; 3929 if (nmem != NULL && is_byte_array(nmem->s_type)) 3930 return false; 3931 if (omem != NULL && is_byte_array(omem->s_type)) 3932 return false; 3933 if (nmem == NULL && omem == NULL) 3934 return false; 3935 } 3936 3937 if (nst == UNION || ost == UNION) { 3938 const type_t *union_tp = nst == UNION ? nstp : ostp; 3939 const type_t *other_tp = nst == UNION ? ostp : nstp; 3940 if (union_contains(union_tp, other_tp)) 3941 return false; 3942 } 3943 3944 if (is_struct_or_union(nst) && is_struct_or_union(ost)) 3945 return nstp->u.sou != ostp->u.sou; 3946 3947 enum rank_kind rk1 = type_properties(nst)->tt_rank_kind; 3948 enum rank_kind rk2 = type_properties(ost)->tt_rank_kind; 3949 if (rk1 != rk2 || rk1 == RK_NONE) 3950 return true; 3951 3952 return portable_rank_cmp(nst, ost) != 0; 3953 } 3954 3955 static void 3956 convert_pointer_from_pointer(type_t *ntp, tnode_t *tn) 3957 { 3958 const type_t *nstp = ntp->t_subt; 3959 const type_t *otp = tn->tn_type; 3960 const type_t *ostp = otp->t_subt; 3961 tspec_t nst = nstp->t_tspec; 3962 tspec_t ost = ostp->t_tspec; 3963 3964 if (nst == VOID || ost == VOID) { 3965 /* TODO: C99 behaves like C90 here. */ 3966 if (!allow_trad && !allow_c99 && (nst == FUNC || ost == FUNC)) { 3967 const char *nts, *ots; 3968 /* null pointers are already handled in convert() */ 3969 *(nst == FUNC ? &nts : &ots) = "function pointer"; 3970 *(nst == VOID ? &nts : &ots) = "'void *'"; 3971 /* conversion of %s to %s requires a cast */ 3972 warning(303, ots, nts); 3973 } 3974 return; 3975 } 3976 if (nst == FUNC && ost == FUNC) 3977 return; 3978 if (nst == FUNC || ost == FUNC) { 3979 /* converting '%s' to '%s' is questionable */ 3980 warning(229, type_name(otp), type_name(ntp)); 3981 return; 3982 } 3983 3984 if (hflag && alignment(nstp) > alignment(ostp) && 3985 !is_incomplete(ostp) && alignment(ostp) > 1 && 3986 !(nst == UNION && union_contains(nstp, ostp))) { 3987 /* converting '%s' to '%s' increases alignment ... */ 3988 warning(135, type_name(otp), type_name(ntp), 3989 alignment(ostp), alignment(nstp)); 3990 } 3991 3992 if (cflag && should_warn_about_pointer_cast(nstp, nst, ostp, ost)) { 3993 /* pointer cast from '%s' to unrelated '%s' */ 3994 warning(247, type_name(ostp), type_name(nstp)); 3995 } 3996 } 3997 3998 /* 3999 * Insert a conversion operator, which converts the type of the node 4000 * to another given type. 4001 * 4002 * Possible values for 'op': 4003 * CVT a cast-expression 4004 * binary integer promotion for one of the operands, or a usual 4005 * arithmetic conversion 4006 * binary plain or compound assignments to bit-fields 4007 * FARG 'arg' is the number of the parameter (used for warnings) 4008 * NOOP several other implicit conversions 4009 * ... 4010 */ 4011 tnode_t * 4012 convert(op_t op, int arg, type_t *tp, tnode_t *tn) 4013 { 4014 tspec_t nt = tp->t_tspec; 4015 tspec_t ot = tn->tn_type->t_tspec; 4016 4017 if (allow_trad && allow_c90 && op == FARG) 4018 check_prototype_conversion(arg, nt, ot, tp, tn); 4019 4020 if (nt == BOOL) { 4021 /* No further checks. */ 4022 4023 } else if (is_integer(nt)) { 4024 if (ot == BOOL) { 4025 /* No further checks. */ 4026 } else if (is_integer(ot)) 4027 convert_integer_from_integer(op, arg, nt, ot, tp, tn); 4028 else if (is_floating(ot)) 4029 convert_integer_from_floating(op, arg, tp, tn); 4030 else if (ot == PTR) 4031 convert_integer_from_pointer(op, nt, tp, tn); 4032 4033 } else if (is_floating(nt)) { 4034 if (is_integer(ot) && op != CVT) { 4035 /* implicit conversion from integer '%s' to ... */ 4036 query_message(19, 4037 type_name(tn->tn_type), type_name(tp)); 4038 } 4039 4040 } else if (nt == PTR) { 4041 if (is_null_pointer(tn)) { 4042 /* a null pointer may be assigned to any pointer. */ 4043 } else if (ot == PTR && op == CVT) 4044 convert_pointer_from_pointer(tp, tn); 4045 } 4046 4047 tnode_t *ntn = expr_alloc_tnode(); 4048 ntn->tn_op = CVT; 4049 ntn->tn_type = tp; 4050 ntn->tn_cast = op == CVT; 4051 ntn->tn_sys |= tn->tn_sys; 4052 ntn->u.ops.right = NULL; 4053 if (tn->tn_op != CON || nt == VOID) { 4054 ntn->u.ops.left = tn; 4055 } else { 4056 ntn->tn_op = CON; 4057 convert_constant(op, arg, ntn->tn_type, &ntn->u.value, 4058 &tn->u.value); 4059 } 4060 4061 return ntn; 4062 } 4063 4064 static void 4065 convert_constant_from_floating(op_t op, int arg, const type_t *ntp, 4066 tspec_t nt, val_t *nv, val_t *ov) 4067 { 4068 long double max = 0.0, min = 0.0; 4069 4070 switch (nt) { 4071 case CHAR: 4072 max = TARG_CHAR_MAX; min = TARG_CHAR_MIN; break; 4073 case UCHAR: 4074 max = TARG_UCHAR_MAX; min = 0; break; 4075 case SCHAR: 4076 max = TARG_SCHAR_MAX; min = TARG_SCHAR_MIN; break; 4077 case SHORT: 4078 max = TARG_SHRT_MAX; min = TARG_SHRT_MIN; break; 4079 case USHORT: 4080 max = TARG_USHRT_MAX; min = 0; break; 4081 case ENUM: 4082 case INT: 4083 max = TARG_INT_MAX; min = TARG_INT_MIN; break; 4084 case UINT: 4085 max = TARG_UINT_MAX; min = 0; break; 4086 case LONG: 4087 max = TARG_LONG_MAX; min = TARG_LONG_MIN; break; 4088 case ULONG: 4089 