//===--- MemsetZeroLengthCheck.cpp - clang-tidy -------------------*- C++ -*-===//
//
//                     The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//

#include "MemsetZeroLengthCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include "clang/ASTMatchers/ASTMatchers.h"
#include "clang/Lex/Lexer.h"

using namespace clang::ast_matchers;

namespace clang {
namespace tidy {
namespace google {
namespace runtime {

void MemsetZeroLengthCheck::registerMatchers(
    ast_matchers::MatchFinder *Finder) {
  // Look for memset(x, y, 0) as those is most likely an argument swap.
  // TODO: Also handle other standard functions that suffer from the same
  //       problem, e.g. memchr.
  Finder->addMatcher(callExpr(callee(functionDecl(hasName("::memset"))),
                              argumentCountIs(3),
                              unless(isInTemplateInstantiation()))
                         .bind("decl"),
                     this);
}

/// \brief Get a StringRef representing a SourceRange.
static StringRef getAsString(const MatchFinder::MatchResult &Result,
                             SourceRange R) {
  const SourceManager &SM = *Result.SourceManager;
  // Don't even try to resolve macro or include contraptions. Not worth emitting
  // a fixit for.
  if (R.getBegin().isMacroID() ||
      !SM.isWrittenInSameFile(R.getBegin(), R.getEnd()))
    return StringRef();

  const char *Begin = SM.getCharacterData(R.getBegin());
  const char *End = SM.getCharacterData(Lexer::getLocForEndOfToken(
      R.getEnd(), 0, SM, Result.Context->getLangOpts()));

  return StringRef(Begin, End - Begin);
}

void MemsetZeroLengthCheck::check(const MatchFinder::MatchResult &Result) {
  const auto *Call = Result.Nodes.getNodeAs<CallExpr>("decl");

  // Note, this is:
  // void *memset(void *buffer, int fill_char, size_t byte_count);
  // Arg1 is fill_char, Arg2 is byte_count.
  const Expr *Arg1 = Call->getArg(1);
  const Expr *Arg2 = Call->getArg(2);

  // Return if `byte_count` is not zero at compile time.
  llvm::APSInt Value1, Value2;
  if (Arg2->isValueDependent() ||
      !Arg2->EvaluateAsInt(Value2, *Result.Context) || Value2 != 0)
    return;

  // Return if `fill_char` is known to be zero or negative at compile
  // time. In these cases, swapping the args would be a nop, or
  // introduce a definite bug. The code is likely correct.
  if (!Arg1->isValueDependent() &&
      Arg1->EvaluateAsInt(Value1, *Result.Context) &&
      (Value1 == 0 || Value1.isNegative()))
    return;

  // `byte_count` is known to be zero at compile time, and `fill_char` is
  // either not known or known to be a positive integer. Emit a warning
  // and fix-its to swap the arguments.
  auto D = diag(Call->getLocStart(),
                "memset of size zero, potentially swapped arguments");
  SourceRange LHSRange = Arg1->getSourceRange();
  SourceRange RHSRange = Arg2->getSourceRange();
  StringRef RHSString = getAsString(Result, RHSRange);
  StringRef LHSString = getAsString(Result, LHSRange);
  if (LHSString.empty() || RHSString.empty())
    return;

  D << FixItHint::CreateReplacement(CharSourceRange::getTokenRange(LHSRange),
                                    RHSString)
    << FixItHint::CreateReplacement(CharSourceRange::getTokenRange(RHSRange),
                                    LHSString);
}

} // namespace runtime
} // namespace google
} // namespace tidy
} // namespace clang