Bug Summary

File:tools/clang/lib/Lex/MacroArgs.cpp
Warning:line 70, column 15
Called C++ object pointer is null

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name MacroArgs.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -mthread-model posix -relaxed-aliasing -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -momit-leaf-frame-pointer -ffunction-sections -fdata-sections -resource-dir /usr/lib/llvm-9/lib/clang/9.0.0 -D CLANG_VENDOR="Debian " -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-9~svn358860/build-llvm/tools/clang/lib/Lex -I /build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex -I /build/llvm-toolchain-snapshot-9~svn358860/tools/clang/include -I /build/llvm-toolchain-snapshot-9~svn358860/build-llvm/tools/clang/include -I /build/llvm-toolchain-snapshot-9~svn358860/build-llvm/include -I /build/llvm-toolchain-snapshot-9~svn358860/include -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0/backward -internal-isystem /usr/include/clang/9.0.0/include/ -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-9/lib/clang/9.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-comment -std=c++11 -fdeprecated-macro -fdebug-compilation-dir /build/llvm-toolchain-snapshot-9~svn358860/build-llvm/tools/clang/lib/Lex -fdebug-prefix-map=/build/llvm-toolchain-snapshot-9~svn358860=. -ferror-limit 19 -fmessage-length 0 -fvisibility-inlines-hidden -stack-protector 2 -fobjc-runtime=gcc -fno-common -fdiagnostics-show-option -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -o /tmp/scan-build-2019-04-22-050718-5320-1 -x c++ /build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp -faddrsig
1//===--- MacroArgs.cpp - Formal argument info for Macros ------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file implements the MacroArgs interface.
10//
11//===----------------------------------------------------------------------===//
12
13#include "clang/Lex/MacroArgs.h"
14#include "clang/Lex/LexDiagnostic.h"
15#include "clang/Lex/MacroInfo.h"
16#include "clang/Lex/Preprocessor.h"
17#include "llvm/ADT/SmallString.h"
18#include "llvm/Support/SaveAndRestore.h"
19#include <algorithm>
20
21using namespace clang;
22
23/// MacroArgs ctor function - This destroys the vector passed in.
24MacroArgs *MacroArgs::create(const MacroInfo *MI,
25 ArrayRef<Token> UnexpArgTokens,
26 bool VarargsElided, Preprocessor &PP) {
27 assert(MI->isFunctionLike() &&((MI->isFunctionLike() && "Can't have args for an object-like macro!"
) ? static_cast<void> (0) : __assert_fail ("MI->isFunctionLike() && \"Can't have args for an object-like macro!\""
, "/build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp"
, 28, __PRETTY_FUNCTION__))
1
Assuming the condition is true
2
'?' condition is true
28 "Can't have args for an object-like macro!")((MI->isFunctionLike() && "Can't have args for an object-like macro!"
) ? static_cast<void> (0) : __assert_fail ("MI->isFunctionLike() && \"Can't have args for an object-like macro!\""
, "/build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp"
, 28, __PRETTY_FUNCTION__))
;
29 MacroArgs **ResultEnt = nullptr;
30 unsigned ClosestMatch = ~0U;
31
32 // See if we have an entry with a big enough argument list to reuse on the
33 // free list. If so, reuse it.
34 for (MacroArgs **Entry = &PP.MacroArgCache; *Entry;
3
Loop condition is false. Execution continues on line 47
35 Entry = &(*Entry)->ArgCache) {
36 if ((*Entry)->NumUnexpArgTokens >= UnexpArgTokens.size() &&
37 (*Entry)->NumUnexpArgTokens < ClosestMatch) {
38 ResultEnt = Entry;
39
40 // If we have an exact match, use it.
41 if ((*Entry)->NumUnexpArgTokens == UnexpArgTokens.size())
42 break;
43 // Otherwise, use the best fit.
44 ClosestMatch = (*Entry)->NumUnexpArgTokens;
45 }
46 }
47 MacroArgs *Result;
48 if (!ResultEnt) {
4
Taking true branch
49 // Allocate memory for a MacroArgs object with the lexer tokens at the end,
50 // and construct the MacroArgs object.
51 Result = new (
5
Null pointer value stored to 'Result'
52 llvm::safe_malloc(totalSizeToAlloc<Token>(UnexpArgTokens.size())))
53 MacroArgs(UnexpArgTokens.size(), VarargsElided, MI->getNumParams());
54 } else {
55 Result = *ResultEnt;
56 // Unlink this node from the preprocessors singly linked list.