max = TARG_ULONG_MAX; min = 0; break; 4090 case LLONG: 4091 max = LLONG_MAX; min = LLONG_MIN; break; 4092 case ULLONG: 4093 max = ULLONG_MAX; min = 0; break; 4094 case FLOAT: 4095 case FCOMPLEX: 4096 max = FLT_MAX; min = -FLT_MAX; break; 4097 case DOUBLE: 4098 case DCOMPLEX: 4099 max = DBL_MAX; min = -DBL_MAX; break; 4100 case LDOUBLE: 4101 case LCOMPLEX: 4102 /* LINTED 248; see floating_error_value. */ 4103 max = LDBL_MAX; min = -max; break; 4104 default: 4105 lint_assert(false); 4106 } 4107 if (ov->u.floating > max || ov->u.floating < min) { 4108 lint_assert(nt != LDOUBLE); 4109 const char *ot_name = type_name(gettyp(ov->v_tspec)); 4110 const char *nt_name = type_name(ntp); 4111 if (is_integer(nt)) 4112 goto after_warning; 4113 if (op == FARG) 4114 /* conversion of '%s' to '%s' is out of range, ... */ 4115 warning(295, ot_name, nt_name, arg); 4116 else 4117 /* conversion of '%s' to '%s' is out of range */ 4118 warning(119, ot_name, nt_name); 4119 after_warning: 4120 ov->u.floating = ov->u.floating > 0 ? max : min; 4121 } 4122 4123 if (nt == FLOAT || nt == FCOMPLEX) 4124 nv->u.floating = (float)ov->u.floating; 4125 else if (nt == DOUBLE || nt == DCOMPLEX) 4126 nv->u.floating = (double)ov->u.floating; 4127 else if (nt == LDOUBLE || nt == LCOMPLEX) 4128 nv->u.floating = ov->u.floating; 4129 else 4130 nv->u.integer = (int64_t)ov->u.floating; 4131 } 4132 4133 static bool 4134 convert_constant_to_floating(tspec_t nt, val_t *nv, 4135 tspec_t ot, const val_t *v) 4136 { 4137 if (nt == FLOAT) { 4138 nv->u.floating = (ot == PTR || is_uinteger(ot)) ? 4139 (float)(uint64_t)v->u.integer : (float)v->u.integer; 4140 } else if (nt == DOUBLE) { 4141 nv->u.floating = (ot == PTR || is_uinteger(ot)) ? 4142 (double)(uint64_t)v->u.integer : (double)v->u.integer; 4143 } else if (nt == LDOUBLE) { 4144 nv->u.floating = (ot == PTR || is_uinteger(ot)) 4145 ? (long double)(uint64_t)v->u.integer 4146 : (long double)v->u.integer; 4147 } else 4148 return false; 4149 return true; 4150 } 4151 4152 static void 4153 warn_constant_truncated(op_t op, const val_t *v) 4154 { 4155 char buf[256]; 4156 bool is_unsigned = is_uinteger(v->v_tspec); 4157 int64_t val = v->u.integer; 4158 unsigned long long abs_val = is_unsigned || val >= 0 4159 ? (unsigned long long)val 4160 : -(unsigned long long)val; 4161 const char *sign = is_unsigned || val >= 0 ? "" : "-"; 4162 snprintf(buf, sizeof(buf), "%s%#llx", sign, abs_val); 4163 /* constant %s truncated by conversion, op '%s' */ 4164 warning(306, buf, op_name(op)); 4165 } 4166 4167 static void 4168 convert_constant_check_range_bitor(size_t nsz, size_t osz, const val_t *v, 4169 uint64_t xmask, op_t op) 4170 { 4171 if (nsz < osz && (v->u.integer & xmask) != 0) 4172 warn_constant_truncated(op, v); 4173 } 4174 4175 static void 4176 convert_constant_check_range_bitand(size_t nsz, size_t osz, 4177 uint64_t xmask, const val_t *nv, 4178 tspec_t ot, const val_t *v, 4179 const type_t *tp, op_t op) 4180 { 4181 if (nsz > osz && 4182 (nv->u.integer & bit((unsigned int)(osz - 1))) != 0 && 4183 (nv->u.integer & xmask) != xmask) { 4184 /* '%s' converts '%s' with its most significant bit being set to '%s' */ 4185 warning(309, 4186 op_name(op), type_name(gettyp(ot)), type_name(tp)); 4187 } else if (nsz < osz && 4188 (v->u.integer & xmask) != xmask && 4189 (v->u.integer & xmask) != 0) 4190 warn_constant_truncated(op, v); 4191 } 4192 4193 static void 4194 convert_constant_check_range_signed(op_t op, int arg, 4195 const type_t *ntp, int64_t ov) 4196 { 4197 if (op == ASSIGN) 4198 /* assignment of negative constant %lld to unsigned ... */ 4199 warning(164, (long long)ov, type_name(ntp)); 4200 else if (op == INIT) 4201 /* initialization of unsigned type '%s' with negative ... */ 4202 warning(221, type_name(ntp), (long long)ov); 4203 else if (op == FARG) 4204 /* conversion of negative constant %lld to unsigned ... */ 4205 warning(296, (long long)ov, type_name(ntp), arg); 4206 else if (modtab[op].m_comparison) { 4207 /* handled by check_integer_comparison() */ 4208 } else 4209 /* conversion of negative constant %lld to unsigned ... */ 4210 warning(222, (long long)ov, type_name(ntp)); 4211 } 4212 4213 /* 4214 * Loss of significant bit(s). All truncated bits of unsigned types or all 4215 * truncated bits plus the msb of the target for signed types are considered 4216 * to be significant bits. Loss of significant bits means that at least one 4217 * of the bits was set in an unsigned type or that at least one but not all 4218 * of the bits was set in a signed type. Loss of significant bits means that 4219 * it is not possible, also not with necessary casts, to convert back to the 4220 * original type. An example for a necessary cast is: 4221 * char c; int i; c = 128; 4222 * i = c; ** yields -128 ** 4223 * i = (unsigned char)c; ** yields 128 ** 4224 */ 4225 static void 4226 warn_constant_check_range_truncated(op_t op, int arg, const type_t *tp, 4227 tspec_t ot) 4228 { 4229 if (op == ASSIGN && tp->t_bitfield) 4230 /* precision lost