This is an archive of the discontinued LLVM Phabricator instance.

Differential D146773

[-Wunsafe-buffer-usage] Make raw (ungrouped) warnings a bit more verbose.
AcceptedPublic

Authored by NoQ on Mar 23 2023, 5:11 PM.

Details

Reviewers
jkorous
t-rasmud
ziqingluo-90
malavikasamak
aaron.ballman
gribozavr
ymandel
sgatev
Summary

So far we didn't pay enough attention to them given that we spent a lot of time on grouped warnings, but D146669 will cause them to be displayed more often. Make them nicer and more understandable.

Diff Detail

Unit TestsFailed

TimeTest
121,330 msclang CI - Running libc++ test suite with Clang Modules > llvm-libc++-shared-cfg-in.llvm-libc++-shared-cfg-in::/var/lib/buildkite-agent/builds/llvm-project/build/generic-modules/test/libcxx/clang_modules_include.gen.py/__std_clang_module.compile.pass.mm

Event Timeline

NoQ created this revision.Mar 23 2023, 5:11 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 23 2023, 5:11 PM
Herald added subscribers: steakhal, martong. · View Herald Transcript
NoQ requested review of this revision.Mar 23 2023, 5:11 PM
NoQ added a parent revision: D146669: [-Wunsafe-buffer-usage] Hide fixits/suggestions behind an extra flag, -fsafe-buffer-usage-suggestions..
NoQ added inline comments.
clang/include/clang/Basic/DiagnosticSemaKinds.td
11906

The first mode doesn't show up in any tests and it's probably dead code at this point.

NoQ added a child revision: D143628: [-Wunsafe-buffer-usage][PoC][WIP] Add #include <span> to emitted Fix-Its.Apr 7 2023, 2:55 PM
malavikasamak added inline comments.Apr 26 2023, 1:16 PM
clang/include/clang/Basic/DiagnosticSemaKinds.td
11906

What do you think of specifying the variable name in these warnings? It could be helpful when there are more than one DREs in a statement.

ziqingluo-90 removed a child revision: D143628: [-Wunsafe-buffer-usage][PoC][WIP] Add #include <span> to emitted Fix-Its.May 5 2023, 11:33 AM
ziqingluo-90 added a child revision: D145739: [-Wunsafe-buffer-usage] Group variables associated by pointer assignments.
NoQ added inline comments.May 15 2023, 5:07 PM
clang/include/clang/Basic/DiagnosticSemaKinds.td
11906

These warnings are emitted only when we *cannot* identify the variable; either because it's not there at all, or we don't know how to find it. If we could figure out the variable, we'd be emitting warn_unsafe_buffer_variable instead. IIRC, in all of the provided test cases the operand isn't a DRE.

That said, I totally agree that it's a great idea to try a few other things to point out the specific subexpression, even if we don't connect the warning gadget to a variable. Say, we can try to blame MemberExprs or CallExprs the same way we blame DREs, and include their name in the warning. I'll try a few things real quick and see how bad it gets.

Note that these are also the things for which we may eventually start providing constructive solutions. Say, an unsafe operation on CallExpr can be a reason to autofix the callee to return a std::span. So hopefully these warnings will eventually be replaced by better warnings in more and more cases.

ziqingluo-90 accepted this revision.May 18 2023, 3:10 PM

LGTM, Thanks!

This revision is now accepted and ready to land.May 18 2023, 3:10 PM
NoQ added inline comments.May 19 2023, 1:02 PM
clang/include/clang/Basic/DiagnosticSemaKinds.td
11906

Wait nvm, the whole point of this patch is to warn when variable discovery is manually turned off! I'm an idiot, this absolutely deserves more effort.

NoQ updated this revision to Diff 552560.Aug 22 2023, 6:37 PM

Rebase.

Make warnings a bit more verbose than before. This plays nicely with our attempts to categorize unemitted fixits via -mllvm -debug-only=SafeBuffers, but this time it doesn't make sense to make the extra information debug-only; it makes perfect sense as part of the warning.

TODO: Some new code paths aren't covered by tests yet (captured variables, static member variables).

Harbormaster completed remote builds in B254231: Diff 552560.Aug 22 2023, 7:10 PM
NoQ added inline comments.Aug 23 2023, 5:30 PM
clang/test/SemaCXX/warn-unsafe-buffer-usage.cpp
256

I don't think this FIXME was correct. The code we're warning about isn't expanded from a template.

NoQ removed a parent revision: D146669: [-Wunsafe-buffer-usage] Hide fixits/suggestions behind an extra flag, -fsafe-buffer-usage-suggestions..Aug 23 2023, 5:31 PM
NoQ removed a child revision: D145739: [-Wunsafe-buffer-usage] Group variables associated by pointer assignments.
NoQ updated this revision to Diff 558179.Tue, Nov 28, 1:31 PM

Rebase. Add remaining tests.