57 *ResultEnt = Result->ArgCache;
58 Result->NumUnexpArgTokens = UnexpArgTokens.size();
59 Result->VarargsElided = VarargsElided;
60 Result->NumMacroArgs = MI->getNumParams();
61 }
62
63 // Copy the actual unexpanded tokens to immediately after the result ptr.
64 if (!UnexpArgTokens.empty()) {
6
Assuming the condition is true
7
Taking true branch
65 static_assert(std::is_trivial<Token>::value,
66 "assume trivial copyability if copying into the "
67 "uninitialized array (as opposed to reusing a cached "
68 "MacroArgs)");
69 std::copy(UnexpArgTokens.begin(), UnexpArgTokens.end(),
70 Result->getTrailingObjects<Token>());
8
Called C++ object pointer is null
71 }
72
73 return Result;
74}
75
76/// destroy - Destroy and deallocate the memory for this object.
77///
78void MacroArgs::destroy(Preprocessor &PP) {
79 StringifiedArgs.clear();
80
81 // Don't clear PreExpArgTokens, just clear the entries. Clearing the entries
82 // would deallocate the element vectors.
83 for (unsigned i = 0, e = PreExpArgTokens.size(); i != e; ++i)
84 PreExpArgTokens[i].clear();
85
86 // Add this to the preprocessor's free list.
87 ArgCache = PP.MacroArgCache;
88 PP.MacroArgCache = this;
89}
90
91/// deallocate - This should only be called by the Preprocessor when managing
92/// its freelist.
93MacroArgs *MacroArgs::deallocate() {
94 MacroArgs *Next = ArgCache;
95
96 // Run the dtor to deallocate the vectors.
97 this->~MacroArgs();
98 // Release the memory for the object.
99 static_assert(std::is_trivially_destructible<Token>::value,
100 "assume trivially destructible and forego destructors");
101 free(this);
102
103 return Next;
104}
105
106
107/// getArgLength - Given a pointer to an expanded or unexpanded argument,
108/// return the number of tokens, not counting the EOF, that make up the
109/// argument.
110unsigned MacroArgs::getArgLength(const Token *ArgPtr) {
111 unsigned NumArgTokens = 0;
112 for (; ArgPtr->isNot(tok::eof); ++ArgPtr)
113 ++NumArgTokens;
114 return NumArgTokens;
115}
116
117
118/// getUnexpArgument - Return the unexpanded tokens for the specified formal.
119///
120const Token *MacroArgs::getUnexpArgument(unsigned Arg) const {
121
122 assert(Arg < getNumMacroArguments() && "Invalid arg #")((Arg < getNumMacroArguments() && "Invalid arg #")
? static_cast<void> (0) : __assert_fail ("Arg < getNumMacroArguments() && \"Invalid arg #\""
, "/build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp"
, 122, __PRETTY_FUNCTION__))
;
123 // The unexpanded argument tokens start immediately after the MacroArgs object
124 // in memory.
125 const Token *Start = getTrailingObjects<Token>();
126 const Token *Result = Start;
127
128 // Scan to find Arg.
129 for (; Arg; ++Result) {
130 assert(Result < Start+NumUnexpArgTokens && "Invalid arg #")((Result < Start+NumUnexpArgTokens && "Invalid arg #"
) ? static_cast<void> (0) : __assert_fail ("Result < Start+NumUnexpArgTokens && \"Invalid arg #\""
, "/build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp"
, 130, __PRETTY_FUNCTION__))
;
131 if (Result->is(tok::eof))
132 --Arg;
133 }
134 assert(Result < Start+NumUnexpArgTokens && "Invalid arg #")((Result < Start+NumUnexpArgTokens && "Invalid arg #"
) ? static_cast<void> (0) : __assert_fail ("Result < Start+NumUnexpArgTokens && \"Invalid arg #\""
, "/build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp"
, 134, __PRETTY_FUNCTION__))
;
135 return Result;
136}
137
138// This function assumes that the variadic arguments are the tokens
139// corresponding to the last parameter (ellipsis) - and since tokens are
140// separated by the 'eof' token, if that is the only token corresponding to that
141// last parameter, we know no variadic arguments were supplied.
142bool MacroArgs::invokedWithVariadicArgument(const MacroInfo *const MI) const {
143 if (!MI->isVariadic())
144 return false;
145 const int VariadicArgIndex = getNumMacroArguments() - 1;
146 return getUnexpArgument(VariadicArgIndex)->isNot(tok::eof);
147}
148
149/// ArgNeedsPreexpansion - If we can prove that the argument won't be affected
150/// by pre-expansion, return false. Otherwise, conservatively return true.