in bit-field assignment */ 4231 warning(166); 4232 else if (op == ASSIGN) 4233 /* constant truncated by assignment */ 4234 warning(165); 4235 else if (op == INIT && tp->t_bitfield) 4236 /* bit-field initializer does not fit */ 4237 warning(180); 4238 else if (op == INIT) 4239 /* initializer does not fit */ 4240 warning(178); 4241 else if (op == CASE) 4242 /* case label is converted from '%s' to '%s' */ 4243 warning(196, tspec_name(ot), type_name(tp)); 4244 else if (op == FARG) 4245 /* conversion of '%s' to '%s' is out of range, arg #%d */ 4246 warning(295, type_name(gettyp(ot)), type_name(tp), arg); 4247 else 4248 /* conversion of '%s' to '%s' is out of range */ 4249 warning(119, type_name(gettyp(ot)), type_name(tp)); 4250 } 4251 4252 static void 4253 warn_constant_check_range_loss(op_t op, int arg, const type_t *tp, 4254 tspec_t ot) 4255 { 4256 if (op == ASSIGN && tp->t_bitfield) 4257 /* precision lost in bit-field assignment */ 4258 warning(166); 4259 else if (op == INIT && tp->t_bitfield) 4260 /* bit-field initializer out of range */ 4261 warning(11); 4262 else if (op == CASE) 4263 /* case label is converted from '%s' to '%s' */ 4264 warning(196, tspec_name(ot), type_name(tp)); 4265 else if (op == FARG) 4266 /* conversion of '%s' to '%s' is out of range, arg #%d */ 4267 warning(295, type_name(gettyp(ot)), type_name(tp), arg); 4268 else 4269 /* conversion of '%s' to '%s' is out of range */ 4270 warning(119, type_name(gettyp(ot)), type_name(tp)); 4271 } 4272 4273 static void 4274 convert_constant_check_range(tspec_t ot, const type_t *tp, tspec_t nt, 4275 op_t op, int arg, const val_t *v, val_t *nv) 4276 { 4277 unsigned int obitsz, nbitsz; 4278 uint64_t xmask, xmsk1; 4279 4280 obitsz = size_in_bits(ot); 4281 nbitsz = tp->t_bitfield ? tp->t_bit_field_width : size_in_bits(nt); 4282 xmask = value_bits(nbitsz) ^ value_bits(obitsz); 4283 xmsk1 = value_bits(nbitsz) ^ value_bits(obitsz - 1); 4284 if (op == ORASS || op == BITOR || op == BITXOR) { 4285 convert_constant_check_range_bitor( 4286 nbitsz, obitsz, v, xmask, op); 4287 } else if (op == ANDASS || op == BITAND) { 4288 convert_constant_check_range_bitand( 4289 nbitsz, obitsz, xmask, nv, ot, v, tp, op); 4290 } else if (nt != PTR && is_uinteger(nt) && 4291 ot != PTR && !is_uinteger(ot) && v->u.integer < 0) 4292 convert_constant_check_range_signed(op, arg, tp, v->u.integer); 4293 else if (nv->u.integer != v->u.integer && nbitsz <= obitsz && 4294 (v->u.integer & xmask) != 0 && 4295 (is_uinteger(ot) || (v->u.integer & xmsk1) != xmsk1)) 4296 warn_constant_check_range_truncated(op, arg, tp, ot); 4297 else if (nv->u.integer != v->u.integer) 4298 warn_constant_check_range_loss(op, arg, tp, ot); 4299 } 4300 4301 /* Converts a typed constant to a constant of another type. */ 4302 void 4303 convert_constant(op_t op, int arg, const type_t *ntp, val_t *nv, val_t *ov) 4304 { 4305 /* 4306 * TODO: make 'ov' const; the name of this function does not suggest 4307 * that it modifies 'ov'. 4308 */ 4309 tspec_t ot = ov->v_tspec; 4310 tspec_t nt = nv->v_tspec = ntp->t_tspec; 4311 bool range_check = false; 4312 4313 if (nt == BOOL) { /* C99 6.3.1.2 */ 4314 nv->v_unsigned_since_c90 = false; 4315 nv->u.integer = is_nonzero_val(ov) ? 1 : 0; 4316 return; 4317 } 4318 4319 if (ot == FLOAT || ot == DOUBLE || ot == LDOUBLE) 4320 convert_constant_from_floating(op, arg, ntp, nt, nv, ov); 4321 else if (!convert_constant_to_floating(nt, nv, ot, ov)) { 4322 range_check = true; /* Check for lost precision. */ 4323 nv->u.integer = ov->u.integer; 4324 } 4325 4326 if (allow_trad && allow_c90 && ov->v_unsigned_since_c90 && 4327 (is_floating(nt) || ( 4328 (is_integer(nt) && !is_uinteger(nt) && 4329 portable_rank_cmp(nt, ot) > 0)))) { 4330 /* C90 treats constant as unsigned */ 4331 warning(157); 4332 ov->v_unsigned_since_c90 = false; 4333 } 4334 4335 if (is_integer(nt)) { 4336 unsigned int size = ntp->t_bitfield 4337 ? ntp->t_bit_field_width : size_in_bits(nt); 4338 nv->u.integer = convert_integer(nv->u.integer, nt, size); 4339 } 4340 4341 if (range_check && op != CVT) 4342 convert_constant_check_range(ot, ntp, nt, op, arg, ov, nv); 4343 } 4344 4345 tnode_t * 4346 build_sizeof(const type_t *tp) 4347 { 4348 unsigned int size_in_bytes = type_size_in_bits(tp) / CHAR_SIZE; 4349 tnode_t *tn = build_integer_constant(SIZEOF_TSPEC, size_in_bytes); 4350 tn->tn_system_dependent = true; 4351 debug_step("build_sizeof '%s' = %u", type_name(tp), size_in_bytes); 4352 return tn; 4353 } 4354 4355 tnode_t * 4356 build_offsetof(const type_t *tp, designation dn) 4357 { 4358 unsigned int offset_in_bits = 0; 4359 4360 if (!is_struct_or_union(tp->t_tspec)) { 4361 /* unacceptable operand of '%s' */ 4362 error(111, "offsetof"); 4363 goto proceed; 4364 } 4365 for (size_t i = 0; i < dn.dn_len; i++) { 4366 const designator *dr = dn.dn_items + i; 4367 if (dr->dr_kind == DK_SUBSCRIPT) { 4368 if (tp->t_tspec != ARRAY) 4369 goto proceed; /* silent error */ 4370 tp = tp->t_subt; 4371 offset_in_bits += (unsigned)dr->dr_subscript 