I think this is ready to land now.

Harbormaster completed remote builds in B258132: Diff 558179.Tue, Nov 28, 5:07 PM

Revision Contents

Diff 552560

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 11,896 Lines▼ Show 20 Linesdef err_cast_from_randomized_struct : Error<
"casting from randomized structure pointer type %0 to %1">; "casting from randomized structure pointer type %0 to %1">;
// Unsafe buffer usage diagnostics. // Unsafe buffer usage diagnostics.
def warn_unsafe_buffer_variable : Warning< def warn_unsafe_buffer_variable : Warning<
"%0 is an %select{unsafe pointer used for buffer access|unsafe buffer that " "%0 is an %select{unsafe pointer used for buffer access|unsafe buffer that "
"does not perform bounds checks}1">, "does not perform bounds checks}1">,
InGroup<UnsafeBufferUsage>, DefaultIgnore; InGroup<UnsafeBufferUsage>, DefaultIgnore;
def warn_unsafe_buffer_operation : Warning< def warn_unsafe_buffer_operation : Warning<
"%select{unsafe pointer operation|unsafe pointer arithmetic|" "%select{"
"unsafe buffer access|function introduces unsafe buffer manipulation}0">, "unsafe buffer operation in|"
NoQAuthorUnsubmitted
Done
ReplyInline Actions

The first mode doesn't show up in any tests and it's probably dead code at this point.

NoQ: The first mode doesn't show up in any tests and it's probably dead code at this point.
malavikasamakUnsubmitted
Not Done
ReplyInline Actions

What do you think of specifying the variable name in these warnings? It could be helpful when there are more than one DREs in a statement.

malavikasamak: What do you think of specifying the variable name in these warnings? It could be helpful when…
NoQAuthorUnsubmitted
Done
ReplyInline Actions

These warnings are emitted only when we *cannot* identify the variable; either because it's not there at all, or we don't know how to find it. If we could figure out the variable, we'd be emitting warn_unsafe_buffer_variable instead. IIRC, in all of the provided test cases the operand isn't a DRE.

That said, I totally agree that it's a great idea to try a few other things to point out the specific subexpression, even if we don't connect the warning gadget to a variable. Say, we can try to blame MemberExprs or CallExprs the same way we blame DREs, and include their name in the warning. I'll try a few things real quick and see how bad it gets.

Note that these are also the things for which we may eventually start providing constructive solutions. Say, an unsafe operation on CallExpr can be a reason to autofix the callee to return a std::span. So hopefully these warnings will eventually be replaced by better warnings in more and more cases.

NoQ: These warnings are emitted only when we *cannot* identify the variable; either because it's not…
NoQAuthorUnsubmitted
Done
ReplyInline Actions

Wait nvm, the whole point of this patch is to warn when variable discovery is manually turned off! I'm an idiot, this absolutely deserves more effort.

NoQ: Wait nvm, the whole point of this patch is to warn when variable discovery is manually turned…
InGroup<UnsafeBufferUsage>, DefaultIgnore; "unsafe arithmetic over|"
"unsafe buffer access through|"
"unsafe buffer access into|"
"function call introduces unsafe buffer manipulation over"
"}0%select{"
"|" // Either not captured or unclear.
" captured"
"}1 %select{|raw pointer |raw array }2%select{"
"expression|"
"variable|"
"local variable|"
"parameter variable|"
"static local variable|"
"global variable|"
"member variable|"
"static member variable|"
"structured binding|"
"return value of function"
"}3%select{| %5}4">, InGroup<UnsafeBufferUsage>, DefaultIgnore;
def note_unsafe_buffer_operation : Note< def note_unsafe_buffer_operation : Note<
"used%select{| in pointer arithmetic| in buffer access}0 here">; "used%select{| in pointer arithmetic| in buffer access}0 here">;
def note_unsafe_buffer_variable_fixit_group : Note< def note_unsafe_buffer_variable_fixit_group : Note<
"change type of %0 to '%select{std::span|std::array|std::span::iterator}1' to preserve bounds information%select{|, and change %2 to '%select{std::span|std::array|std::span::iterator}1' to propagate bounds information between them}3">; "change type of %0 to '%select{std::span|std::array|std::span::iterator}1' to preserve bounds information%select{|, and change %2 to '%select{std::span|std::array|std::span::iterator}1' to propagate bounds information between them}3">;
def note_safe_buffer_usage_suggestions_disabled : Note< def note_safe_buffer_usage_suggestions_disabled : Note<
"pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions">; "pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions">;
#ifndef NDEBUG #ifndef NDEBUG
// Not a user-facing diagnostic. Useful for debugging false negatives in // Not a user-facing diagnostic. Useful for debugging false negatives in
▲ Show 20 LinesShow All 46 LinesShow Last 20 Lines