151bool MacroArgs::ArgNeedsPreexpansion(const Token *ArgTok,
152 Preprocessor &PP) const {
153 // If there are no identifiers in the argument list, or if the identifiers are
154 // known to not be macros, pre-expansion won't modify it.
155 for (; ArgTok->isNot(tok::eof); ++ArgTok)
156 if (IdentifierInfo *II = ArgTok->getIdentifierInfo())
157 if (II->hasMacroDefinition())
158 // Return true even though the macro could be a function-like macro
159 // without a following '(' token, or could be disabled, or not visible.
160 return true;
161 return false;
162}
163
164/// getPreExpArgument - Return the pre-expanded form of the specified
165/// argument.
166const std::vector<Token> &MacroArgs::getPreExpArgument(unsigned Arg,
167 Preprocessor &PP) {
168 assert(Arg < getNumMacroArguments() && "Invalid argument number!")((Arg < getNumMacroArguments() && "Invalid argument number!"
) ? static_cast<void> (0) : __assert_fail ("Arg < getNumMacroArguments() && \"Invalid argument number!\""
, "/build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp"
, 168, __PRETTY_FUNCTION__))
;
169
170 // If we have already computed this, return it.
171 if (PreExpArgTokens.size() < getNumMacroArguments())
172 PreExpArgTokens.resize(getNumMacroArguments());
173
174 std::vector<Token> &Result = PreExpArgTokens[Arg];
175 if (!Result.empty()) return Result;
176
177 SaveAndRestore<bool> PreExpandingMacroArgs(PP.InMacroArgPreExpansion, true);
178
179 const Token *AT = getUnexpArgument(Arg);
180 unsigned NumToks = getArgLength(AT)+1; // Include the EOF.
181
182 // Otherwise, we have to pre-expand this argument, populating Result. To do
183 // this, we set up a fake TokenLexer to lex from the unexpanded argument
184 // list. With this installed, we lex expanded tokens until we hit the EOF
185 // token at the end of the unexp list.
186 PP.EnterTokenStream(AT, NumToks, false /*disable expand*/,
187 false /*owns tokens*/);
188
189 // Lex all of the macro-expanded tokens into Result.
190 do {
191 Result.push_back(Token());
192 Token &Tok = Result.back();
193 PP.Lex(Tok);
194 } while (Result.back().isNot(tok::eof));
195
196 // Pop the token stream off the top of the stack. We know that the internal
197 // pointer inside of it is to the "end" of the token stream, but the stack
198 // will not otherwise be popped until the next token is lexed. The problem is
199 // that the token may be lexed sometime after the vector of tokens itself is
200 // destroyed, which would be badness.
201 if (PP.InCachingLexMode())
202 PP.ExitCachingLexMode();
203 PP.RemoveTopOfLexerStack();
204 return Result;
205}
206
207
208/// StringifyArgument - Implement C99 6.10.3.2p2, converting a sequence of
209/// tokens into the literal string token that should be produced by the C #
210/// preprocessor operator. If Charify is true, then it should be turned into
211/// a character literal for the Microsoft charize (#@) extension.
212///
213Token MacroArgs::StringifyArgument(const Token *ArgToks,
214 Preprocessor &PP, bool Charify,
215 SourceLocation ExpansionLocStart,
216 SourceLocation ExpansionLocEnd) {
217 Token Tok;
218 Tok.startToken();
219 Tok.setKind(Charify ? tok::char_constant : tok::string_literal);
220
221 const Token *ArgTokStart = ArgToks;
222
223 // Stringify all the tokens.
224 SmallString<128> Result;
225 Result += "\"";
226
227 bool isFirst = true;
228 for (; ArgToks->isNot(tok::eof); ++ArgToks) {
229 const Token &Tok = *ArgToks;
230 if (!isFirst && (Tok.hasLeadingSpace() || Tok.isAtStartOfLine()))
231 Result += ' ';
232 isFirst = false;
233
234 // If this is a string or character constant, escape the token as specified
235 // by 6.10.3.2p2.
236 if (tok::isStringLiteral(Tok.getKind()) || // "foo", u8R"x(foo)x"_bar, etc.