4372 * type_size_in_bits(tp); 4373 } else { 4374 if (!is_struct_or_union(tp->t_tspec)) 4375 goto proceed; /* silent error */ 4376 const char *name = dr->dr_member->s_name; 4377 sym_t *mem = find_member(tp->u.sou, name); 4378 if (mem == NULL) { 4379 /* type '%s' does not have member '%s' */ 4380 error(101, name, type_name(tp)); 4381 goto proceed; 4382 } 4383 tp = mem->s_type; 4384 offset_in_bits += mem->u.s_member.sm_offset_in_bits; 4385 } 4386 } 4387 free(dn.dn_items); 4388 4389 proceed:; 4390 unsigned int offset_in_bytes = offset_in_bits / CHAR_SIZE; 4391 tnode_t *tn = build_integer_constant(SIZEOF_TSPEC, offset_in_bytes); 4392 tn->tn_system_dependent = true; 4393 return tn; 4394 } 4395 4396 unsigned int 4397 type_size_in_bits(const type_t *tp) 4398 { 4399 4400 unsigned int elem = 1; 4401 bool flex = false; 4402 lint_assert(tp != NULL); 4403 while (tp->t_tspec == ARRAY) { 4404 flex = true; /* allow c99 flex arrays [] [0] */ 4405 elem *= tp->u.dimension; 4406 tp = tp->t_subt; 4407 } 4408 if (elem == 0 && !flex) { 4409 /* cannot take size/alignment of incomplete type */ 4410 error(143); 4411 elem = 1; 4412 } 4413 4414 unsigned int elsz; 4415 switch (tp->t_tspec) { 4416 case VOID: 4417 /* cannot take size/alignment of void */ 4418 error(146); 4419 elsz = 1; 4420 break; 4421 case FUNC: 4422 /* cannot take size/alignment of function type '%s' */ 4423 error(144, type_name(tp)); 4424 elsz = 1; 4425 break; 4426 case STRUCT: 4427 case UNION: 4428 if (is_incomplete(tp)) { 4429 /* cannot take size/alignment of incomplete type */ 4430 error(143); 4431 elsz = 1; 4432 } else 4433 elsz = tp->u.sou->sou_size_in_bits; 4434 break; 4435 case ENUM: 4436 if (is_incomplete(tp)) { 4437 /* cannot take size/alignment of incomplete type */ 4438 warning(143); 4439 } 4440 /* FALLTHROUGH */ 4441 default: 4442 if (tp->t_bitfield) 4443 /* cannot take size/alignment of bit-field */ 4444 error(145); 4445 elsz = size_in_bits(tp->t_tspec); 4446 lint_assert(elsz > 0); 4447 break; 4448 } 4449 4450 return elem * elsz; 4451 } 4452 4453 /* C11 6.5.3.4, GCC */ 4454 tnode_t * 4455 build_alignof(const type_t *tp) 4456 { 4457 if (tp->t_tspec == FUNC) { 4458 /* cannot take size/alignment of function type '%s' */ 4459 error(144, type_name(tp)); 4460 return NULL; 4461 } 4462 if (tp->t_tspec == VOID) { 4463 /* cannot take size/alignment of void */ 4464 error(146); 4465 return NULL; 4466 } 4467 if (is_incomplete(tp)) { 4468 /* cannot take size/alignment of incomplete type */ 4469 error(143); 4470 return NULL; 4471 } 4472 if (tp->t_bitfield) { 4473 /* cannot take size/alignment of bit-field */ 4474 error(145); 4475 return NULL; 4476 } 4477 return build_integer_constant(SIZEOF_TSPEC, (int64_t)alignment(tp)); 4478 } 4479 4480 static tnode_t * 4481 cast_to_union(tnode_t *otn, bool sys, type_t *ntp) 4482 { 4483 4484 if (!allow_gcc) { 4485 /* union cast is a GCC extension */ 4486 error(328); 4487 return NULL; 4488 } 4489 4490 for (const sym_t *m = ntp->u.sou->sou_first_member; 4491 m != NULL; m = m->s_next) { 4492 if (types_compatible(m->s_type, otn->tn_type, 4493 false, false, NULL)) { 4494 tnode_t *ntn = build_op(CVT, sys, ntp, otn, NULL); 4495 ntn->tn_cast = true; 4496 return ntn; 4497 } 4498 } 4499 4500 /* type '%s' is not a member of '%s' */ 4501 error(329, type_name(otn->tn_type), type_name(ntp)); 4502 return NULL; 4503 } 4504 4505 // In GCC mode, allow 'nullptr + offset' as a constant expression. 4506 static tnode_t * 4507 null_pointer_offset(tnode_t *tn) 4508 { 4509 uint64_t off = 0; 4510 const tnode_t *n = tn; 4511 while ((n->tn_op == PLUS || n->tn_op == MINUS) 4512 && is_integer(n->u.ops.right->tn_type->t_tspec)) { 4513 off += (uint64_t)n->u.ops.right->u.value.u.integer; 4514 n = n->u.ops.left; 4515 } 4516 if (n->tn_type->t_tspec == PTR 4517 && n->tn_op == ADDR 4518 && n->u.ops.left->tn_op == INDIR 4519 && n->u.ops.left->u.ops.left->tn_op == CON 4520 && n->u.ops.left->u.ops.left->tn_type->t_tspec == PTR) { 4521 off += (uint64_t)n->u.ops.left->u.ops.left->u.value.u.integer; 4522 return build_integer_constant(SIZEOF_TSPEC, (int64_t)off); 4523 } 4524 return tn; 4525 } 4526 4527 tnode_t * 4528 cast(tnode_t *tn, bool sys, type_t *tp) 4529 { 4530 4531 if (tn == NULL) 4532 return NULL; 4533 4534 tn = cconv(tn); 4535 4536 lint_assert(tp != NULL); 4537 tspec_t nt = tp->t_tspec; 4538 tspec_t ot = tn->tn_type->t_tspec; 4539 4540 if (nt == VOID) { 4541 /* 4542 * C90 6.3.4, C99 6.5.4p2 and C11 6.5.4p2 allow any type to be 4543 * cast to void. The only other allowed casts are from a 4544 * scalar type to a scalar type. 4545 */ 4546 } else if (nt == UNION) 4547 return cast_to_union(tn, sys, tp); 4548 else if (nt == STRUCT || nt == ARRAY || nt == FUNC) { 4549 /* Casting to a struct is an undocumented GCC extension. */ 4550 if (!