clang/lib/Sema/AnalysisBasedWarnings.cpp

Show First 20 LinesShow All 2,204 Lines▼ Show 20 Lines std::string listVariableGroupAsString(
for (unsigned I = 0; I < N; ++I) for (unsigned I = 0; I < N; ++I)
AllVars.append(PutInQuotes(VarNames[I]) + ", "); AllVars.append(PutInQuotes(VarNames[I]) + ", ");
AllVars.append(PutInQuotes(VarNames[N]) + ", and " + AllVars.append(PutInQuotes(VarNames[N]) + ", and " +
PutInQuotes(VarNames[N + 1])); PutInQuotes(VarNames[N + 1]));
return AllVars; return AllVars;
} }
public: // These enums map to diagnostic %select directives.
UnsafeBufferUsageReporter(Sema &S, bool SuggestSuggestions) enum class OperationKindTy: unsigned {
: S(S), SuggestSuggestions(SuggestSuggestions) {} AnyOperation = 0,
PointerArithmetic = 1,
BufferAccessThroughPointer = 2,
BufferAccessIntoArray = 3,
CallToUnsafeFunction = 4
};
void handleUnsafeOperation(const Stmt *Operation, enum class IsCapturedTy: unsigned {
bool IsRelatedToDecl) override { NoOrUnclear = 0,
Yes = 1
};
enum class LayoutKindTy: unsigned {
Unclear = 0,
Pointer = 1,
Array = 2,
};
enum class StorageKindTy: unsigned {
AnyExpression = 0,
AnyVariable = 1,
LocalVariable = 2,
ParameterVariable = 3,
StaticLocalVariable = 4,
GlobalVariable = 5,
MemberVariable = 6,
StaticMemberVariable = 7,
StructuredBinding = 8,
FunctionReturnValue = 9
};
struct OperandStorageWarningInfo {
IsCapturedTy IsCaptured;
StorageKindTy StorageKind;
const NamedDecl *Object;
};
struct OperandWarningInfo {
LayoutKindTy LayoutKind;
OperandStorageWarningInfo StorageInfo;
SourceLocation Loc; SourceLocation Loc;
SourceRange Range; SourceRange Range;
unsigned MsgParam = 0; };
struct OperationWarningInfo {
OperationKindTy OperationKind;
OperandWarningInfo OperandInfo;
};
StorageKindTy describeVariableStorageKind(const VarDecl *VD) {
if (VD->isLocalVarDecl())
return StorageKindTy::LocalVariable;
if (isa<ParmVarDecl>(VD))
return StorageKindTy::ParameterVariable;
if (VD->isStaticLocal())
return StorageKindTy::StaticLocalVariable;
if (VD->hasGlobalStorage())
return StorageKindTy::GlobalVariable;
// FIXME: Implement more cases?
// What about __block variables?
// Thread locals?
return StorageKindTy::AnyVariable;
}
OperandStorageWarningInfo dontDescribeOperandStorage() {
return {IsCapturedTy::NoOrUnclear /*unclear*/, StorageKindTy::AnyExpression,
nullptr /*no object declaration*/};
}
OperandStorageWarningInfo describeOperandStorage(const Expr *Operand) {
if (const auto *DRE = dyn_cast<DeclRefExpr>(Operand)) {
const ValueDecl *ObjD = DRE->getDecl();
IsCapturedTy IsCaptured = DRE->refersToEnclosingVariableOrCapture()
? IsCapturedTy::Yes
: IsCapturedTy::NoOrUnclear /*no*/;
if (const auto *VD = dyn_cast<VarDecl>(ObjD))
return {IsCaptured, describeVariableStorageKind(VD), VD};
if (const auto *BD = dyn_cast<BindingDecl>(ObjD))
return {IsCaptured, StorageKindTy::StructuredBinding, BD};
// FIXME: Are there other storage kinds that we don't support?
}
if (const auto *ME = dyn_cast<MemberExpr>(Operand)) {
const ValueDecl *MemberD = ME->getMemberDecl();
if (const auto *VD = dyn_cast<VarDecl>(MemberD)) {
assert(VD->isStaticDataMember() &&
"Non-static member VarDecl!");
return {IsCapturedTy::NoOrUnclear /*unclear (FIXME!)*/,
StorageKindTy::StaticMemberVariable, VD};
}
if (const auto *FD = dyn_cast<FieldDecl>(MemberD))
return {IsCapturedTy::NoOrUnclear /*unclear (FIXME!)*/,
StorageKindTy::MemberVariable, FD};
// FIXME: Documentation says that the other two cases are:
// * a CXXMethodDecl (producing pointer-to-member-method) and
// * an EnumConstantDecl (enum value).
// They probably can't appear here, make this an assert?
// Are we sure there aren't other cases?
}
