1//===--- CGExprScalar.cpp - Emit LLVM Code for Scalar Exprs ---------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This contains code to emit Expr nodes with scalar LLVM types as LLVM code.
10//
11//===----------------------------------------------------------------------===//
12
13#include "CGCXXABI.h"
14#include "CGCleanup.h"
15#include "CGDebugInfo.h"
16#include "CGObjCRuntime.h"
17#include "CGOpenMPRuntime.h"
18#include "CodeGenFunction.h"
19#include "CodeGenModule.h"
20#include "ConstantEmitter.h"
21#include "TargetInfo.h"
22#include "clang/AST/ASTContext.h"
23#include "clang/AST/Attr.h"
24#include "clang/AST/DeclObjC.h"
25#include "clang/AST/Expr.h"
26#include "clang/AST/RecordLayout.h"
27#include "clang/AST/StmtVisitor.h"
28#include "clang/Basic/CodeGenOptions.h"
29#include "clang/Basic/TargetInfo.h"
30#include "llvm/ADT/APFixedPoint.h"
31#include "llvm/ADT/Optional.h"
32#include "llvm/IR/CFG.h"
33#include "llvm/IR/Constants.h"
34#include "llvm/IR/DataLayout.h"
35#include "llvm/IR/FixedPointBuilder.h"
36#include "llvm/IR/Function.h"
37#include "llvm/IR/GetElementPtrTypeIterator.h"
38#include "llvm/IR/GlobalVariable.h"
39#include "llvm/IR/Intrinsics.h"
40#include "llvm/IR/IntrinsicsPowerPC.h"
41#include "llvm/IR/MatrixBuilder.h"
42#include "llvm/IR/Module.h"
43#include <cstdarg>
44
45using namespace clang;
46using namespace CodeGen;
47using llvm::Value;
48
49//===----------------------------------------------------------------------===//
50// Scalar Expression Emitter
51//===----------------------------------------------------------------------===//
52
53namespace {
54
55/// Determine whether the given binary operation may overflow.
56/// Sets \p Result to the value of the operation for BO_Add, BO_Sub, BO_Mul,
57/// and signed BO_{Div,Rem}. For these opcodes, and for unsigned BO_{Div,Rem},
58/// the returned overflow check is precise. The returned value is 'true' for
59/// all other opcodes, to be conservative.
60bool mayHaveIntegerOverflow(llvm::ConstantInt *LHS, llvm::ConstantInt *RHS,
61 BinaryOperator::Opcode Opcode, bool Signed,
62 llvm::APInt &Result) {
63 // Assume overflow is possible, unless we can prove otherwise.
64 bool Overflow = true;
65 const auto &LHSAP = LHS->getValue();
66 const auto &RHSAP = RHS->getValue();
67 if (Opcode == BO_Add) {
68 if (Signed)
69 Result = LHSAP.sadd_ov(RHSAP, Overflow);
70 else
71 Result = LHSAP.uadd_ov(RHSAP, Overflow);
72 } else if (Opcode == BO_Sub) {
73 if (Signed)
74 Result = LHSAP.ssub_ov(RHSAP, Overflow);
75 else
76 Result = LHSAP.usub_ov(RHSAP, Overflow);
77 } else if (Opcode == BO_Mul) {
78 if (Signed)
79 Result = LHSAP.smul_ov(RHSAP, Overflow);
80 else
81 Result = LHSAP.umul_ov(RHSAP, Overflow);
82 } else if (Opcode == BO_Div || Opcode == BO_Rem) {
83 if (Signed && !RHS->isZero())
84 Result = LHSAP.sdiv_ov(RHSAP, Overflow);
85 else
86 return false;
87 }
88 return Overflow;
89}
90
91struct BinOpInfo {
92 Value *LHS;
93 Value *RHS;
94 QualType Ty; // Computation Type.
95 BinaryOperator::Opcode Opcode; // Opcode of BinOp to perform
96 FPOptions FPFeatures;
97 const Expr *E; // Entire expr, for error unsupported. May not be binop.
98
99 /// Check if the binop can result in integer overflow.
100 bool mayHaveIntegerOverflow() const {
101 // Without constant input, we can't rule out overflow.
102 auto *LHSCI = dyn_cast<llvm::ConstantInt>(LHS);
103 auto *RHSCI = dyn_cast<llvm::ConstantInt>(RHS);
104 if (!LHSCI || !RHSCI)
105 return true;
106
107 llvm::APInt Result;
108 return ::mayHaveIntegerOverflow(
109 LHSCI, RHSCI, Opcode, Ty->hasSignedIntegerRepresentation(), Result);
110 }
111
112 /// Check if the binop computes a division or a remainder.
113 bool isDivremOp() const {
114 return Opcode == BO_Div || Opcode == BO_Rem || Opcode == BO_DivAssign ||
115 Opcode == BO_RemAssign;
116 }
117
118 /// Check if the binop can result in an integer division by zero.
119 bool mayHaveIntegerDivisionByZero() const {
120 if (isDivremOp())
121 if (auto *CI = dyn_cast<llvm::ConstantInt>(RHS))
122 return CI->isZero();
123 return true;
124 }
125
126 /// Check if the binop can result in a float division by zero.
127 bool mayHaveFloatDivisionByZero() const {
128 if (isDivremOp())
129 if (auto *CFP = dyn_cast<llvm::ConstantFP>(RHS))
130 return CFP->isZero();
131 return true;
132 }
133
134 /// Check if at least one operand is a fixed point type. In such cases, this
135 /// operation did not follow usual arithmetic conversion and both operands
136 /// might not be of the same type.
137 bool isFixedPointOp() const {
138 // We cannot simply check the result type since comparison operations return
139 // an int.
140 if (const auto *BinOp = dyn_cast<BinaryOperator>(E)) {
141 QualType LHSType = BinOp->getLHS()->getType();
142 QualType RHSType = BinOp->getRHS()->getType();
143 return LHSType->isFixedPointType() || RHSType->isFixedPointType();
144 }
145 if (const auto *UnOp = dyn_cast<UnaryOperator>(E))
146 return UnOp->getSubExpr()->getType()->isFixedPointType();
147 return false;
148 }
149};
150
151static bool MustVisitNullValue(const Expr *E) {
152 // If a null pointer expression's type is the C++0x nullptr_t, then
153 // it's not necessarily a simple constant and it must be evaluated
154 // for its potential side effects.
155 return E->getType()->isNullPtrType();
156}
157
158/// If \p E is a widened promoted integer, get its base (unpromoted) type.
159static llvm::Optional<QualType> getUnwidenedIntegerType(const ASTContext &Ctx,
160 const Expr *E) {
161 const Expr *Base = E->IgnoreImpCasts();
162 if (E == Base)
163 return llvm::None;
164
165 QualType BaseTy = Base->getType();
166 if (!BaseTy->isPromotableIntegerType() ||
167 Ctx.getTypeSize(BaseTy) >= Ctx.getTypeSize(E->getType()))
168 return llvm::None;
169
170 return BaseTy;
171}
172
173/// Check if \p E is a widened promoted integer.
174static bool IsWidenedIntegerOp(const ASTContext &Ctx, const Expr *E) {
175 return getUnwidenedIntegerType(Ctx, E).hasValue();
176}
177
178/// Check if we can skip the overflow check for \p Op.
179static bool CanElideOverflowCheck(const ASTContext &Ctx, const BinOpInfo &Op) {
180 assert((isa<UnaryOperator>(Op.E) || isa<BinaryOperator>(Op.E)) &&
181 "Expected a unary or binary operator");
182
183 // If the binop has constant inputs and we can prove there is no overflow,
184 // we can elide the overflow check.
185 if (!Op.mayHaveIntegerOverflow())
186 return true;
187
188 // If a unary op has a widened operand, the op cannot overflow.
189 if (const auto *UO = dyn_cast<UnaryOperator>(Op.E))
190 return !UO->canOverflow();
191
192 // We usually don't need overflow checks for binops with widened operands.
193 // Multiplication with promoted unsigned operands is a special case.
194 const auto *BO = cast<BinaryOperator>(Op.E);
195 auto OptionalLHSTy = getUnwidenedIntegerType(Ctx, BO->getLHS());
196 if (!OptionalLHSTy)
197 return false;
198
199 auto OptionalRHSTy = getUnwidenedIntegerType(Ctx, BO->getRHS());
200 if (!OptionalRHSTy)
201 return false;
202
203 QualType LHSTy = *OptionalLHSTy;
204 QualType RHSTy = *OptionalRHSTy;
205
206 // This is the simple case: binops without unsigned multiplication, and with
207 // widened operands. No overflow check is needed here.
208 if ((Op.Opcode != BO_Mul && Op.Opcode != BO_MulAssign) ||
209 !LHSTy->isUnsignedIntegerType() || !RHSTy->isUnsignedIntegerType())
210 return true;
211
212 // For unsigned multiplication the overflow check can be elided if either one
213 // of the unpromoted types are less than half the size of the promoted type.
214 unsigned PromotedSize = Ctx.getTypeSize(Op.E->getType());
215 return (2 * Ctx.getTypeSize(LHSTy)) < PromotedSize ||
216 (2 * Ctx.getTypeSize(RHSTy)) < PromotedSize;
217}
218
219class ScalarExprEmitter
220 : public StmtVisitor<ScalarExprEmitter, Value*> {
221 CodeGenFunction &CGF;
222 CGBuilderTy &Builder;
223 bool IgnoreResultAssign;
224 llvm::LLVMContext &VMContext;
225public:
226
227 ScalarExprEmitter(CodeGenFunction &cgf, bool ira=false)
228 : CGF(cgf), Builder(CGF.Builder), IgnoreResultAssign(ira),
229 VMContext(cgf.getLLVMContext()) {
230 }
231
232 //===--------------------------------------------------------------------===//
233 // Utilities
234 //===--------------------------------------------------------------------===//
235
236 bool TestAndClearIgnoreResultAssign() {
237 bool I = IgnoreResultAssign;
238 IgnoreResultAssign = false;
239 return I;
240 }
241
242 llvm::Type *ConvertType(QualType T) { return CGF.ConvertType(T); }
243 LValue EmitLValue(const Expr *E) { return CGF.EmitLValue(E); }
244 LValue EmitCheckedLValue(const Expr *E, CodeGenFunction::TypeCheckKind TCK) {
245 return CGF.EmitCheckedLValue(E, TCK);
246 }
247
248 void EmitBinOpCheck(ArrayRef<std::pair<Value *, SanitizerMask>> Checks,
249 const BinOpInfo &Info);
250
251 Value *EmitLoadOfLValue(LValue LV, SourceLocation Loc) {
252 return CGF.EmitLoadOfLValue(LV, Loc).getScalarVal();
253 }
254
255 void EmitLValueAlignmentAssumption(const Expr *E, Value *V) {
256 const AlignValueAttr *AVAttr = nullptr;
257 if (const auto *DRE = dyn_cast<DeclRefExpr>(E)) {
258 const ValueDecl *VD = DRE->getDecl();
259
260 if (VD->getType()->isReferenceType()) {
261 if (const auto *TTy =
262 dyn_cast<TypedefType>(VD->getType().getNonReferenceType()))
263 AVAttr = TTy->getDecl()->getAttr<AlignValueAttr>();
264 } else {
265 // Assumptions for function parameters are emitted at the start of the
266 // function, so there is no need to repeat that here,
267 // unless the alignment-assumption sanitizer is enabled,
268 // then we prefer the assumption over alignment attribute
269 // on IR function param.
270 if (isa<ParmVarDecl>(VD) && !CGF.SanOpts.has(SanitizerKind::Alignment))
271 return;
272
273 AVAttr = VD->getAttr<AlignValueAttr>();
274 }
275 }
276
277 if (!AVAttr)
278 if (const auto *TTy =
279 dyn_cast<TypedefType>(E->getType()))
280 AVAttr = TTy->getDecl()->getAttr<AlignValueAttr>();
281
282 if (!AVAttr)
283 return;
284
285 Value *AlignmentValue = CGF.EmitScalarExpr(AVAttr->getAlignment());
286 llvm::ConstantInt *AlignmentCI = cast<llvm::ConstantInt>(AlignmentValue);
287 CGF.emitAlignmentAssumption(V, E, AVAttr->getLocation(), AlignmentCI);
288 }
289
290 /// EmitLoadOfLValue - Given an expression with complex type that represents a
291 /// value l-value, this method emits the address of the l-value, then loads
292 /// and returns the result.