(allow_gcc && nt == STRUCT)) 4551 goto invalid_cast; 4552 } else if (is_struct_or_union(ot)) 4553 goto invalid_cast; 4554 else if (ot == VOID) { 4555 /* improper cast of void expression */ 4556 error(148); 4557 return NULL; 4558 } else if (is_integer(nt) && is_scalar(ot)) { 4559 tn = null_pointer_offset(tn); 4560 } else if (is_floating(nt) && is_arithmetic(ot)) { 4561 /* ok */ 4562 } else if (nt == PTR && is_integer(ot)) { 4563 /* ok */ 4564 } else if (nt == PTR && ot == PTR) { 4565 if (!tp->t_subt->t_const && tn->tn_type->t_subt->t_const) { 4566 if (hflag) 4567 /* cast discards 'const' from type '%s' */ 4568 warning(275, type_name(tn->tn_type)); 4569 } 4570 } else 4571 goto invalid_cast; 4572 4573 if (any_query_enabled 4574 && types_compatible(tp, tn->tn_type, false, false, NULL)) 4575 /* no-op cast from '%s' to '%s' */ 4576 query_message(6, expr_type_name(tn), type_name(tp)); 4577 4578 tn = convert(CVT, 0, tp, tn); 4579 tn->tn_cast = true; 4580 tn->tn_sys = sys; 4581 4582 return tn; 4583 4584 invalid_cast: 4585 /* invalid cast from '%s' to '%s' */ 4586 error(147, expr_type_name(tn), type_name(tp)); 4587 return NULL; 4588 } 4589 4590 void 4591 add_function_argument(function_call *call, tnode_t *arg) 4592 { 4593 /* 4594 * If there was a serious error in the expression for the argument, 4595 * create a dummy argument so the positions of the remaining arguments 4596 * will not change. 4597 */ 4598 if (arg == NULL) 4599 arg = build_integer_constant(INT, 0); 4600 4601 if (call->args_len >= call->args_cap) { 4602 call->args_cap += 8; 4603 tnode_t **new_args = expr_zero_alloc( 4604 call->args_cap * sizeof(*call->args), "tnode*[]"); 4605 if (call->args_len > 0) 4606 memcpy(new_args, call->args, 4607 call->args_len * sizeof(*call->args)); 4608 call->args = new_args; 4609 } 4610 call->args[call->args_len++] = arg; 4611 } 4612 4613 /* 4614 * Compare the type of an argument with the corresponding type of a 4615 * prototype parameter. If it is a valid combination, but both types 4616 * are not the same, insert a conversion to convert the argument into 4617 * the type of the parameter. 4618 */ 4619 static tnode_t * 4620 check_prototype_argument(const function_call *call, int arg, 4621 type_t *tp, tnode_t *tn) 4622 { 4623 tnode_t *ln = xcalloc(1, sizeof(*ln)); 4624 ln->tn_type = expr_unqualified_type(tp); 4625 ln->tn_lvalue = true; 4626 if (typeok(FARG, call, arg, ln, tn)) { 4627 bool dowarn; 4628 if (!types_compatible(tp, tn->tn_type, 4629 true, false, (dowarn = false, &dowarn)) || dowarn) 4630 tn = convert(FARG, arg, tp, tn); 4631 } 4632 free(ln); 4633 return tn; 4634 } 4635 4636 /* 4637 * Check types of all function arguments and insert conversions, 4638 * if necessary. 4639 */ 4640 static void 4641 check_function_arguments(const function_call *call) 4642 { 4643 type_t *ftp = call->func->tn_type->t_subt; 4644 4645 /* get # of parameters in the prototype */ 4646 int npar = 0; 4647 for (const sym_t *p = ftp->u.params; p != NULL; p = p->s_next) 4648 npar++; 4649 4650 int narg = (int)call->args_len; 4651 4652 const sym_t *param = ftp->u.params; 4653 if (ftp->t_proto && npar != narg && !(ftp->t_vararg && npar < narg)) { 4654 /* argument mismatch: %d %s passed, %d expected */ 4655 error(150, narg, narg != 1 ? "arguments" : "argument", npar); 4656 param = NULL; 4657 } 4658 4659 for (int i = 0; i < narg; i++) { 4660 tnode_t *arg = call->args[i]; 4661 4662 /* some things which are always not allowed */ 4663 tspec_t at = arg->tn_type->t_tspec; 4664 if (at == VOID) { 4665 /* void expressions may not be arguments, arg #%d */ 4666 error(151, i + 1); 4667 return; 4668 } 4669 if (is_struct_or_union(at) && is_incomplete(arg->tn_type)) { 4670 /* argument cannot have unknown size, arg #%d */ 4671 error(152, i + 1); 4672 return; 4673 } 4674 if (is_integer(at) && 4675 arg->tn_type->t_is_enum && 4676 is_incomplete(arg->tn_type)) { 4677 /* argument cannot have unknown size, arg #%d */ 4678 warning(152, i + 1); 4679 } 4680 4681 arg = cconv(arg); 4682 call->args[i] = arg; 4683 4684 arg = param != NULL 4685 ? check_prototype_argument(call, i + 1, param->s_type, arg) 4686 : promote(NOOP, true, arg); 4687 call->args[i] = arg; 4688 4689 if (param != NULL) 4690 param = param->s_next; 4691 } 4692 } 4693 4694 static bool 4695 is_gcc_generic_atomic(const char *name) 4696 { 4697 // https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html 4698 return strcmp(name, "__atomic_load_n") == 0 4699 || strcmp(name, "__atomic_exchange_n") == 0 4700 || strcmp(name, "__atomic_add_fetch") == 0 4701 || strcmp(name, "__atomic_sub_fetch") == 0 4702 || strcmp(name, "__atomic_and_fetch") == 0 4703 || strcmp(name, "__atomic_xor_fetch") == 0 4704 || strcmp(name, "__atomic_or_fetch") == 0 4705 || strcmp(name, "__atomic_nand_fetch") == 0 4706 || strcmp(name, "__atomic_fetch_add") == 0 4707 || strcmp(name, "__atomic_fetch_sub") == 0 4708 || strcmp(name, "__atomic_fetch_and") == 0 4709 || strcmp(name, "__atomic_fetch_xor") == 0 4710 || strcmp(name, "__atomic_fetch_or") == 0 4711 || strcmp(name, "__atomic_fetch_nand") == 0; 4712 } 4713 4714 static type_t * 4715 return_type(const function_call *call) 4716 { 4717 const tnode_t *func = call->func; 4718 if (allow_gcc 4719 && func->tn_op == ADDR 4720 && func->u.ops.left->tn_op == NAME 4721 && is_gcc_generic_atomic(func->u.ops.left->u.sym->s_name) 4722 && call->args_len > 0 4723 && call->args[0]->tn_type->t_tspec == PTR) 4724 return call->args[0]->tn_type->t_subt; 4725 return func->tn_type->t_subt->t_subt; 4726 } 4727 4728 tnode_t * 4729 build_function_call(tnode_t *func, bool sys, function_call *call) 4730 { 4731 4732 if (func == NULL) 4733 return NULL; 4734 4735 call->func = func; 4736 check_ctype_function_call(call); 4737 4738 func = cconv(func); 4739 call->func = func; 4740 4741 if (func->tn_type->t_tspec != PTR || 4742 func->tn_type->t_subt->t_tspec != FUNC) { 4743 /* cannot call '%s', must be a function */ 4744 error(149, expr_type_name(func)); 4745 return NULL; 4746 } 4747 4748 check_function_arguments(call); 4749 4750 tnode_t *ntn = expr_alloc_tnode(); 4751 ntn->tn_op = CALL; 4752 ntn->tn_type = return_type(call); 4753 ntn->tn_sys = sys; 4754 ntn->u.call = call; 4755 return ntn; 4756 } 4757 4758 /* 4759 * Return the value of an integral constant expression. 4760 * If the expression is not constant or its type is not an integer 4761 * type, an error message is printed. 4762 */ 4763 val_t * 4764 integer_constant(tnode_t *tn, bool required) 4765 { 4766 4767 if (tn != NULL) 4768 tn = cconv(tn); 4769 if (tn != NULL) 4770 tn = promote(NOOP, false, tn); 4771 4772 val_t *v = xcalloc(1, sizeof(*v)); 4773 4774 if (tn == NULL) { 4775 lint_assert(seen_error); 4776 debug_step("constant node is null; returning 1 instead"); 4777 v->v_tspec = INT; 4778 v->u.integer = 1; 4779 return v; 4780 } 4781 4782 v->v_tspec = tn->tn_type->t_tspec; 4783 4784 if (tn->tn_op == CON) { 4785 lint_assert(tn->tn_type->t_tspec == tn->u.value.v_tspec); 4786 if (is_integer(tn->u.value.v_tspec)) { 4787 v->v_unsigned_since_c90 = 4788 tn->u.value.v_unsigned_since_c90; 4789 v->u.integer = tn->u.value.u.integer; 4790 return v; 4791 } 4792 v->u.integer = (int64_t)tn->u.value.u.floating; 4793 } else 4794 v->u.integer = 1; 4795 4796 if (required) 4797 /* integral constant expression expected */ 4798 error(55); 4799 else 4800 /* variable array dimension is a C99/GCC extension */ 4801 c99ism(318); 4802 4803 if (!is_integer(v->v_tspec)) 4804 v->v_tspec = INT; 4805 4806 return v; 4807 } 4808 4809 /* 4810 * Perform some tests on expressions which can't be done in build_binary() 4811 * and functions called by build_binary(). These tests must be done here 4812 * because we need some information about the context in which the operations 4813 * are performed. 4814 * After all tests are performed, if free_expr is true, expr() frees the 4815 * memory for the expression. 4816 */ 4817 void 4818 expr(tnode_t *tn, bool used, bool cond, bool free_expr, bool is_do_while, 4819 const char *stmt_kind) 4820 { 4821 4822 if (tn == NULL) { /* in case of errors */ 4823 expr_free_all(); 4824 return; 4825 } 4826 4827 /* expr() is also called in global initializations */ 4828 if (dcs->d_kind != DLK_EXTERN && !is_do_while) 4829 check_statement_reachable(stmt_kind); 4830 4831 check_expr_misc(tn, used, cond, !cond, false, false, false); 4832 if (tn->tn_op == ASSIGN && !tn->tn_parenthesized) { 4833 if (hflag && cond) 4834 /* assignment in conditional context */ 4835 warning(159); 4836 } 4837 if (!modtab[tn->tn_op].m_has_side_effect) { 4838 /* 4839 * for left operands of COMMA this warning is already printed 4840 */ 4841 if (tn->tn_op != COMMA && !used && !cond) 4842 check_null_effect(tn); 4843 } 4844 debug_node(tn); 4845 4846 if (free_expr) 4847 expr_free_all(); 4848 } 4849 4850 /* If the expression has the form '*(arr + idx)', check the array index. */ 4851 static void 4852 check_array_index(const tnode_t *indir, bool taking_address) 4853 { 4854 const tnode_t *plus, *arr, *idx; 4855 4856 if (indir->tn_op == INDIR 4857 && (plus = indir->u.ops.left, plus->tn_op == PLUS) 4858 && plus->u.ops.left->tn_op == ADDR 4859 && (arr = plus->u.ops.left->u.ops.left, true) 4860 && (arr->tn_op == STRING || arr->tn_op == NAME) 4861 && arr->tn_type->t_tspec == ARRAY 4862 && (idx = plus->u.ops.right, idx->tn_op == CON) 4863 && (!is_incomplete(arr->tn_type) || idx->u.value.u.integer < 0)) 4864 goto proceed; 4865 return; 4866 4867 proceed:; 4868 int elsz = length_in_bits(arr->tn_type->t_subt, NULL); 4869 if (elsz == 0) 4870 return; 4871 elsz /= CHAR_SIZE; 4872 4873 /* Change the unit of the index from bytes to element size. */ 4874 int64_t con = is_uinteger(idx->tn_type->t_tspec) 4875 ? (int64_t)((uint64_t)idx->u.value.u.integer / elsz) 4876 : idx->u.value.u.integer / elsz; 4877 4878 int dim = arr->tn_type->u.dimension + (taking_address ? 