237 Tok.is(tok::char_constant) || // 'x'
238 Tok.is(tok::wide_char_constant) || // L'x'.
239 Tok.is(tok::utf8_char_constant) || // u8'x'.
240 Tok.is(tok::utf16_char_constant) || // u'x'.
241 Tok.is(tok::utf32_char_constant)) { // U'x'.
242 bool Invalid = false;
243 std::string TokStr = PP.getSpelling(Tok, &Invalid);
244 if (!Invalid) {
245 std::string Str = Lexer::Stringify(TokStr);
246 Result.append(Str.begin(), Str.end());
247 }
248 } else if (Tok.is(tok::code_completion)) {
249 PP.CodeCompleteNaturalLanguage();
250 } else {
251 // Otherwise, just append the token. Do some gymnastics to get the token
252 // in place and avoid copies where possible.
253 unsigned CurStrLen = Result.size();
254 Result.resize(CurStrLen+Tok.getLength());
255 const char *BufPtr = Result.data() + CurStrLen;
256 bool Invalid = false;
257 unsigned ActualTokLen = PP.getSpelling(Tok, BufPtr, &Invalid);
258
259 if (!Invalid) {
260 // If getSpelling returned a pointer to an already uniqued version of
261 // the string instead of filling in BufPtr, memcpy it onto our string.
262 if (ActualTokLen && BufPtr != &Result[CurStrLen])
263 memcpy(&Result[CurStrLen], BufPtr, ActualTokLen);
264
265 // If the token was dirty, the spelling may be shorter than the token.
266 if (ActualTokLen != Tok.getLength())
267 Result.resize(CurStrLen+ActualTokLen);
268 }
269 }
270 }
271
272 // If the last character of the string is a \, and if it isn't escaped, this
273 // is an invalid string literal, diagnose it as specified in C99.
274 if (Result.back() == '\\') {
275 // Count the number of consecutive \ characters. If even, then they are
276 // just escaped backslashes, otherwise it's an error.
277 unsigned FirstNonSlash = Result.size()-2;
278 // Guaranteed to find the starting " if nothing else.
279 while (Result[FirstNonSlash] == '\\')
280 --FirstNonSlash;
281 if ((Result.size()-1-FirstNonSlash) & 1) {
282 // Diagnose errors for things like: #define F(X) #X / F(\)
283 PP.Diag(ArgToks[-1], diag::pp_invalid_string_literal);
284 Result.pop_back(); // remove one of the \'s.
285 }
286 }
287 Result += '"';
288
289 // If this is the charify operation and the result is not a legal character
290 // constant, diagnose it.
291 if (Charify) {
292 // First step, turn double quotes into single quotes:
293 Result[0] = '\'';
294 Result[Result.size()-1] = '\'';
295
296 // Check for bogus character.
297 bool isBad = false;
298 if (Result.size() == 3)
299 isBad = Result[1] == '\''; // ''' is not legal. '\' already fixed above.
300 else
301 isBad = (Result.size() != 4 || Result[1] != '\\'); // Not '\x'
302
303 if (isBad) {
304 PP.Diag(ArgTokStart[0], diag::err_invalid_character_to_charify);
305 Result = "' '"; // Use something arbitrary, but legal.
306 }
307 }
308
309 PP.CreateString(Result, Tok,
310 ExpansionLocStart, ExpansionLocEnd);
311 return Tok;
312}
313
314/// getStringifiedArgument - Compute, cache, and return the specified argument
315/// that has been 'stringified' as required by the # operator.
316const Token &MacroArgs::getStringifiedArgument(unsigned ArgNo,
317 Preprocessor &PP,
318 SourceLocation ExpansionLocStart,
319 SourceLocation ExpansionLocEnd) {
320 assert(ArgNo < getNumMacroArguments() && "Invalid argument number!")((ArgNo < getNumMacroArguments() && "Invalid argument number!"
) ? static_cast<void> (0) : __assert_fail ("ArgNo < getNumMacroArguments() && \"Invalid argument number!\""
, "/build/llvm-toolchain-snapshot-9~svn358860/tools/clang/lib/Lex/MacroArgs.cpp"
, 320, __PRETTY_FUNCTION__))
;
321 if (StringifiedArgs.empty())
322 StringifiedArgs.resize(getNumMacroArguments(), {});
323
324 if (StringifiedArgs[ArgNo].isNot(tok::string_literal))
325 StringifiedArgs[ArgNo] = StringifyArgument(getUnexpArgument(ArgNo), PP,
326 /*Charify=*/false,
327 ExpansionLocStart,
328 ExpansionLocEnd);
329 return StringifiedArgs[ArgNo];
330}