293 Value *EmitLoadOfLValue(const Expr *E) {
294 Value *V = EmitLoadOfLValue(EmitCheckedLValue(E, CodeGenFunction::TCK_Load),
295 E->getExprLoc());
296
297 EmitLValueAlignmentAssumption(E, V);
298 return V;
299 }
300
301 /// EmitConversionToBool - Convert the specified expression value to a
302 /// boolean (i1) truth value. This is equivalent to "Val != 0".
303 Value *EmitConversionToBool(Value *Src, QualType DstTy);
304
305 /// Emit a check that a conversion from a floating-point type does not
306 /// overflow.
307 void EmitFloatConversionCheck(Value *OrigSrc, QualType OrigSrcType,
308 Value *Src, QualType SrcType, QualType DstType,
309 llvm::Type *DstTy, SourceLocation Loc);
310
311 /// Known implicit conversion check kinds.
312 /// Keep in sync with the enum of the same name in ubsan_handlers.h
313 enum ImplicitConversionCheckKind : unsigned char {
314 ICCK_IntegerTruncation = 0, // Legacy, was only used by clang 7.
315 ICCK_UnsignedIntegerTruncation = 1,
316 ICCK_SignedIntegerTruncation = 2,
317 ICCK_IntegerSignChange = 3,
318 ICCK_SignedIntegerTruncationOrSignChange = 4,
319 };
320
321 /// Emit a check that an [implicit] truncation of an integer does not
322 /// discard any bits. It is not UB, so we use the value after truncation.
323 void EmitIntegerTruncationCheck(Value *Src, QualType SrcType, Value *Dst,
324 QualType DstType, SourceLocation Loc);
325
326 /// Emit a check that an [implicit] conversion of an integer does not change
327 /// the sign of the value. It is not UB, so we use the value after conversion.
328 /// NOTE: Src and Dst may be the exact same value! (point to the same thing)
329 void EmitIntegerSignChangeCheck(Value *Src, QualType SrcType, Value *Dst,
330 QualType DstType, SourceLocation Loc);
331
332 /// Emit a conversion from the specified type to the specified destination
333 /// type, both of which are LLVM scalar types.
334 struct ScalarConversionOpts {
335 bool TreatBooleanAsSigned;
336 bool EmitImplicitIntegerTruncationChecks;
337 bool EmitImplicitIntegerSignChangeChecks;
338
339 ScalarConversionOpts()
340 : TreatBooleanAsSigned(false),
341 EmitImplicitIntegerTruncationChecks(false),
342 EmitImplicitIntegerSignChangeChecks(false) {}
343
344 ScalarConversionOpts(clang::SanitizerSet SanOpts)
345 : TreatBooleanAsSigned(false),
346 EmitImplicitIntegerTruncationChecks(
347 SanOpts.hasOneOf(SanitizerKind::ImplicitIntegerTruncation)),
348 EmitImplicitIntegerSignChangeChecks(
349 SanOpts.has(SanitizerKind::ImplicitIntegerSignChange)) {}
350 };
351 Value *EmitScalarCast(Value *Src, QualType SrcType, QualType DstType,
352 llvm::Type *SrcTy, llvm::Type *DstTy,
353 ScalarConversionOpts Opts);
354 Value *
355 EmitScalarConversion(Value *Src, QualType SrcTy, QualType DstTy,
356 SourceLocation Loc,
357 ScalarConversionOpts Opts = ScalarConversionOpts());
358
359 /// Convert between either a fixed point and other fixed point or fixed point
360 /// and an integer.
361 Value *EmitFixedPointConversion(Value *Src, QualType SrcTy, QualType DstTy,
362 SourceLocation Loc);
363
364 /// Emit a conversion from the specified complex type to the specified
365 /// destination type, where the destination type is an LLVM scalar type.
366 Value *EmitComplexToScalarConversion(CodeGenFunction::ComplexPairTy Src,
367 QualType SrcTy, QualType DstTy,
368 SourceLocation Loc);
369
370 /// EmitNullValue - Emit a value that corresponds to null for the given type.
371 Value *EmitNullValue(QualType Ty);
372
373 /// EmitFloatToBoolConversion - Perform an FP to boolean conversion.
374 Value *EmitFloatToBoolConversion(Value *V) {
375 // Compare against 0.0 for fp scalars.
376 llvm::Value *Zero = llvm::Constant::getNullValue(V->getType());
377 return Builder.CreateFCmpUNE(V, Zero, "tobool");
378 }
379
380 /// EmitPointerToBoolConversion - Perform a pointer to boolean conversion.
381 Value *EmitPointerToBoolConversion(Value *V, QualType QT) {
382 Value *Zero = CGF.CGM.getNullPointer(cast<llvm::PointerType>(V->getType()), QT);
383
384 return Builder.CreateICmpNE(V, Zero, "tobool");
385 }
386
387 Value *EmitIntToBoolConversion(Value *V) {
388 // Because of the type rules of C, we often end up computing a
389 // logical value, then zero extending it to int, then wanting it
390 // as a logical value again. Optimize this common case.
391 if (llvm::ZExtInst *ZI = dyn_cast<llvm::ZExtInst>(V)) {
392 if (ZI->getOperand(0)->getType() == Builder.getInt1Ty()) {
393 Value *Result = ZI->getOperand(0);
394 // If there aren't any more uses, zap the instruction to save space.
395 // Note that there can be more uses, for example if this
396 // is the result of an assignment.
397 if (ZI->use_empty())
398 ZI->eraseFromParent();
399 return Result;
400 }
401 }
402
403 return Builder.CreateIsNotNull(V, "tobool");
404 }
405
406 //===--------------------------------------------------------------------===//
407 // Visitor Methods
408 //===--------------------------------------------------------------------===//
409
410 Value *Visit(Expr *E) {
411 ApplyDebugLocation DL(CGF, E);
412 return StmtVisitor<ScalarExprEmitter, Value*>::Visit(E);
413 }
414
415 Value *VisitStmt(Stmt *S) {
416 S->dump(llvm::errs(), CGF.getContext());
417 llvm_unreachable("Stmt can't have complex result type!");
418 }
419 Value *VisitExpr(Expr *S);
420
421 Value *VisitConstantExpr(ConstantExpr *E) {
422 if (Value *Result = ConstantEmitter(CGF).tryEmitConstantExpr(E)) {
423 if (E->isGLValue())
424 return CGF.Builder.CreateLoad(Address(
425 Result, CGF.getContext().getTypeAlignInChars(E->getType())));
426 return Result;
427 }
428 return Visit(E->getSubExpr());
429 }
430 Value *VisitParenExpr(ParenExpr *PE) {
431 return Visit(PE->getSubExpr());
432 }
433 Value *VisitSubstNonTypeTemplateParmExpr(SubstNonTypeTemplateParmExpr *E) {
434 return Visit(E->getReplacement());
435 }
436 Value *VisitGenericSelectionExpr(GenericSelectionExpr *GE) {
437 return Visit(GE->getResultExpr());
438 }
439 Value *VisitCoawaitExpr(CoawaitExpr *S) {
440 return CGF.EmitCoawaitExpr(*S).getScalarVal();
441 }
442 Value *VisitCoyieldExpr(CoyieldExpr *S) {
443 return CGF.EmitCoyieldExpr(*S).getScalarVal();
444 }
445 Value *VisitUnaryCoawait(const UnaryOperator *E) {
446 return Visit(E->getSubExpr());
447 }
448
449 // Leaves.
450 Value *VisitIntegerLiteral(const IntegerLiteral *E) {
451 return Builder.getInt(E->getValue());
452 }
453 Value *VisitFixedPointLiteral(const FixedPointLiteral *E) {
454 return Builder.getInt(E->getValue());
455 }
456 Value *VisitFloatingLiteral(const FloatingLiteral *E) {
457 return llvm::ConstantFP::get(VMContext, E->getValue());
458 }
459 Value *VisitCharacterLiteral(const CharacterLiteral *E) {
460 return llvm::ConstantInt::get(ConvertType(E->getType()), E->getValue());
461 }
462 Value *VisitObjCBoolLiteralExpr(const ObjCBoolLiteralExpr *E) {
463 return llvm::ConstantInt::get(ConvertType(E->getType()), E->getValue());
464 }
465 Value *VisitCXXBoolLiteralExpr(const CXXBoolLiteralExpr *E) {
466 return llvm::ConstantInt::get(ConvertType(E->getType()), E->getValue());
467 }
468 Value *VisitCXXScalarValueInitExpr(const CXXScalarValueInitExpr *E) {
469 return EmitNullValue(E->getType());
470 }
471 Value *VisitGNUNullExpr(const GNUNullExpr *E) {
472 return EmitNullValue(E->getType());
473 }
474 Value *VisitOffsetOfExpr(OffsetOfExpr *E);
475 Value *VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *E);
476 Value *VisitAddrLabelExpr(const AddrLabelExpr *E) {
477 llvm::Value *V = CGF.GetAddrOfLabel(E->getLabel());
478 return Builder.CreateBitCast(V, ConvertType(E->getType()));
479 }
480
481 Value *VisitSizeOfPackExpr(SizeOfPackExpr *E) {
482 return llvm::ConstantInt::get(ConvertType(E->getType()),E->getPackLength());
483 }
484
485 Value *VisitPseudoObjectExpr(PseudoObjectExpr *E) {
486 return CGF.EmitPseudoObjectRValue(E).getScalarVal();
487 }
488
489 Value *VisitOpaqueValueExpr(OpaqueValueExpr *E) {
490 if (E->isGLValue())
491 return EmitLoadOfLValue(CGF.getOrCreateOpaqueLValueMapping(E),
492 E->getExprLoc());
493
494 // Otherwise, assume the mapping is the scalar directly.
495 return CGF.getOrCreateOpaqueRValueMapping(E).getScalarVal();
496 }
497
498 // l-values.
499 Value *VisitDeclRefExpr(DeclRefExpr *E) {
500 if (CodeGenFunction::ConstantEmission Constant = CGF.tryEmitAsConstant(E))
501 return CGF.emitScalarConstant(Constant, E);
502 return EmitLoadOfLValue(E);
503 }
504
505 Value *VisitObjCSelectorExpr(ObjCSelectorExpr *E) {
506 return CGF.EmitObjCSelectorExpr(E);
507 }
508 Value *VisitObjCProtocolExpr(ObjCProtocolExpr *E) {
509 return CGF.EmitObjCProtocolExpr(E);
510 }
511 Value *VisitObjCIvarRefExpr(ObjCIvarRefExpr *E) {
512 return EmitLoadOfLValue(E);
513 }
514 Value *VisitObjCMessageExpr(ObjCMessageExpr *E) {
515 if (E->getMethodDecl() &&
516 E->getMethodDecl()->getReturnType()->isReferenceType())
517 return EmitLoadOfLValue(E);
518 return CGF.EmitObjCMessageExpr(E).getScalarVal();
519 }
520
521 Value *VisitObjCIsaExpr(ObjCIsaExpr *E) {
522 LValue LV = CGF.EmitObjCIsaExpr(E);
523 Value *V = CGF.EmitLoadOfLValue(LV, E->getExprLoc()).getScalarVal();
524 return V;
525 }
526
527 Value *VisitObjCAvailabilityCheckExpr(ObjCAvailabilityCheckExpr *E) {
528 VersionTuple Version = E->getVersion();
529
530 // If we're checking for a platform older than our minimum deployment
531 // target, we can fold the check away.