1 : 0); 4879 4880 if (!is_uinteger(idx->tn_type->t_tspec) && con < 0) 4881 /* array subscript %jd cannot be negative */ 4882 warning(167, (intmax_t)con); 4883 else if (dim > 0 && (uint64_t)con >= (uint64_t)dim) 4884 /* array subscript %ju cannot be > %d */ 4885 warning(168, (uintmax_t)con, dim - 1); 4886 } 4887 4888 static void 4889 check_expr_addr(const tnode_t *ln, bool szof, bool fcall) 4890 { 4891 /* XXX: Taking warn_about_unreachable into account here feels wrong. */ 4892 if (ln->tn_op == NAME && (reached || !warn_about_unreachable)) { 4893 if (!szof) 4894 mark_as_set(ln->u.sym); 4895 mark_as_used(ln->u.sym, fcall, szof); 4896 } 4897 check_array_index(ln, true); 4898 } 4899 4900 /* 4901 * If there is an asm statement in one of the compound statements around, 4902 * there may be other side effects, so don't warn. 4903 */ 4904 static bool 4905 is_asm_around(void) 4906 { 4907 for (decl_level *dl = dcs; dl != NULL; dl = dl->d_enclosing) 4908 if (dl->d_asm) 4909 return true; 4910 return false; 4911 } 4912 4913 static void 4914 check_expr_side_effect(const tnode_t *ln, bool szof) 4915 { 4916 4917 /* XXX: Taking warn_about_unreachable into account here feels wrong. */ 4918 if (ln->tn_op == NAME && (reached || !warn_about_unreachable)) { 4919 scl_t sc = ln->u.sym->s_scl; 4920 if (sc != EXTERN && sc != STATIC && 4921 !ln->u.sym->s_set && !szof && !is_asm_around()) { 4922 /* '%s' may be used before set */ 4923 warning(158, ln->u.sym->s_name); 4924 mark_as_set(ln->u.sym); 4925 } 4926 mark_as_used(ln->u.sym, false, false); 4927 } 4928 } 4929 4930 static void 4931 check_expr_assign(const tnode_t *ln, bool szof) 4932 { 4933 /* XXX: Taking warn_about_unreachable into account here feels wrong. */ 4934 if (ln->tn_op == NAME && !szof && (reached || !warn_about_unreachable)) { 4935 mark_as_set(ln->u.sym); 4936 if (ln->u.sym->s_scl == EXTERN) 4937 outusg(ln->u.sym); 4938 } 4939 check_array_index(ln, false); 4940 } 4941 4942 static void 4943 check_expr_call(const tnode_t *tn, const tnode_t *ln, 4944 bool szof, bool vctx, bool cond, bool retval_discarded) 4945 { 4946 lint_assert(ln->tn_op == ADDR); 4947 lint_assert(ln->u.ops.left->tn_op == NAME); 4948 if (!szof && !is_compiler_builtin(ln->u.ops.left->u.sym->s_name)) 4949 outcall(tn, vctx || cond, retval_discarded); 4950 4951 const function_call *call = tn->u.call; 4952 if (call->args_len == 4 || call->args_len == 5) 4953 check_snprintb(call); 4954 } 4955 4956 static void 4957 check_expr_op(op_t op, const tnode_t *ln, bool szof, bool fcall, bool eqwarn) 4958 { 4959 switch (op) { 4960 case ADDR: 4961 check_expr_addr(ln, szof, fcall); 4962 break; 4963 case LOAD: 4964 check_array_index(ln, false); 4965 /* FALLTHROUGH */ 4966 case INCBEF: 4967 case DECBEF: 4968 case INCAFT: 4969 case DECAFT: 4970 case ADDASS: 4971 case SUBASS: 4972 case MULASS: 4973 case DIVASS: 4974 case MODASS: 4975 case ANDASS: 4976 case ORASS: 4977 case XORASS: 4978 case SHLASS: 4979 case SHRASS: 4980 case REAL: 4981 case IMAG: 4982 check_expr_side_effect(ln, szof); 4983 break; 4984 case ASSIGN: 4985 check_expr_assign(ln, szof); 4986 break; 4987 case EQ: 4988 if (hflag && eqwarn) 4989 /* operator '==' found where '=' was expected */ 4990 warning(160); 4991 break; 4992 default: 4993 break; 4994 } 4995 } 4996 4997 /* 4998 * vctx ??? 4999 * cond whether the expression is a condition that 5000 * will be compared with 0 5001 * eqwarn whether the operator '==' might be a 5002 * misspelled '=' 5003 * fcall whether the expression is a function call 5004 * retval_discarded whether the return value of a function call 5005 * is discarded; such calls will be analyzed by 5006 * lint2 in messages 4, 8 and 9 5007 * szof whether the expression is part of a sizeof 5008 * expression, which means that its value is 5009 * discarded since only the type is relevant 5010 */ 5011 void 5012 check_expr_misc(const tnode_t *tn, bool vctx, bool cond, 5013 bool eqwarn, bool fcall, bool retval_discarded, bool szof) 5014 { 5015 5016 if (tn == NULL) 5017 return; 5018 op_t op = tn->tn_op; 5019 if (op == NAME || op == CON || op == STRING) 5020 return; 5021 bool is_direct = op == CALL 5022 && tn->u.call->func->tn_op == ADDR 5023 && tn->u.call->func->u.ops.left->tn_op == NAME; 5024 if (op == CALL) { 5025 const function_call *call = tn->u.call; 5026 if (is_direct) 5027 check_expr_call(tn, call->func, 5028 szof, vctx, cond, retval_discarded); 5029 bool discard = op == CVT && tn->tn_type->t_tspec == VOID; 5030 check_expr_misc(call->func, false, false, false, is_direct, 5031 discard, szof); 5032 for (size_t i = 0, n = call->args_len; i < n; i++) 5033 check_expr_misc(call->args[i], 5034 true, false, false, false, false, szof); 5035 return; 5036 } 5037 5038 lint_assert(has_operands(tn)); 5039 tnode_t *ln = tn->u.ops.left; 5040 tnode_t *rn = tn->u.ops.right; 5041 check_expr_op(op, ln, szof, fcall, eqwarn); 5042 5043 const mod_t *mp = &modtab[op]; 5044 bool cvctx = mp->m_value_context; 5045 bool ccond = mp->m_compares_with_zero; 5046 bool eq = mp->m_warn_if_operand_eq && 5047 !ln->tn_parenthesized && 5048 rn != NULL && !rn->tn_parenthesized; 5049 5050 /* 5051 * Values of operands of ':' are not used if the type of at least 5052 * one of the operands (for GCC compatibility) is 'void'. 5053 * 5054 * XXX test/value context of QUEST should probably be used as 5055 * context for both operands of COLON. 