532 if (Version <= CGF.CGM.getTarget().getPlatformMinVersion())
533 return llvm::ConstantInt::get(Builder.getInt1Ty(), 1);
534
535 return CGF.EmitBuiltinAvailable(Version);
536 }
537
538 Value *VisitArraySubscriptExpr(ArraySubscriptExpr *E);
539 Value *VisitMatrixSubscriptExpr(MatrixSubscriptExpr *E);
540 Value *VisitShuffleVectorExpr(ShuffleVectorExpr *E);
541 Value *VisitConvertVectorExpr(ConvertVectorExpr *E);
542 Value *VisitMemberExpr(MemberExpr *E);
543 Value *VisitExtVectorElementExpr(Expr *E) { return EmitLoadOfLValue(E); }
544 Value *VisitCompoundLiteralExpr(CompoundLiteralExpr *E) {
545 // Strictly speaking, we shouldn't be calling EmitLoadOfLValue, which
546 // transitively calls EmitCompoundLiteralLValue, here in C++ since compound
547 // literals aren't l-values in C++. We do so simply because that's the
548 // cleanest way to handle compound literals in C++.
549 // See the discussion here: https://reviews.llvm.org/D64464
550 return EmitLoadOfLValue(E);
551 }
552
553 Value *VisitInitListExpr(InitListExpr *E);
554
555 Value *VisitArrayInitIndexExpr(ArrayInitIndexExpr *E) {
556 assert(CGF.getArrayInitIndex() &&
557 "ArrayInitIndexExpr not inside an ArrayInitLoopExpr?");
558 return CGF.getArrayInitIndex();
559 }
560
561 Value *VisitImplicitValueInitExpr(const ImplicitValueInitExpr *E) {
562 return EmitNullValue(E->getType());
563 }
564 Value *VisitExplicitCastExpr(ExplicitCastExpr *E) {
565 CGF.CGM.EmitExplicitCastExprType(E, &CGF);
566 return VisitCastExpr(E);
567 }
568 Value *VisitCastExpr(CastExpr *E);
569
570 Value *VisitCallExpr(const CallExpr *E) {
571 if (E->getCallReturnType(CGF.getContext())->isReferenceType())
572 return EmitLoadOfLValue(E);
573
574 Value *V = CGF.EmitCallExpr(E).getScalarVal();
575
576 EmitLValueAlignmentAssumption(E, V);
577 return V;
578 }
579
580 Value *VisitStmtExpr(const StmtExpr *E);
581
582 // Unary Operators.
583 Value *VisitUnaryPostDec(const UnaryOperator *E) {
584 LValue LV = EmitLValue(E->getSubExpr());
585 return EmitScalarPrePostIncDec(E, LV, false, false);
586 }
587 Value *VisitUnaryPostInc(const UnaryOperator *E) {
588 LValue LV = EmitLValue(E->getSubExpr());
589 return EmitScalarPrePostIncDec(E, LV, true, false);
590 }
591 Value *VisitUnaryPreDec(const UnaryOperator *E) {
592 LValue LV = EmitLValue(E->getSubExpr());
593 return EmitScalarPrePostIncDec(E, LV, false, true);
594 }
595 Value *VisitUnaryPreInc(const UnaryOperator *E) {
596 LValue LV = EmitLValue(E->getSubExpr());
597 return EmitScalarPrePostIncDec(E, LV, true, true);
598 }
599
600 llvm::Value *EmitIncDecConsiderOverflowBehavior(const UnaryOperator *E,
601 llvm::Value *InVal,
602 bool IsInc);
603
604 llvm::Value *EmitScalarPrePostIncDec(const UnaryOperator *E, LValue LV,
605 bool isInc, bool isPre);
606
607
608 Value *VisitUnaryAddrOf(const UnaryOperator *E) {
609 if (isa<MemberPointerType>(E->getType())) // never sugared
610 return CGF.CGM.getMemberPointerConstant(E);
611
612 return EmitLValue(E->getSubExpr()).getPointer(CGF);
613 }
614 Value *VisitUnaryDeref(const UnaryOperator *E) {
615 if (E->getType()->isVoidType())
616 return Visit(E->getSubExpr()); // the actual value should be unused
617 return EmitLoadOfLValue(E);
618 }
619 Value *VisitUnaryPlus(const UnaryOperator *E) {
620 // This differs from gcc, though, most likely due to a bug in gcc.
621 TestAndClearIgnoreResultAssign();
622 return Visit(E->getSubExpr());
623 }
624 Value *VisitUnaryMinus (const UnaryOperator *E);
625 Value *VisitUnaryNot (const UnaryOperator *E);
626 Value *VisitUnaryLNot (const UnaryOperator *E);
627 Value *VisitUnaryReal (const UnaryOperator *E);
628 Value *VisitUnaryImag (const UnaryOperator *E);
629 Value *VisitUnaryExtension(const UnaryOperator *E) {
630 return Visit(E->getSubExpr());
631 }
632
633 // C++
634 Value *VisitMaterializeTemporaryExpr(const MaterializeTemporaryExpr *E) {
635 return EmitLoadOfLValue(E);
636 }
637 Value *VisitSourceLocExpr(SourceLocExpr *SLE) {
638 auto &Ctx = CGF.getContext();
639 APValue Evaluated =
640 SLE->EvaluateInContext(Ctx, CGF.CurSourceLocExprScope.getDefaultExpr());
641 return ConstantEmitter(CGF).emitAbstract(SLE->getLocation(), Evaluated,
642 SLE->getType());
643 }
644
645 Value *VisitCXXDefaultArgExpr(CXXDefaultArgExpr *DAE) {
646 CodeGenFunction::CXXDefaultArgExprScope Scope(CGF, DAE);
647 return Visit(DAE->getExpr());
648 }
649 Value *VisitCXXDefaultInitExpr(CXXDefaultInitExpr *DIE) {
650 CodeGenFunction::CXXDefaultInitExprScope Scope(CGF, DIE);
651 return Visit(DIE->getExpr());
652 }
653 Value *VisitCXXThisExpr(CXXThisExpr *TE) {
654 return CGF.LoadCXXThis();
655 }
656
657 Value *VisitExprWithCleanups(ExprWithCleanups *E);
658 Value *VisitCXXNewExpr(const CXXNewExpr *E) {
659 return CGF.EmitCXXNewExpr(E);
660 }
661 Value *VisitCXXDeleteExpr(const CXXDeleteExpr *E) {
662 CGF.EmitCXXDeleteExpr(E);
663 return nullptr;
664 }
665
666 Value *VisitTypeTraitExpr(const TypeTraitExpr *E) {
667 return llvm::ConstantInt::get(ConvertType(E->getType()), E->getValue());
668 }
669
670 Value *VisitConceptSpecializationExpr(const ConceptSpecializationExpr *E) {
671 return Builder.getInt1(E->isSatisfied());
672 }
673
674 Value *VisitRequiresExpr(const RequiresExpr *E) {
675 return Builder.getInt1(E->isSatisfied());
676 }
677
678 Value *VisitArrayTypeTraitExpr(const ArrayTypeTraitExpr *E) {
679 return llvm::ConstantInt::get(Builder.getInt32Ty(), E->getValue());
680 }
681
682 Value *VisitExpressionTraitExpr(const ExpressionTraitExpr *E) {
683 return llvm::ConstantInt::get(Builder.getInt1Ty(), E->getValue());
684 }
685
686 Value *VisitCXXPseudoDestructorExpr(const CXXPseudoDestructorExpr *E) {
687 // C++ [expr.pseudo]p1:
688 // The result shall only be used as the operand for the function call
689 // operator (), and the result of such a call has type void. The only
690 // effect is the evaluation of the postfix-expression before the dot or
691 // arrow.
692 CGF.EmitScalarExpr(E->getBase());
693 return nullptr;
694 }
695
696 Value *VisitCXXNullPtrLiteralExpr(const CXXNullPtrLiteralExpr *E) {
697 return EmitNullValue(E->getType());
698 }
699
700 Value *VisitCXXThrowExpr(const CXXThrowExpr *E) {
701 CGF.EmitCXXThrowExpr(E);
702 return nullptr;
703 }
704
705 Value *VisitCXXNoexceptExpr(const CXXNoexceptExpr *E) {
706 return Builder.getInt1(E->getValue());
707 }
708
709 // Binary Operators.
710 Value *EmitMul(const BinOpInfo &Ops) {
711 if (Ops.Ty->isSignedIntegerOrEnumerationType()) {
712 switch (CGF.getLangOpts().getSignedOverflowBehavior()) {
713 case LangOptions::SOB_Defined:
714 return Builder.CreateMul(Ops.LHS, Ops.RHS, "mul");
715 case LangOptions::SOB_Undefined:
716 if (!CGF.SanOpts.has(SanitizerKind::SignedIntegerOverflow))
717 return Builder.CreateNSWMul(Ops.LHS, Ops.RHS, "mul");
718 LLVM_FALLTHROUGH;
719 case LangOptions::SOB_Trapping:
720 if (CanElideOverflowCheck(CGF.getContext(), Ops))
721 return Builder.CreateNSWMul(Ops.LHS, Ops.RHS, "mul");
722 return EmitOverflowCheckedBinOp(Ops);
723 }
724 }
725
726 if (Ops.Ty->isConstantMatrixType()) {
727 llvm::MatrixBuilder<CGBuilderTy> MB(Builder);
728 // We need to check the types of the operands of the operator to get the
729 // correct matrix dimensions.
730 auto *BO = cast<BinaryOperator>(Ops.E);
731 auto *LHSMatTy = dyn_cast<ConstantMatrixType>(
732 BO->getLHS()->getType().getCanonicalType());
733 auto *RHSMatTy = dyn_cast<ConstantMatrixType>(
734 BO->getRHS()->getType().getCanonicalType());
735 CodeGenFunction::CGFPOptionsRAII FPOptsRAII(CGF, Ops.FPFeatures);
736 if (LHSMatTy && RHSMatTy)
737 return MB.CreateMatrixMultiply(Ops.LHS, Ops.RHS, LHSMatTy->getNumRows(),
738 LHSMatTy->getNumColumns(),
739 RHSMatTy->getNumColumns());
740 return MB.CreateScalarMultiply(Ops.LHS, Ops.RHS);
741 }
742
743 if (Ops.Ty->isUnsignedIntegerType() &&
744 CGF.SanOpts.has(SanitizerKind::UnsignedIntegerOverflow) &&
745 !CanElideOverflowCheck(CGF.getContext(), Ops))
746 return EmitOverflowCheckedBinOp(Ops);
747
748 if (Ops.LHS->getType()->isFPOrFPVectorTy()) {
749 // Preserve the old values
750 CodeGenFunction::CGFPOptionsRAII FPOptsRAII(CGF, Ops.FPFeatures);
751 return Builder.CreateFMul(Ops.LHS, Ops.RHS, "mul");
752 }
753 if (Ops.isFixedPointOp())
754 return EmitFixedPointBinOp(Ops);
755 return Builder.CreateMul(Ops.LHS, Ops.RHS, "mul");
756 }
757 /// Create a binary op that checks for overflow.
758 /// Currently only supports +, - and *.
759 Value *EmitOverflowCheckedBinOp(const BinOpInfo &Ops);
760
761 // Check for undefined division and modulus behaviors.
762 void EmitUndefinedBehaviorIntegerDivAndRemCheck(const BinOpInfo &Ops,
763 llvm::Value *Zero,bool isDiv);
764 // Common helper for getting how wide LHS of shift is.
765 static Value *GetWidthMinusOneValue(Value* LHS,Value* RHS);
766
767 // Used for shifting constraints for OpenCL, do mask for powers of 2, URem for
768 // non powers of two.
769 Value *ConstrainShiftValue(Value *LHS, Value *RHS, const Twine &Name);
770
771 Value *EmitDiv(const BinOpInfo &Ops);
772 Value *EmitRem(const BinOpInfo &Ops);
773 Value *EmitAdd(const BinOpInfo &Ops);
774 Value *EmitSub(const BinOpInfo &Ops);
775 Value *EmitShl(const BinOpInfo &Ops);
776 Value *EmitShr(const BinOpInfo &Ops);
777 Value *EmitAnd(const BinOpInfo &Ops) {
778 return Builder.CreateAnd(Ops.LHS, Ops.RHS, "and");
779 }
780 Value *EmitXor(const BinOpInfo &Ops) {
781 return Builder.CreateXor(Ops.LHS, Ops.RHS, "xor");
782 }
783 Value *EmitOr (const BinOpInfo &Ops) {
784 return Builder.CreateOr(Ops.LHS, Ops.RHS, "or");
785 }
786
787 // Helper functions for fixed point binary operations.
788 Value *EmitFixedPointBinOp(const BinOpInfo &Ops);
789
790 BinOpInfo EmitBinOps(const BinaryOperator *E);
791 LValue EmitCompoundAssignLValue(const CompoundAssignOperator *E,
792 Value *(ScalarExprEmitter::*F)(const BinOpInfo &),
793 Value *&Result);
794
795 Value *EmitCompoundAssign(const CompoundAssignOperator *E,
796 Value *(ScalarExprEmitter::*F)(const BinOpInfo &));
797
798 // Binary operators and binary compound assignment operators.
799#define HANDLEBINOP(OP) \
800 Value *VisitBin ## OP(const BinaryOperator *E) { \
801 return Emit ## OP(EmitBinOps(E)); \
802 } \
803 Value *VisitBin ## OP ## Assign(const CompoundAssignOperator *E) { \
804 return EmitCompoundAssign(E, &ScalarExprEmitter::Emit ## OP); \
805 }
806 HANDLEBINOP(Mul)
807 HANDLEBINOP(Div)
808 HANDLEBINOP(Rem)
809 HANDLEBINOP(Add)
810 HANDLEBINOP(Sub)
811 HANDLEBINOP(Shl)
812 HANDLEBINOP(Shr)
813 HANDLEBINOP(And)
814 HANDLEBINOP(Xor)
815 HANDLEBINOP(Or)
816#undef HANDLEBINOP
817
818 // Comparisons.
819 Value *EmitCompare(const BinaryOperator *E, llvm::CmpInst::Predicate UICmpOpc,
820 llvm::CmpInst::Predicate SICmpOpc,
821 llvm::CmpInst::Predicate FCmpOpc, bool IsSignaling);
822#define VISITCOMP(CODE, UI, SI, FP, SIG) \
823 Value *VisitBin##CODE(const BinaryOperator *E) { \
824 return EmitCompare(E, llvm::ICmpInst::UI, llvm::ICmpInst::SI, \
825 llvm::FCmpInst::FP, SIG); }
826 VISITCOMP(LT, ICMP_ULT, ICMP_SLT, FCMP_OLT, true)
827 VISITCOMP(GT, ICMP_UGT, ICMP_SGT, FCMP_OGT, true)
828 VISITCOMP(LE, ICMP_ULE, ICMP_SLE, FCMP_OLE, true)
829 VISITCOMP(GE, ICMP_UGE, ICMP_SGE, FCMP_OGE, true)
830 VISITCOMP(EQ, ICMP_EQ , ICMP_EQ , FCMP_OEQ, false)
831 VISITCOMP(NE, ICMP_NE , ICMP_NE , FCMP_UNE, false)
832#undef VISITCOMP
833
834 Value *VisitBinAssign (const BinaryOperator *E);
835
836 Value *VisitBinLAnd (const BinaryOperator *E);
837 Value *VisitBinLOr (const BinaryOperator *E);
838 Value *VisitBinComma (const BinaryOperator *E);
839
840 Value *VisitBinPtrMemD(const Expr *E) { return EmitLoadOfLValue(E); }
841 Value *VisitBinPtrMemI(const Expr *E) { return EmitLoadOfLValue(E); }
842
843 Value *VisitCXXRewrittenBinaryOperator(CXXRewrittenBinaryOperator *E) {
844 return Visit(E->getSemanticForm());
845 }
846
847 // Other Operators.
848 Value *VisitBlockExpr(const BlockExpr *BE);
849 Value *VisitAbstractConditionalOperator(const AbstractConditionalOperator *);
850 Value *VisitChooseExpr(ChooseExpr *CE);
851 Value *VisitVAArgExpr(VAArgExpr *VE);
852 Value *VisitObjCStringLiteral(const ObjCStringLiteral *E) {
853 return CGF.EmitObjCStringLiteral(E);
854 }
855 Value *VisitObjCBoxedExpr(ObjCBoxedExpr *E) {
856 return CGF.EmitObjCBoxedExpr(E);
857 }
858 Value *VisitObjCArrayLiteral(ObjCArrayLiteral *E) {
859 return CGF.EmitObjCArrayLiteral(E);
860 }
861 Value *VisitObjCDictionaryLiteral(ObjCDictionaryLiteral *E) {
862 return CGF.EmitObjCDictionaryLiteral(E);
863 }
864 Value *VisitAsTypeExpr(AsTypeExpr *CE);
865 Value *VisitAtomicExpr(AtomicExpr *AE);
866};
867} // end anonymous namespace.
868
869//===----------------------------------------------------------------------===//
870// Utilities
871//===----------------------------------------------------------------------===//
872
873/// EmitConversionToBool - Convert the specified expression value to a
874/// boolean (i1) truth value. This is equivalent to "Val != 0".
875Value *ScalarExprEmitter::EmitConversionToBool(Value *Src, QualType SrcType) {
876 assert(SrcType.isCanonical() && "EmitScalarConversion strips typedefs");
877
878 if (SrcType->isRealFloatingType())
879 return EmitFloatToBoolConversion(Src);
880
881 if (const MemberPointerType *MPT = dyn_cast<MemberPointerType>(SrcType))
882 return CGF.CGM.getCXXABI().EmitMemberPointerIsNotNull(CGF, Src, MPT);
883
884 assert((SrcType->isIntegerType() || isa<llvm::PointerType>(Src->getType())) &&
885 "Unknown scalar type to convert");
886
887 if (isa<llvm::IntegerType>(Src->getType()))
888 return EmitIntToBoolConversion(Src);
889
890 assert(isa<llvm::PointerType>(Src->getType()));
891 return EmitPointerToBoolConversion(Src, SrcType);
892}
893
894void ScalarExprEmitter::EmitFloatConversionCheck(
895 Value *OrigSrc, QualType OrigSrcType, Value *Src, QualType SrcType,
896 QualType DstType, llvm::Type *DstTy, SourceLocation Loc) {
897 assert(SrcType->isFloatingType() && "not a conversion from floating point");
898 if (!isa<llvm::IntegerType>(DstTy))
899 return;
900
901 CodeGenFunction::SanitizerScope SanScope(&CGF);
902 using llvm::APFloat;
903 using llvm::APSInt;
904
905 llvm::Value *Check = nullptr;
906 const llvm::fltSemantics &SrcSema =
907 CGF.getContext().getFloatTypeSemantics(OrigSrcType);
908
909 // Floating-point to integer. This has undefined behavior if the source is
910 // +-Inf, NaN, or doesn't fit into the destination type (after truncation
911 // to an integer).
912 unsigned Width = CGF.getContext().getIntWidth(DstType);
913 bool Unsigned = DstType->isUnsignedIntegerOrEnumerationType();
914
915 APSInt Min = APSInt::getMinValue(Width, Unsigned);
916 APFloat MinSrc(SrcSema, APFloat::uninitialized);
917 if (MinSrc.convertFromAPInt(Min, !Unsigned, APFloat::rmTowardZero) &
918 APFloat::opOverflow)
919 // Don't need an overflow check for lower bound. Just check for
920 // -Inf/NaN.
921 MinSrc = APFloat::getInf(SrcSema, true);
922 else
923 // Find the largest value which is too small to represent (before
924 // truncation toward zero).
925 MinSrc.subtract(APFloat(SrcSema, 1), APFloat::rmTowardNegative);
926
927 APSInt Max = APSInt::getMaxValue(Width, Unsigned);
928 APFloat MaxSrc(SrcSema, APFloat::uninitialized);
929 if (MaxSrc.convertFromAPInt(Max, !Unsigned, APFloat::rmTowardZero) &
930 APFloat::opOverflow)
931 // Don't need an overflow check for upper bound. Just check for
932 // +Inf/NaN.
933 MaxSrc = APFloat::getInf(SrcSema, false);
934 else
935 // Find the smallest value which is too large to represent (before
936 // truncation toward zero).
937 MaxSrc.add(APFloat(SrcSema, 1), APFloat::rmTowardPositive);
938
939 // If we're converting from __half, convert the range to float to match
940 // the type of src.
941 if (OrigSrcType->isHalfType()) {
942 const llvm::fltSemantics &Sema =
943 CGF.getContext().getFloatTypeSemantics(SrcType);
944 bool IsInexact;
945 MinSrc.convert(Sema, APFloat::rmTowardZero, &IsInexact);
946 MaxSrc.convert(Sema, APFloat::rmTowardZero, &IsInexact);
947 }
948
949 llvm::Value *GE =
950 Builder.CreateFCmpOGT(Src, llvm::ConstantFP::get(VMContext, MinSrc));
951 llvm::Value *LE =
952 Builder.CreateFCmpOLT(Src, llvm::ConstantFP::get(VMContext, MaxSrc));
953 Check = Builder.CreateAnd(GE, LE);
954
955 llvm::Constant *StaticArgs[] = {CGF.EmitCheckSourceLocation(Loc),
956 CGF.EmitCheckTypeDescriptor(OrigSrcType),
957 CGF.EmitCheckTypeDescriptor(DstType)};
958 CGF.EmitCheck(std::make_pair(Check, SanitizerKind::FloatCastOverflow),
959 SanitizerHandler::FloatCastOverflow, StaticArgs, OrigSrc);
960}
961
962// Should be called within CodeGenFunction::SanitizerScope RAII scope.
963// Returns 'i1 false' when the truncation Src -> Dst was lossy.
964static std::pair<ScalarExprEmitter::ImplicitConversionCheckKind,
965 std::pair<llvm::Value *, SanitizerMask>>
966EmitIntegerTruncationCheckHelper(Value *Src, QualType SrcType, Value *Dst,
967 QualType DstType, CGBuilderTy &Builder) {
968 llvm::Type *SrcTy = Src->getType();
969 llvm::Type *DstTy = Dst->getType();
970 (void)DstTy; // Only used in assert()
971
972 // This should be truncation of integral types.
973 assert(Src != Dst);
974 assert(SrcTy->getScalarSizeInBits() > Dst->getType()->getScalarSizeInBits());
975 assert(isa<llvm::IntegerType>(SrcTy) && isa<llvm::IntegerType>(DstTy) &&
976 "non-integer llvm type");
977
978 bool SrcSigned = SrcType->isSignedIntegerOrEnumerationType();
979 bool DstSigned = DstType->isSignedIntegerOrEnumerationType();
980
981 // If both (src and dst) types are unsigned, then it's an unsigned truncation.
982 // Else, it is a signed truncation.
983 ScalarExprEmitter::ImplicitConversionCheckKind Kind;
984 SanitizerMask Mask;
985 if (!SrcSigned && !DstSigned) {
986 Kind = ScalarExprEmitter::ICCK_UnsignedIntegerTruncation;
987 Mask = SanitizerKind::ImplicitUnsignedIntegerTruncation;
988 } else {
989 Kind = ScalarExprEmitter::ICCK_SignedIntegerTruncation;
990 Mask = SanitizerKind::ImplicitSignedIntegerTruncation;
991 }
992
993 llvm::Value *Check = nullptr;
994 // 1. Extend the truncated value back to the same width as the Src.
995 Check = Builder.CreateIntCast(Dst, SrcTy, DstSigned, "anyext");
996 // 2. Equality-compare with the original source value
997 Check = Builder.CreateICmpEQ(Check, Src, "truncheck");
998 // If the comparison result is 'i1 false', then the truncation was lossy.
999 return std::make_pair(Kind, std::make_pair(Check, Mask));
1000}
1001
1002static bool PromotionIsPotentiallyEligibleForImplicitIntegerConversionCheck(
1003 QualType SrcType, QualType DstType) {
1004 return SrcType->isIntegerType() && DstType->isIntegerType();
1005}
1006
1007void ScalarExprEmitter::EmitIntegerTruncationCheck(Value *Src, QualType SrcType,
1008 Value *Dst, QualType DstType,
1009 SourceLocation Loc) {
1010 if (!CGF.SanOpts.hasOneOf(SanitizerKind::ImplicitIntegerTruncation))
1011 return;
1012
1013 // We only care about int->int conversions here.
1014 // We ignore conversions to/from pointer and/or bool.
1015 if (!PromotionIsPotentiallyEligibleForImplicitIntegerConversionCheck(SrcType,
1016 DstType))
1017 return;
1018
1019 unsigned SrcBits = Src->getType()->getScalarSizeInBits();
1020 unsigned DstBits = Dst->getType()->getScalarSizeInBits();
1021 // This must be truncation. Else we do not care.