5056 */ 5057 if (op == COLON && tn->tn_type->t_tspec == VOID) 5058 cvctx = ccond = false; 5059 bool discard = op == CVT && tn->tn_type->t_tspec == VOID; 5060 check_expr_misc(ln, cvctx, ccond, eq, is_direct, discard, szof); 5061 5062 switch (op) { 5063 case LOGAND: 5064 case LOGOR: 5065 check_expr_misc(rn, false, true, eq, false, false, szof); 5066 break; 5067 case COLON: 5068 check_expr_misc(rn, cvctx, ccond, eq, false, false, szof); 5069 break; 5070 case COMMA: 5071 check_expr_misc(rn, vctx, cond, false, false, false, szof); 5072 break; 5073 default: 5074 if (mp->m_binary) 5075 check_expr_misc(rn, true, false, eq, false, false, 5076 szof); 5077 break; 5078 } 5079 } 5080 5081 /* 5082 * Return whether the expression can be used for static initialization. 5083 * 5084 * Constant initialization expressions must be constant or an address 5085 * of a static object with an optional offset. In the first case, 5086 * the result is returned in *offsp. In the second case, the static 5087 * object is returned in *symp and the offset in *offsp. 5088 * 5089 * The expression can consist of PLUS, MINUS, ADDR, NAME, STRING and 5090 * CON. Type conversions are allowed if they do not change binary 5091 * representation (including width). 5092 * 5093 * C99 6.6 "Constant expressions" 5094 * C99 6.7.8p4 restricts initializers for static storage duration 5095 */ 5096 bool 5097 constant_addr(const tnode_t *tn, const sym_t **symp, ptrdiff_t *offsp) 5098 { 5099 const sym_t *sym; 5100 ptrdiff_t offs1, offs2; 5101 tspec_t t, ot; 5102 5103 switch (tn->tn_op) { 5104 case MINUS: 5105 if (tn->u.ops.right->tn_op == CVT) 5106 return constant_addr(tn->u.ops.right, symp, offsp); 5107 if (tn->u.ops.right->tn_op != CON) 5108 return false; 5109 /* FALLTHROUGH */ 5110 case PLUS: 5111 offs1 = offs2 = 0; 5112 if (tn->u.ops.left->tn_op == CON) { 5113 offs1 = (ptrdiff_t)tn->u.ops.left->u.value.u.integer; 5114 if (!constant_addr(tn->u.ops.right, &sym, &offs2)) 5115 return false; 5116 } else if (tn->u.ops.right->tn_op == CON) { 5117 offs2 = (ptrdiff_t)tn->u.ops.right->u.value.u.integer; 5118 if (tn->tn_op == MINUS) 5119 offs2 = -offs2; 5120 if (!constant_addr(tn->u.ops.left, &sym, &offs1)) 5121 return false; 5122 } else { 5123 return false; 5124 } 5125 *symp = sym; 5126 *offsp = offs1 + offs2; 5127 return true; 5128 case ADDR: 5129 if (tn->u.ops.left->tn_op == NAME) { 5130 *symp = tn->u.ops.left->u.sym; 5131 *offsp = 0; 5132 return true; 5133 } 5134 *symp = NULL; 5135 *offsp = 0; 5136 return true; 5137 case CVT: 5138 t = tn->tn_type->t_tspec; 5139 ot = tn->u.ops.left->tn_type->t_tspec; 5140 if ((!is_integer(t) && t != PTR) || 5141 (!is_integer(ot) && ot != PTR)) { 5142 return false; 5143 } 5144 #if 0 5145 /*- 5146 * consider: 5147 * struct foo { 5148 * unsigned char a; 5149 * } f = { 5150 * (unsigned char)(unsigned long) 5151 * (&(((struct foo *)0)->a)) 5152 * }; 5153 * since psize(unsigned long) != psize(unsigned char), 5154 * this fails. 5155 */ 5156 else if (psize(t) != psize(ot)) 5157 return -1; 5158 #endif 5159 return constant_addr(tn->u.ops.left, symp, offsp); 5160 default: 5161 return false; 5162 } 5163 } 5164 5165 /* Append s2 to s1, then free s2. */ 5166 buffer * 5167 cat_strings(buffer *s1, buffer *s2) 5168 { 5169 5170 if ((s1->data != NULL) != (s2->data != NULL)) { 5171 /* cannot concatenate wide and regular string literals */ 5172 error(292); 5173 return s1; 5174 } 5175 5176 if (s1->data != NULL) { 5177 while (s1->len + s2->len + 1 > s1->cap) 5178 s1->cap *= 2; 5179 s1->data = xrealloc(s1->data, s1->cap); 5180 memcpy(s1->data + s1->len, s2->data, s2->len + 1); 5181 free(s2->data); 5182 } 5183 s1->len += s2->len; 5184 free(s2); 5185 5186 return s1; 5187 } 5188 5189 5190 typedef struct stmt_expr { 5191 memory_pool se_mem; 5192 sym_t *se_sym; 5193 struct stmt_expr *se_enclosing; 5194 } stmt_expr; 5195 5196 static stmt_expr *stmt_exprs; 5197 5198 void 5199 begin_statement_expr(void) 5200 { 5201 debug_enter(); 5202 5203 stmt_expr *se = xmalloc(sizeof(*se)); 5204 se->se_mem = expr_save_memory(); 5205 se->se_sym = NULL; 5206 se->se_enclosing = stmt_exprs; 5207 stmt_exprs = se; 5208 } 5209 5210 void 5211 do_statement_expr(tnode_t *tn) 5212 { 5213 block_level--; 5214 mem_block_level--; 5215 stmt_exprs->se_sym = tn != NULL 5216 ? mktempsym(block_dup_type(tn->tn_type)) 5217 : NULL; /* after a syntax error */ 5218 mem_block_level++; 5219 block_level++; 5220 /* '({ ... })' is a GCC extension */ 5221 gnuism(320); 5222 } 5223 5224 tnode_t * 5225 end_statement_expr(void) 5226 { 5227 tnode_t *tn; 5228 5229 stmt_expr *se = stmt_exprs; 5230 if (se->se_sym == NULL) { 5231 tn = NULL; /* after a syntax error */ 5232 goto end; 5233 } 5234 5235 tn = build_name(se->se_sym, false); 5236 (void)expr_save_memory(); /* leak */ 5237 expr_restore_memory(se->se_mem); 5238 stmt_exprs = se->se_enclosing; 5239 free(se); 5240 5241 end: 5242 debug_leave(); 5243 return tn; 5244 } 5245 5246 bool 5247 in_statement_expr(void) 5248 { 5249 return stmt_exprs != NULL; 5250 } 5251
Indexes created Sat Feb 21 16:20:20 UTC 2026