1022 if (SrcBits <= DstBits)
1023 return;
1024
1025 assert(!DstType->isBooleanType() && "we should not get here with booleans.");
1026
1027 // If the integer sign change sanitizer is enabled,
1028 // and we are truncating from larger unsigned type to smaller signed type,
1029 // let that next sanitizer deal with it.
1030 bool SrcSigned = SrcType->isSignedIntegerOrEnumerationType();
1031 bool DstSigned = DstType->isSignedIntegerOrEnumerationType();
1032 if (CGF.SanOpts.has(SanitizerKind::ImplicitIntegerSignChange) &&
1033 (!SrcSigned && DstSigned))
1034 return;
1035
1036 CodeGenFunction::SanitizerScope SanScope(&CGF);
1037
1038 std::pair<ScalarExprEmitter::ImplicitConversionCheckKind,
1039 std::pair<llvm::Value *, SanitizerMask>>
1040 Check =
1041 EmitIntegerTruncationCheckHelper(Src, SrcType, Dst, DstType, Builder);
1042 // If the comparison result is 'i1 false', then the truncation was lossy.
1043
1044 // Do we care about this type of truncation?
1045 if (!CGF.SanOpts.has(Check.second.second))
1046 return;
1047
1048 llvm::Constant *StaticArgs[] = {
1049 CGF.EmitCheckSourceLocation(Loc), CGF.EmitCheckTypeDescriptor(SrcType),
1050 CGF.EmitCheckTypeDescriptor(DstType),
1051 llvm::ConstantInt::get(Builder.getInt8Ty(), Check.first)};
1052 CGF.EmitCheck(Check.second, SanitizerHandler::ImplicitConversion, StaticArgs,
1053 {Src, Dst});
1054}
1055
1056// Should be called within CodeGenFunction::SanitizerScope RAII scope.
1057// Returns 'i1 false' when the conversion Src -> Dst changed the sign.
1058static std::pair<ScalarExprEmitter::ImplicitConversionCheckKind,
1059 std::pair<llvm::Value *, SanitizerMask>>
1060EmitIntegerSignChangeCheckHelper(Value *Src, QualType SrcType, Value *Dst,
1061 QualType DstType, CGBuilderTy &Builder) {
1062 llvm::Type *SrcTy = Src->getType();
1063 llvm::Type *DstTy = Dst->getType();
1064
1065 assert(isa<llvm::IntegerType>(SrcTy) && isa<llvm::IntegerType>(DstTy) &&
1066 "non-integer llvm type");
1067
1068 bool SrcSigned = SrcType->isSignedIntegerOrEnumerationType();
1069 bool DstSigned = DstType->isSignedIntegerOrEnumerationType();
1070 (void)SrcSigned; // Only used in assert()
1071 (void)DstSigned; // Only used in assert()
1072 unsigned SrcBits = SrcTy->getScalarSizeInBits();
1073 unsigned DstBits = DstTy->getScalarSizeInBits();
1074 (void)SrcBits; // Only used in assert()
1075 (void)DstBits; // Only used in assert()
1076
1077 assert(((SrcBits != DstBits) || (SrcSigned != DstSigned)) &&
1078 "either the widths should be different, or the signednesses.");
1079
1080 // NOTE: zero value is considered to be non-negative.
1081 auto EmitIsNegativeTest = [&Builder](Value *V, QualType VType,
1082 const char *Name) -> Value * {
1083 // Is this value a signed type?
1084 bool VSigned = VType->isSignedIntegerOrEnumerationType();
1085 llvm::Type *VTy = V->getType();
1086 if (!VSigned) {
1087 // If the value is unsigned, then it is never negative.
1088 // FIXME: can we encounter non-scalar VTy here?
1089 return llvm::ConstantInt::getFalse(VTy->getContext());
1090 }
1091 // Get the zero of the same type with which we will be comparing.
1092 llvm::Constant *Zero = llvm::ConstantInt::get(VTy, 0);
1093 // %V.isnegative = icmp slt %V, 0
1094 // I.e is %V *strictly* less than zero, does it have negative value?
1095 return Builder.CreateICmp(llvm::ICmpInst::ICMP_SLT, V, Zero,
1096 llvm::Twine(Name) + "." + V->getName() +
1097 ".negativitycheck");
1098 };
1099
1100 // 1. Was the old Value negative?
1101 llvm::Value *SrcIsNegative = EmitIsNegativeTest(Src, SrcType, "src");
1102 // 2. Is the new Value negative?
1103 llvm::Value *DstIsNegative = EmitIsNegativeTest(Dst, DstType, "dst");
1104 // 3. Now, was the 'negativity status' preserved during the conversion?
1105 // NOTE: conversion from negative to zero is considered to change the sign.
1106 // (We want to get 'false' when the conversion changed the sign)
1107 // So we should just equality-compare the negativity statuses.
1108 llvm::Value *Check = nullptr;
1109 Check = Builder.CreateICmpEQ(SrcIsNegative, DstIsNegative, "signchangecheck");
1110 // If the comparison result is 'false', then the conversion changed the sign.
1111 return std::make_pair(
1112 ScalarExprEmitter::ICCK_IntegerSignChange,
1113 std::make_pair(Check, SanitizerKind::ImplicitIntegerSignChange));
1114}
1115
1116void ScalarExprEmitter::EmitIntegerSignChangeCheck(Value *Src, QualType SrcType,
1117 Value *Dst, QualType DstType,
1118 SourceLocation Loc) {
1119 if (!CGF.SanOpts.has(SanitizerKind::ImplicitIntegerSignChange))
1120 return;
1121
1122 llvm::Type *SrcTy = Src->getType();
1123 llvm::Type *DstTy = Dst->getType();
1124
1125 // We only care about int->int conversions here.
1126 // We ignore conversions to/from pointer and/or bool.
1127 if (!PromotionIsPotentiallyEligibleForImplicitIntegerConversionCheck(SrcType,
1128 DstType))
1129 return;
1130
1131 bool SrcSigned = SrcType->isSignedIntegerOrEnumerationType();
1132 bool DstSigned = DstType->isSignedIntegerOrEnumerationType();
1133 unsigned SrcBits = SrcTy->getScalarSizeInBits();
1134 unsigned DstBits = DstTy->getScalarSizeInBits();
1135
1136 // Now, we do not need to emit the check in *all* of the cases.
1137 // We can avoid emitting it in some obvious cases where it would have been
1138 // dropped by the opt passes (instcombine) always anyways.
1139 // If it's a cast between effectively the same type, no check.
1140 // NOTE: this is *not* equivalent to checking the canonical types.
1141 if (SrcSigned == DstSigned && SrcBits == DstBits)
1142 return;
1143 // At least one of the values needs to have signed type.
1144 // If both are unsigned, then obviously, neither of them can be negative.
1145 if (!SrcSigned && !DstSigned)
1146 return;
1147 // If the conversion is to *larger* *signed* type, then no check is needed.
1148 // Because either sign-extension happens (so the sign will remain),
1149 // or zero-extension will happen (the sign bit will be zero.)
1150 if ((DstBits > SrcBits) && DstSigned)
1151 return;
1152 if (CGF.SanOpts.has(SanitizerKind::ImplicitSignedIntegerTruncation) &&
1153 (SrcBits > DstBits) && SrcSigned) {
1154 // If the signed integer truncation sanitizer is enabled,
1155 // and this is a truncation from signed type, then no check is needed.
1156 // Because here sign change check is interchangeable with truncation check.
1157 return;
1158 }
1159 // That's it. We can't rule out any more cases with the data we have.
1160
1161 CodeGenFunction::SanitizerScope SanScope(&CGF);
1162
1163 std::pair<ScalarExprEmitter::ImplicitConversionCheckKind,
1164 std::pair<llvm::Value *, SanitizerMask>>
1165 Check;
1166
1167 // Each of these checks needs to return 'false' when an issue was detected.
1168 ImplicitConversionCheckKind CheckKind;
1169 llvm::SmallVector<std::pair<llvm::Value *, SanitizerMask>, 2> Checks;
1170 // So we can 'and' all the checks together, and still get 'false',
1171 // if at least one of the checks detected an issue.
1172
1173 Check = EmitIntegerSignChangeCheckHelper(Src, SrcType, Dst, DstType, Builder);
1174 CheckKind = Check.first;
1175 Checks.emplace_back(Check.second);
1176
1177 if (CGF.SanOpts.has(SanitizerKind::ImplicitSignedIntegerTruncation) &&
1178 (SrcBits > DstBits) && !SrcSigned && DstSigned) {
1179 // If the signed integer truncation sanitizer was enabled,
1180 // and we are truncating from larger unsigned type to smaller signed type,
1181 // let's handle the case we skipped in that check.
1182 Check =
1183 EmitIntegerTruncationCheckHelper(Src, SrcType, Dst, DstType, Builder);
1184 CheckKind = ICCK_SignedIntegerTruncationOrSignChange;
1185 Checks.emplace_back(Check.second);
1186 // If the comparison result is 'i1 false', then the truncation was lossy.
1187 }
1188
1189 llvm::Constant *StaticArgs[] = {
1190 CGF.EmitCheckSourceLocation(Loc), CGF.EmitCheckTypeDescriptor(SrcType),
1191 CGF.EmitCheckTypeDescriptor(DstType),
1192 llvm::ConstantInt::get(Builder.getInt8Ty(), CheckKind)};
1193 // EmitCheck() will 'and' all the checks together.
1194 CGF.EmitCheck(Checks, SanitizerHandler::ImplicitConversion, StaticArgs,
1195 {Src, Dst});
1196}
1197
1198Value *ScalarExprEmitter::EmitScalarCast(Value *Src, QualType SrcType,
1199 QualType DstType, llvm::Type *SrcTy,
1200 llvm::Type *DstTy,
1201 ScalarConversionOpts Opts) {
1202 // The Element types determine the type of cast to perform.
1203 llvm::Type *SrcElementTy;
1204 llvm::Type *DstElementTy;
1205 QualType SrcElementType;
1206 QualType DstElementType;
1207 if (SrcType->isMatrixType() && DstType->isMatrixType()) {
1208 SrcElementTy = cast<llvm::VectorType>(SrcTy)->getElementType();
1209 DstElementTy = cast<llvm::VectorType>(DstTy)->getElementType();
1210 SrcElementType = SrcType->castAs<MatrixType>()->getElementType();
1211 DstElementType = DstType->castAs<MatrixType>()->getElementType();
1212 } else {
1213 assert(!SrcType->isMatrixType() && !DstType->isMatrixType() &&
1214 "cannot cast between matrix and non-matrix types");
1215 SrcElementTy = SrcTy;
1216 DstElementTy = DstTy;
1217 SrcElementType = SrcType;
1218 DstElementType = DstType;
1219 }
1220
1221 if (isa<llvm::IntegerType>(SrcElementTy)) {
1222 bool InputSigned = SrcElementType->isSignedIntegerOrEnumerationType();
1223 if (SrcElementType->isBooleanType() && Opts.TreatBooleanAsSigned) {
1224 InputSigned = true;
1225 }
1226
1227 if (isa<llvm::IntegerType>(DstElementTy))
1228 return Builder.CreateIntCast(Src, DstTy, InputSigned, "conv");
1229 if (InputSigned)
1230 return Builder.CreateSIToFP(Src, DstTy, "conv");
1231 return Builder.CreateUIToFP(Src, DstTy, "conv");
1232 }
1233
1234 if (isa<llvm::IntegerType>(DstElementTy)) {
1235 assert(SrcElementTy->isFloatingPointTy() && "Unknown real conversion");
1236 if (DstElementType->isSignedIntegerOrEnumerationType())
1237 return Builder.CreateFPToSI(Src, DstTy, "conv");
1238 return Builder.CreateFPToUI(Src, DstTy, "conv");
1239 }
1240
1241 if (DstElementTy->getTypeID() < SrcElementTy->getTypeID())
1242 return Builder.CreateFPTrunc(Src, DstTy, "conv");
1243 return Builder.CreateFPExt(Src, DstTy, "conv");
1244}
1245
1246/// Emit a conversion from the specified type to the specified destination type,
1247/// both of which are LLVM scalar types.
1248Value *ScalarExprEmitter::EmitScalarConversion(Value *Src, QualType SrcType,
1249 QualType DstType,
1250 SourceLocation Loc,
1251 ScalarConversionOpts Opts) {
1252 // All conversions involving fixed point types should be handled by the
1253 // EmitFixedPoint family functions. This is done to prevent bloating up this
1254 // function more, and although fixed point numbers are represented by
1255 // integers, we do not want to follow any logic that assumes they should be
1256 // treated as integers.
1257 // TODO(leonardchan): When necessary, add another if statement checking for
1258 // conversions to fixed point types from other types.
1259 if (SrcType->isFixedPointType()) {
1260 if (DstType->isBooleanType())
1261 // It is important that we check this before checking if the dest type is
1262 // an integer because booleans are technically integer types.
1263 // We do not need to check the padding bit on unsigned types if unsigned
1264 // padding is enabled because overflow into this bit is undefined
1265 // behavior.
1266 return Builder.CreateIsNotNull(Src, "tobool");
1267 if (DstType->isFixedPointType() || DstType->isIntegerType() ||
1268 DstType->isRealFloatingType())
1269 return EmitFixedPointConversion(Src, SrcType, DstType, Loc);
1270
1271 llvm_unreachable(
1272 "Unhandled scalar conversion from a fixed point type to another type.");
1273 } else if (DstType->isFixedPointType()) {
1274 if (SrcType->isIntegerType() || SrcType->isRealFloatingType())
1275 // This also includes converting booleans and enums to fixed point types.
1276 return EmitFixedPointConversion(Src, SrcType, DstType, Loc);
1277
1278 llvm_unreachable(
1279 "Unhandled scalar conversion to a fixed point type from another type.");
1280 }
1281
1282 QualType NoncanonicalSrcType = SrcType;
1283 QualType NoncanonicalDstType = DstType;
1284
1285 SrcType = CGF.getContext().getCanonicalType(SrcType);
1286 DstType = CGF.getContext().getCanonicalType(DstType);
1287 if (SrcType == DstType) return Src;
1288
1289 if (DstType->isVoidType()) return nullptr;
1290
1291 llvm::Value *OrigSrc = Src;
1292 QualType OrigSrcType = SrcType;
1293 llvm::Type *SrcTy = Src->getType();
1294
1295 // Handle conversions to bool first, they are special: comparisons against 0.
1296 if (DstType->isBooleanType())
1297 return EmitConversionToBool(Src, SrcType);
1298
1299 llvm::Type *DstTy = ConvertType(DstType);
1300
1301 // Cast from half through float if half isn't a native type.
1302 if (SrcType->isHalfType() && !CGF.getContext().getLangOpts().NativeHalfType) {
1303 // Cast to FP using the intrinsic if the half type itself isn't supported.
1304 if (DstTy->isFloatingPointTy()) {
1305 if (CGF.getContext().getTargetInfo().useFP16ConversionIntrinsics())
1306 return Builder.CreateCall(
1307 CGF.CGM.getIntrinsic(llvm::Intrinsic::convert_from_fp16, DstTy),
1308 Src);
1309 } else {
1310 // Cast to other types through float, using either the intrinsic or FPExt,
1311 // depending on whether the half type itself is supported
1312 // (as opposed to operations on half, available with NativeHalfType).
1313 if (CGF.getContext().getTargetInfo().useFP16ConversionIntrinsics()) {
1314 Src = Builder.CreateCall(
1315 CGF.CGM.getIntrinsic(llvm::Intrinsic::convert_from_fp16,
1316 CGF.CGM.FloatTy),
1317 Src);
1318 } else {
1319 Src = Builder.CreateFPExt(Src, CGF.CGM.FloatTy, "conv");
1320 }
1321 SrcType = CGF.getContext().FloatTy;
1322 SrcTy = CGF.FloatTy;
1323 }
1324 }
1325
1326 // Ignore conversions like int -> uint.
1327 if (SrcTy == DstTy) {
1328 if (Opts.EmitImplicitIntegerSignChangeChecks)
1329 EmitIntegerSignChangeCheck(Src, NoncanonicalSrcType, Src,
1330 NoncanonicalDstType, Loc);
1331
1332 return Src;
1333 }
1334
1335 // Handle pointer conversions next: pointers can only be converted to/from
1336 // other pointers and integers. Check for pointer types in terms of LLVM, as
1337 // some native types (like Obj-C id) may map to a pointer type.
1338 if (auto DstPT = dyn_cast<llvm::PointerType>(DstTy)) {
1339 // The source value may be an integer, or a pointer.
1340 if (isa<llvm::PointerType>(SrcTy))
1341 return Builder.CreateBitCast(Src, DstTy, "conv");
1342
1343 assert(SrcType->isIntegerType() && "Not ptr->ptr or int->ptr conversion?");
1344 // First, convert to the correct width so that we control the kind of
1345 // extension.
1346 llvm::Type *MiddleTy = CGF.CGM.getDataLayout().getIntPtrType(DstPT);
1347 bool InputSigned = SrcType->isSignedIntegerOrEnumerationType();
1348 llvm::Value* IntResult =
1349 Builder.CreateIntCast(Src, MiddleTy, InputSigned, "conv");
1350 // Then, cast to pointer.
1351 return Builder.CreateIntToPtr(IntResult, DstTy, "conv");
1352 }
1353
1354 if (isa<llvm::PointerType>(SrcTy)) {
1355 // Must be an ptr to int cast.
1356 assert(isa<llvm::IntegerType>(DstTy) && "not ptr->int?");
1357 return Builder.CreatePtrToInt(Src, DstTy, "conv");
1358 }
1359
1360 // A scalar can be splatted to an extended vector of the same element type
1361 if (DstType->isExtVectorType() && !SrcType->isVectorType()) {
1362 // Sema should add casts to make sure that the source expression's type is
1363 // the same as the vector's element type (sans qualifiers)
1364 assert(DstType->castAs<ExtVectorType>()->getElementType().getTypePtr() ==
1365 SrcType.getTypePtr() &&
1366 "Splatted expr doesn't match with vector element type?");
1367
1368 // Splat the element across to all elements
1369 unsigned NumElements = cast<llvm::FixedVectorType>(DstTy)->getNumElements();
1370 return Builder.CreateVectorSplat(NumElements, Src, "splat");
1371 }
1372
1373 if (SrcType->isMatrixType() && DstType->isMatrixType())
1374 return EmitScalarCast(Src, SrcType, DstType, SrcTy, DstTy, Opts);
1375
1376 if (isa<llvm::VectorType>(SrcTy) || isa<llvm::VectorType>(DstTy)) {
1377 // Allow bitcast from vector to integer/fp of the same size.
1378 unsigned SrcSize = SrcTy->getPrimitiveSizeInBits();
1379 unsigned DstSize = DstTy->getPrimitiveSizeInBits();
1380 if (SrcSize == DstSize)
1381 return Builder.CreateBitCast(Src, DstTy, "conv");
1382
1383 // Conversions between vectors of different sizes are not allowed except
1384 // when vectors of half are involved. Operations on storage-only half
1385 // vectors require promoting half vector operands to float vectors and
1386 // truncating the result, which is either an int or float vector, to a
1387 // short or half vector.
1388
1389 // Source and destination are both expected to be vectors.
1390 llvm::Type *SrcElementTy = cast<llvm::VectorType>(SrcTy)->getElementType();
1391 llvm::Type *DstElementTy = cast<llvm::VectorType>(DstTy)->getElementType();
1392 (void)DstElementTy;
1393
1394 assert(((SrcElementTy->isIntegerTy() &&
1395 DstElementTy->isIntegerTy()) ||
1396 (SrcElementTy->isFloatingPointTy() &&
1397 DstElementTy->isFloatingPointTy())) &&
1398 "unexpected conversion between a floating-point vector and an "
1399 "integer vector");
1400
1401 // Truncate an i32 vector to an i16 vector.
1402 if (SrcElementTy->isIntegerTy())
1403 return Builder.CreateIntCast(Src, DstTy, false, "conv");
1404
1405 // Truncate a float vector to a half vector.
1406 if (SrcSize > DstSize)
1407 return Builder.CreateFPTrunc(Src, DstTy, "conv");
1408
1409 // Promote a half vector to a float vector.
1410 return Builder.CreateFPExt(Src, DstTy, "conv");
1411 }
1412
1413 // Finally, we have the arithmetic types: real int/float.
1414 Value *Res = nullptr;
1415 llvm::Type *ResTy = DstTy;
1416
1417 // An overflowing conversion has undefined behavior if either the source type
1418 // or the destination type is a floating-point type. However, we consider the
1419 // range of representable values for all floating-point types to be
1420 // [-inf,+inf], so no overflow can ever happen when the destination type is a
1421 // floating-point type.
1422 if (CGF.SanOpts.has(SanitizerKind::FloatCastOverflow) &&
1423 OrigSrcType->isFloatingType())
1424 EmitFloatConversionCheck(OrigSrc, OrigSrcType, Src, SrcType, DstType, DstTy,
1425 Loc);
1426
1427 // Cast to half through float if half isn't a native type.
1428 if (DstType->isHalfType() && !CGF.getContext().getLangOpts().NativeHalfType) {
1429 // Make sure we cast in a single step if from another FP type.
1430 if (SrcTy->isFloatingPointTy()) {
1431 // Use the intrinsic if the half type itself isn't supported
1432 // (as opposed to operations on half, available with NativeHalfType).
1433 if (CGF.getContext().getTargetInfo().useFP16ConversionIntrinsics())
1434 return Builder.CreateCall(
1435 CGF.CGM.getIntrinsic(llvm::Intrinsic::convert_to_fp16, SrcTy), Src);
1436 // If the half type is supported, just use an fptrunc.
1437 return Builder.CreateFPTrunc(Src, DstTy);
1438 }
1439 DstTy = CGF.FloatTy;
1440 }
1441
1442 Res = EmitScalarCast(Src, SrcType, DstType, SrcTy, DstTy, Opts);
1443
1444 if (DstTy != ResTy) {
1445 if (CGF.getContext().getTargetInfo().useFP16ConversionIntrinsics()) {
1446 assert(ResTy->isIntegerTy(16) && "Only half FP requires extra conversion");
1447 Res = Builder.CreateCall(
1448 CGF.CGM.getIntrinsic(llvm::Intrinsic::convert_to_fp16, CGF.CGM.FloatTy),
1449 Res);
1450 } else {
1451 Res = Builder.CreateFPTrunc(Res, ResTy, "conv");
1452 }
1453 }
1454
1455 if (Opts.EmitImplicitIntegerTruncationChecks)
1456 EmitIntegerTruncationCheck(Src, NoncanonicalSrcType, Res,
1457 NoncanonicalDstType, Loc);
1458
1459 if (Opts.EmitImplicitIntegerSignChangeChecks)
1460 EmitIntegerSignChangeCheck(Src, NoncanonicalSrcType, Res,
1461 NoncanonicalDstType, Loc);
1462
1463 return Res;
1464}
1465
1466Value *ScalarExprEmitter::EmitFixedPointConversion(Value *Src, QualType SrcTy,
1467 QualType DstTy,
1468 SourceLocation Loc) {
1469 llvm::FixedPointBuilder<CGBuilderTy> FPBuilder(Builder);
1470 llvm::Value *Result;
1471 if (SrcTy->isRealFloatingType())
1472 Result = FPBuilder.CreateFloatingToFixed(Src,
1473 CGF.getContext().getFixedPointSemantics(DstTy));
1474 else if (DstTy->isRealFloatingType())
1475 Result = FPBuilder.CreateFixedToFloating(Src,
1476 CGF.getContext().getFixedPointSemantics(SrcTy),
1477 ConvertType(DstTy));
1478 else {
1479 auto SrcFPSema = CGF.getContext().getFixedPointSemantics(SrcTy);
1480 auto DstFPSema = CGF.getContext().getFixedPointSemantics(DstTy);
1481
1482 if (DstTy->isIntegerType())
1483 Result = FPBuilder.CreateFixedToInteger(Src, SrcFPSema,
1484 DstFPSema.getWidth(),
1485 DstFPSema.isSigned());
1486 else if (SrcTy->isIntegerType())
1487 Result = FPBuilder.CreateIntegerToFixed(Src, SrcFPSema.isSigned(),
1488 DstFPSema);
1489 else
1490 Result = FPBuilder.CreateFixedToFixed(Src, SrcFPSema, DstFPSema);
1491 }
1492 return Result;
1493}
1494
1495/// Emit a conversion from the specified complex type to the specified
1496/// destination type, where the destination type is an LLVM scalar type.
1497Value *ScalarExprEmitter::EmitComplexToScalarConversion(
1498 CodeGenFunction::ComplexPairTy Src, QualType SrcTy, QualType DstTy,
1499 SourceLocation Loc) {
1500 // Get the source element type.
1501 SrcTy = SrcTy->castAs<ComplexType>()->getElementType();
1502
1503 // Handle conversions to bool first, they are special: comparisons against 0.
1504 if (DstTy->isBooleanType()) {
1505 // Complex != 0 -> (Real != 0) | (Imag != 0)
1506 Src.first = EmitScalarConversion(Src.first, SrcTy, DstTy, Loc);
1507 Src.second = EmitScalarConversion(Src.second, SrcTy, DstTy, Loc);
1508 return Builder.CreateOr(Src.first, Src.second, "tobool");
1509 }
1510
1511 // C99 6.3.1.7p2: "When a value of complex type is converted to a real type,
1512 // the imaginary part of the complex value is discarded and the value of the
1513 // real part is converted according to the conversion rules for the
1514 // corresponding real type.
1515 return EmitScalarConversion(Src.first, SrcTy, DstTy, Loc);
1516}
1517
1518Value *ScalarExprEmitter::EmitNullValue(QualType Ty) {
1519 return CGF.EmitFromMemory(CGF.CGM.EmitNullConstant(Ty), Ty);
1520}
1521
1522/// Emit a sanitization check for the given "binary" operation (which
1523/// might actually be a unary increment which has been lowered to a binary
1524/// operation). The check passes if all values in \p Checks (which are \c i1),
1525/// are \c true.
1526void ScalarExprEmitter::EmitBinOpCheck(
1527 ArrayRef<std::pair<Value *, SanitizerMask>> Checks, const BinOpInfo &Info) {
1528 assert(CGF.IsSanitizerScope);
1529 SanitizerHandler Check;
1530 SmallVector<llvm::Constant *, 4> StaticData;
1531 SmallVector<llvm::Value *, 2> DynamicData;
1532
1533 BinaryOperatorKind Opcode = Info.Opcode;
1534 if (BinaryOperator::isCompoundAssignmentOp(Opcode))
1535 Opcode = BinaryOperator::getOpForCompoundAssignment(Opcode);
1536
1537 StaticData.push_back(CGF.EmitCheckSourceLocation(Info.E->getExprLoc()));
1538 const UnaryOperator *UO = dyn_cast<UnaryOperator>(Info.E);
1539 if (UO && UO->getOpcode() == UO_Minus) {
1540 Check = SanitizerHandler::NegateOverflow;
1541 StaticData.push_back(CGF.EmitCheckTypeDescriptor(UO->getType()));
1542 DynamicData.push_back(Info.RHS);
1543 } else {
1544 if (BinaryOperator::isShiftOp(Opcode)) {
1545 // Shift LHS negative or too large, or RHS out of bounds.
1546 Check = SanitizerHandler::ShiftOutOfBounds;
1547 const BinaryOperator *BO = cast<BinaryOperator>(Info.E);
1548 StaticData.push_back(
1549 CGF.EmitCheckTypeDescriptor(BO->getLHS()->getType()));
1550 StaticData.push_back(
1551 CGF.EmitCheckTypeDescriptor(BO->getRHS()->getType()));
1552 } else if (Opcode == BO_Div || Opcode == BO_Rem) {
1553 // Divide or modulo by zero, or signed overflow (eg INT_MAX / -1).
1554 Check = SanitizerHandler::DivremOverflow;
1555 StaticData.push_back(CGF.EmitCheckTypeDescriptor(Info.Ty));
1556 } else {
1557 // Arithmetic overflow (+, -, *).
1558 switch (Opcode) {
1559 case BO_Add: Check = SanitizerHandler::AddOverflow; break;
1560 case BO_Sub: Check = SanitizerHandler::SubOverflow; break;
1561 case BO_Mul: Check = SanitizerHandler::MulOverflow; break;
1562 default: llvm_unreachable("unexpected opcode for bin op check");
1563 }
1564 StaticData.push_back(CGF.EmitCheckTypeDescriptor(Info.Ty));
1565 }
1566 DynamicData.push_back(Info.LHS);
1567 DynamicData.push_back(Info.RHS);
1568 }
1569
1570 CGF.EmitCheck(Checks, Check, StaticData, DynamicData);
1571}
1572
1573//===----------------------------------------------------------------------===//
1574// Visitor Methods
1575//===----------------------------------------------------------------------===//
1576
1577Value *ScalarExprEmitter::VisitExpr(Expr *E) {
1578 CGF.ErrorUnsupported(E, "scalar expression");
1579 if (E->getType()->isVoidType())
1580 return nullptr;
1581 return llvm::UndefValue::get(CGF.ConvertType(E->getType()));
1582}
1583
1584Value *ScalarExprEmitter::VisitShuffleVectorExpr(ShuffleVectorExpr *E) {
1585 // Vector Mask Case
1586 if (E->getNumSubExprs() == 2) {
1587 Value *LHS = CGF.EmitScalarExpr(E->getExpr(0));
1588 Value *RHS = CGF.EmitScalarExpr(E->getExpr(1));
1589 Value *Mask;
1590
1591 auto *LTy = cast<llvm::FixedVectorType>(LHS->getType());
1592 unsigned LHSElts = LTy->getNumElements();
1593
1594 Mask = RHS;
1595
1596 auto *MTy = cast<llvm::FixedVectorType>(Mask->getType());
1597
1598 // Mask off the high bits of each shuffle index.
1599 Value *MaskBits =
1600 llvm::ConstantInt::get(MTy, llvm::NextPowerOf2(LHSElts - 1) - 1);
1601 Mask = Builder.CreateAnd(Mask, MaskBits, "mask");
1602
1603 // newv = undef
1604 // mask = mask & maskbits
1605 // for each elt
1606 // n = extract mask i
1607 // x = extract val n
1608 // newv = insert newv, x, i
1609 auto *RTy = llvm::FixedVectorType::get(LTy->getElementType(),
1610 MTy->getNumElements());
1611 Value* NewV = llvm::UndefValue::get(RTy);
1612 for (unsigned i = 0, e = MTy->getNumElements(); i != e; ++i) {
1613 Value *IIndx = llvm::ConstantInt::get(CGF.SizeTy, i);
1614 Value *Indx = Builder.CreateExtractElement(Mask, IIndx, "shuf_idx");
1615
1616 Value *VExt = Builder.CreateExtractElement(LHS, Indx, "shuf_elt");
1617 NewV = Builder.CreateInsertElement(NewV, VExt, IIndx, "shuf_ins");
1618 }
1619 return NewV;
1620 }
1621
1622 Value* V1 = CGF.EmitScalarExpr(E->getExpr(0));
1623 Value* V2 = CGF.EmitScalarExpr(E->getExpr(1));
1624
1625 SmallVector<int, 32> Indices;
1626 for (unsigned i = 2; i < E->getNumSubExprs(); ++i) {
1627 llvm::APSInt Idx = E->getShuffleMaskIdx(CGF.getContext(), i-2);
1628 // Check for -1 and output it as undef in the IR.
1629 if (Idx.isSigned() && Idx.isAllOnesValue())
1630 Indices.push_back(-1);
1631 else
1632 Indices.push_back(Idx.getZExtValue());
1633 }
1634
1635 return Builder.CreateShuffleVector(V1, V2, Indices, "shuffle");
1636}
1637
1638Value *ScalarExprEmitter::VisitConvertVectorExpr(ConvertVectorExpr *E) {
1639 QualType SrcType = E->getSrcExpr()->getType(),
1640 DstType = E->getType();
1641
1642 Value *Src = CGF.EmitScalarExpr(E->getSrcExpr());
1643
1644 SrcType = CGF.getContext().getCanonicalType(SrcType);
1645 DstType = CGF.getContext().getCanonicalType(DstType);
1646 if (SrcType == DstType) return Src;
1647
1648 assert(SrcType->isVectorType() &&
1649 "ConvertVector source type must be a vector");
1650 assert(DstType->isVectorType() &&
1651 "ConvertVector destination type must be a vector");
1652
1653 llvm::Type *SrcTy = Src->getType();
1654 llvm::Type *DstTy = ConvertType(DstType);
1655
1656 // Ignore conversions like int -> uint.
1657 if (SrcTy == DstTy)
1658 return Src;
1659
1660 QualType SrcEltType = SrcType->castAs<VectorType>()->getElementType(),
1661 DstEltType = DstType->castAs<VectorType>()->getElementType();
1662
1663 assert(SrcTy->isVectorTy() &&
1664 "ConvertVector source IR type must be a vector");
1665 assert(DstTy->isVectorTy() &&
1666 "ConvertVector destination IR type must be a vector");
1667
1668 llvm::Type *SrcEltTy = cast<llvm::VectorType>(SrcTy)->getElementType(),
1669 *DstEltTy = cast<llvm::VectorType>(DstTy)->getElementType();
1670
1671 if (DstEltType->isBooleanType()) {
1672 assert((SrcEltTy->isFloatingPointTy() ||
1673 isa<llvm::IntegerType>(SrcEltTy)) && "Unknown boolean conversion");
1674
1675 llvm::Value *Zero = llvm::Constant::getNullValue(SrcTy);
1676 if (SrcEltTy->isFloatingPointTy()) {
1677 return Builder.CreateFCmpUNE(Src, Zero, "tobool");
1678 } else {
1679 return Builder.CreateICmpNE(Src, Zero, "tobool");
1680 }
1681 }
1682
1683 // We have the arithmetic types: real int/float.
1684 Value *Res = nullptr;
1685
1686 if (isa<llvm::IntegerType>(SrcEltTy)) {
1687 bool InputSigned = SrcEltType->isSignedIntegerOrEnumerationType();
1688 if (isa<llvm::IntegerType>(DstEltTy))
1689 Res = Builder.CreateIntCast(Src, DstTy, InputSigned, "conv");
1690 else if (InputSigned)
1691 Res = Builder.CreateSIToFP(Src, DstTy, "conv");
1692 else
1693 Res = Builder.CreateUIToFP(Src, DstTy, "conv");
1694 } else if (isa<llvm::IntegerType>(DstEltTy)) {
1695 assert(SrcEltTy->isFloatingPointTy() && "Unknown real conversion");
1696 if (DstEltType->isSignedIntegerOrEnumerationType())
1697 Res = Builder.CreateFPToSI(Src, DstTy, "conv");
1698 else
1699 Res = Builder.CreateFPToUI(Src, DstTy, "conv");
1700 } else {
1701 assert(SrcEltTy->isFloatingPointTy() && DstEltTy->isFloatingPointTy() &&
1702 "Unknown real conversion");
1703 if (DstEltTy->getTypeID() < SrcEltTy->getTypeID())
1704 Res = Builder.CreateFPTrunc(Src, DstTy, "conv");
1705 else
1706 Res = Builder.CreateFPExt(Src, DstTy, "conv");
1707 }
1708
1709 return Res;
1710}
1711
1712Value *ScalarExprEmitter::VisitMemberExpr(MemberExpr *E) {
1713 if (CodeGenFunction::ConstantEmission Constant = CGF.tryEmitAsConstant(E)) {
1714 CGF.EmitIgnoredExpr(E->getBase());
1715 return CGF.emitScalarConstant(Constant, E);
1716 } else {
1717 Expr::EvalResult Result;
1718 if (E->EvaluateAsInt(Result, CGF.getContext(), Expr::SE_AllowSideEffects)) {
1719 llvm::APSInt Value = Result.Val.getInt();
1720 CGF.EmitIgnoredExpr(E->getBase());
1721 return Builder.getInt(Value);
1722 }
1723 }
1724
1725 return EmitLoadOfLValue(E);
1726}
1727
1728Value *ScalarExprEmitter::VisitArraySubscriptExpr(ArraySubscriptExpr *E) {
1729 TestAndClearIgnoreResultAssign();
1730
1731 // Emit subscript expressions in rvalue context's. For most cases, this just
1732 // loads the lvalue formed by the subscript expr. However, we have to be
1733 // careful, because the base of a vector subscript is occasionally an rvalue,
1734 // so we can't get it as an lvalue.
1735 if (!E->getBase()->getType()->isVectorType())
1736 return EmitLoadOfLValue(E);
1737
1738 // Handle the vector case. The base must be a vector, the index must be an
1739 // integer value.
1740 Value *Base = Visit(E->getBase());
1741 Value *Idx = Visit(E->getIdx());
1742 QualType IdxTy = E->getIdx()->getType();
1743
1744 if (CGF.SanOpts.has(SanitizerKind::ArrayBounds))
1745 CGF.EmitBoundsCheck(E, E->getBase(), Idx, IdxTy, /*Accessed*/true);
1746
1747 return Builder.CreateExtractElement(Base, Idx, "vecext");
1748}
1749
1750Value *ScalarExprEmitter::VisitMatrixSubscriptExpr(MatrixSubscriptExpr *E) {
1751 TestAndClearIgnoreResultAssign();
1752
1753 // Handle the vector case. The base must be a vector, the index must be an
1754 // integer value.
1755 Value *RowIdx = Visit(E->getRowIdx());
1756 Value *ColumnIdx = Visit(E->getColumnIdx());
1757 Value *Matrix = Visit(E->getBase());
1758
1759 // TODO: Should we emit bounds checks with SanitizerKind::ArrayBounds?
1760 llvm::MatrixBuilder<CGBuilderTy> MB(Builder);
1761 return MB.CreateExtractElement(
1762 Matrix, RowIdx, ColumnIdx,
1763 E->getBase()->getType()->castAs<ConstantMatrixType>()->getNumRows());
1764}
1765
1766static int getMaskElt(llvm::ShuffleVectorInst *SVI, unsigned Idx,
1767 unsigned Off) {
1768 int MV = SVI->getMaskValue(Idx);
1769 if (MV == -1)
1770 return -1;
1771 return Off + MV;
1772}
1773
1774static int getAsInt32(llvm::ConstantInt *C, llvm::Type *I32Ty) {
1775 assert(llvm::ConstantInt::isValueValidForType(I32Ty, C->getZExtValue()) &&
1776 "Index operand too large for shufflevector mask!");
1777 return C->getZExtValue();
1778}
1779
1780Value *ScalarExprEmitter::VisitInitListExpr(InitListExpr *E) {
1781 bool Ignore = TestAndClearIgnoreResultAssign();
1782 (void)Ignore;
1783 assert (Ignore == false && "init list ignored");
1784 unsigned NumInitElements = E->getNumInits();
1785
1786 if (E->hadArrayRangeDesignator())
1787 CGF.ErrorUnsupported(E, "GNU array range designator extension");
1788
1789 llvm::VectorType *VType =
1790 dyn_cast<llvm::VectorType>(ConvertType(E->getType()));
1791
1792 if (!VType) {
1793 if (NumInitElements == 0) {
1794 // C++11 value-initialization for the scalar.
1795 return EmitNullValue(E->getType());
1796 }
1797 // We have a scalar in braces. Just use the first element.
1798 return Visit(E->getInit(0));
1799 }
1800
1801 unsigned ResElts = cast<llvm::FixedVectorType>(VType)->getNumElements();
1802
1803 // Loop over initializers collecting the Value for each, and remembering
1804 // whether the source was swizzle (ExtVectorElementExpr). This will allow
1805 // us to fold the shuffle for the swizzle into the shuffle for the vector
1806 // initializer, since LLVM optimizers generally do not want to touch
1807 // shuffles.
1808 unsigned CurIdx = 0;
1809 bool VIsUndefShuffle = false;
1810 llvm::Value *V = llvm::UndefValue::get(VType);
1811 for (unsigned i = 0; i != NumInitElements; ++i) {
1812 Expr *IE = E->getInit(i);
1813 Value *Init = Visit(IE);
1814 SmallVector<int, 16> Args;
1815
1816 llvm::VectorType *VVT = dyn_cast<llvm::VectorType>(Init->getType());
1817
1818 // Handle scalar elements. If the scalar initializer is actually one
1819 // element of a different vector of the same width, use shuffle instead of
1820 // extract+insert.
1821 if (!VVT) {
1822 if (isa<ExtVectorElementExpr>(IE)) {
1823 llvm::ExtractElementInst *EI = cast<llvm::ExtractElementInst>(Init);
1824
1825 if (cast<llvm::FixedVectorType>(EI->getVectorOperandType())
1826 ->getNumElements() == ResElts) {
1827 llvm::ConstantInt *C = cast<llvm::ConstantInt>(EI->getIndexOperand());
1828 Value *LHS = nullptr, *RHS = nullptr;
1829 if (CurIdx == 0) {
1830 // insert into undef -> shuffle (src, undef)
1831 // shufflemask must use an i32
1832 Args.push_back(getAsInt32(C, CGF.Int32Ty));
1833 Args.resize(ResElts, -1);
1834
1835 LHS = EI->getVectorOperand();
1836 RHS = V;
1837 VIsUndefShuffle = true;
1838 } else if (VIsUndefShuffle) {
1839 // insert into undefshuffle && size match -> shuffle (v, src)
1840 llvm::ShuffleVectorInst *SVV = cast<llvm::ShuffleVectorInst>(V);
1841 for (unsigned j = 0; j != CurIdx; ++j)
1842 Args.push_back(getMaskElt(SVV, j, 0));
1843 Args.push_back(ResElts + C->getZExtValue());
1844 Args.resize(ResElts, -1);
1845
1846 LHS = cast<llvm::ShuffleVectorInst>(V)->getOperand(0);
1847 RHS = EI->getVectorOperand();
1848 VIsUndefShuffle = false;
1849 }
1850 if (!Args.empty()) {
1851 V = Builder.CreateShuffleVector(LHS, RHS, Args);
1852 ++CurIdx;
1853 continue;
1854 }
1855 }
1856 }
1857 V = Builder.CreateInsertElement(V, Init, Builder.getInt32(CurIdx),
1858 "vecinit");
1859 VIsUndefShuffle = false;
1860 ++CurIdx;
1861 continue;
1862 }
1863
1864 unsigned InitElts = cast<llvm::FixedVectorType>(VVT)->getNumElements();
1865
1866 // If the initializer is an ExtVecEltExpr (a swizzle), and the swizzle's
1867 // input is the same width as the vector being constructed, generate an
1868 // optimized shuffle of the swizzle input into the result.
1869 unsigned Offset = (CurIdx == 0) ? 0 : ResElts;
1870 if (isa<ExtVectorElementExpr>(IE)) {
1871 llvm::ShuffleVectorInst *SVI = cast<llvm::ShuffleVectorInst>(Init);
1872 Value *SVOp = SVI->getOperand(0);
1873 auto *OpTy = cast<llvm::FixedVectorType>(SVOp->getType());
1874
1875 if (OpTy->getNumElements() == ResElts) {
1876 for (unsigned j = 0; j != CurIdx; ++j) {
1877 // If the current vector initializer is a shuffle with undef, merge
1878 // this shuffle directly into it.
1879 if (VIsUndefShuffle) {
1880 Args.push_back(getMaskElt(cast<llvm::ShuffleVectorInst>(V), j, 0));
1881 } else {
1882 Args.push_back(j);
1883 }
1884 }
1885 for (unsigned j = 0, je = InitElts; j != je; ++j)
1886 Args.push_back(getMaskElt(SVI, j, Offset));
1887 Args.resize(ResElts, -1);
1888
1889 if (VIsUndefShuffle)
1890 V = cast<llvm::ShuffleVectorInst>(V)->getOperand(0);
1891
1892 Init = SVOp;
1893 }
1894 }
1895
1896 // Extend init to result vector length, and then shuffle its contribution
1897 // to the vector initializer into V.
1898 if (Args.empty()) {
1899 for (unsigned j = 0; j != InitElts; ++j)
1900 Args.push_back(j);
1901 Args.resize(ResElts, -1);
1902 Init = Builder.CreateShuffleVector(Init, Args, "vext");
1903
1904 Args.clear();
1905 for (unsigned j = 0; j != CurIdx; ++j)
1906 Args.push_back(j);
1907 for (unsigned j = 0; j != InitElts; ++j)
1908 Args.push_back(j + Offset);
1909 Args.resize(ResElts, -1);
1910 }
1911
1912 // If V is undef, make sure it ends up on the RHS of the shuffle to aid
1913 // merging subsequent shuffles into this one.
1914 if (CurIdx == 0)
1915 std::swap(V, Init);
1916 V = Builder.CreateShuffleVector(V, Init, Args, "vecinit");
1917 VIsUndefShuffle = isa<llvm::UndefValue>(Init);
1918 CurIdx += InitElts;
1919 }
1920
1921 // FIXME: evaluate codegen vs. shuffling against constant null vector.
1922 // Emit remaining default initializers.
1923 llvm::Type *EltTy = VType->getElementType();
1924
1925 // Emit remaining default initializers
1926 for (/* Do not initialize i*/; CurIdx < ResElts; ++CurIdx) {
1927 Value *Idx = Builder.getInt32(CurIdx);
1928 llvm::Value *Init = llvm::Constant::getNullValue(EltTy);
1929 V = Builder.CreateInsertElement(V, Init, Idx, "vecinit");
1930 }
1931 return V;
1932}
1933
1934bool CodeGenFunction::ShouldNullCheckClassCastValue(const CastExpr *CE) {
1935 const Expr *E = CE->getSubExpr();
1936
1937 if (CE->getCastKind() == CK_UncheckedDerivedToBase)
1938 return false;
1939
1940 if (isa<CXXThisExpr>(E->IgnoreParens())) {
1941 // We always assume that 'this' is never null.
1942 return false;
1943 }
1944
1945 if (const ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(CE)) {
1946 // And that glvalue casts are never null.
1947 if (ICE->getValueKind() != VK_RValue)
1948 return false;
1949 }
1950
1951 return true;
1952}
1953
1954// VisitCastExpr - Emit code for an explicit or implicit cast. Implicit casts
1955// have to handle a more broad range of conversions than explicit casts, as they
1956// handle things like function to ptr-to-function decay etc.
1957Value *ScalarExprEmitter::VisitCastExpr(CastExpr *CE) {
1958 Expr *E = CE->getSubExpr();
1959 QualType DestTy = CE->getType();
1960 CastKind Kind = CE->getCastKind();
1961
1962 // These cases are generally not written to ignore the result of
1963 // evaluating their sub-expressions, so we clear this now.
1964 bool Ignored = TestAndClearIgnoreResultAssign();
1965
1966 // Since almost all cast kinds apply to scalars, this switch doesn't have
1967 // a default case, so the compiler will warn on a missing case. The cases
1968 // are in the same order as in the CastKind enum.
1969 switch (Kind) {
1970 case CK_Dependent: llvm_unreachable("dependent cast kind in IR gen!");
1971 case CK_BuiltinFnToFnPtr:
1972 llvm_unreachable("builtin functions are handled elsewhere");
1973
1974 case CK_LValueBitCast:
1975 case CK_ObjCObjectLValueCast: {
1976 Address Addr = EmitLValue(E).getAddress(CGF);
1977 Addr = Builder.CreateElementBitCast(Addr, CGF.ConvertTypeForMem(DestTy));
1978 LValue LV = CGF.MakeAddrLValue(Addr, DestTy);
1979 return EmitLoadOfLValue(LV, CE->getExprLoc());
1980 }
1981
1982 case CK_LValueToRValueBitCast: {
1983 LValue SourceLVal = CGF.EmitLValue(E);
1984 Address Addr = Builder.CreateElementBitCast(SourceLVal.getAddress(CGF),
1985 CGF.ConvertTypeForMem(DestTy));
1986 LValue DestLV = CGF.MakeAddrLValue(Addr, DestTy);
1987 DestLV.setTBAAInfo(