if (const auto *CE = dyn_cast<CallExpr>(Operand)) {
const auto *ND = dyn_cast_or_null<NamedDecl>(CE->getCalleeDecl());
return {IsCapturedTy::NoOrUnclear /*no*/,
StorageKindTy::FunctionReturnValue, ND};
}
// Multi-dimensional case.
// FIXME: Say it out loud, and then explain if it's array of arrays or
// array of pointers etc.
if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operand)) {
return describeOperandStorage(ASE->getBase()->IgnoreParenImpCasts());
}
// Default behavior: say nothing.
return dontDescribeOperandStorage();
}
OperandWarningInfo dontDescribeOperand(const Stmt *Operation) {
return {
LayoutKindTy::Unclear,
dontDescribeOperandStorage(),
Operation->getBeginLoc(),
Operation->getSourceRange()
};
}
OperandWarningInfo describeOperand(const Expr *Operand) {
Operand = Operand->IgnoreParenImpCasts();
LayoutKindTy LayoutKind = Operand->getType()->isAnyPointerType()
? LayoutKindTy::Pointer
: LayoutKindTy::Array;
return {
LayoutKind,
describeOperandStorage(Operand),
Operand->getBeginLoc(),
Operand->getSourceRange()
};
}
OperationWarningInfo describeOperation(const Stmt *Operation) {
if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) { if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) {
Loc = ASE->getBase()->getExprLoc(); OperandWarningInfo OpI = describeOperand(ASE->getBase());
Range = ASE->getBase()->getSourceRange(); switch (OpI.LayoutKind) {
MsgParam = 2; case LayoutKindTy::Unclear:
} else if (const auto *BO = dyn_cast<BinaryOperator>(Operation)) { llvm_unreachable("Operand layout actively described as unclear!");
case LayoutKindTy::Pointer:
return {OperationKindTy::BufferAccessThroughPointer, OpI};
case LayoutKindTy::Array:
return {OperationKindTy::BufferAccessIntoArray, OpI};
}
}
if (const auto *BO = dyn_cast<BinaryOperator>(Operation)) {
BinaryOperator::Opcode Op = BO->getOpcode(); BinaryOperator::Opcode Op = BO->getOpcode();
if (Op == BO_Add || Op == BO_AddAssign || Op == BO_Sub || if (Op == BO_Add || Op == BO_AddAssign || Op == BO_Sub ||
Op == BO_SubAssign) { Op == BO_SubAssign) {
if (BO->getRHS()->getType()->isIntegerType()) { if (BO->getRHS()->getType()->isIntegerType()) {
Loc = BO->getLHS()->getExprLoc(); return {OperationKindTy::PointerArithmetic,
Range = BO->getLHS()->getSourceRange(); describeOperand(BO->getLHS())};
} else { } else {
Loc = BO->getRHS()->getExprLoc(); return {OperationKindTy::PointerArithmetic,
Range = BO->getRHS()->getSourceRange(); describeOperand(BO->getRHS())};
}
} }
MsgParam = 1;
} }
} else if (const auto *UO = dyn_cast<UnaryOperator>(Operation)) {
if (const auto *UO = dyn_cast<UnaryOperator>(Operation)) {
UnaryOperator::Opcode Op = UO->getOpcode(); UnaryOperator::Opcode Op = UO->getOpcode();
if (Op == UO_PreInc || Op == UO_PreDec || Op == UO_PostInc || if (Op == UO_PreInc || Op == UO_PreDec || Op == UO_PostInc ||
Op == UO_PostDec) { Op == UO_PostDec) {
Loc = UO->getSubExpr()->getExprLoc(); return {OperationKindTy::PointerArithmetic,
Range = UO->getSubExpr()->getSourceRange(); describeOperand(UO->getSubExpr())};
MsgParam = 1;
} }
} else { }
if (isa<CallExpr>(Operation)) { if (isa<CallExpr>(Operation)) {
// note_unsafe_buffer_operation doesn't have this mode yet. return {OperationKindTy::CallToUnsafeFunction,
assert(!IsRelatedToDecl && "Not implemented yet!"); dontDescribeOperand(Operation)};
MsgParam = 3;
} }
Loc = Operation->getBeginLoc();
Range = Operation->getSourceRange(); // Every time this is reached, it means we needed to do better above.
return {OperationKindTy::AnyOperation, dontDescribeOperand(Operation)};
} }
public:
UnsafeBufferUsageReporter(Sema &S, bool SuggestSuggestions)
: S(S), SuggestSuggestions(SuggestSuggestions) {}
void handleUnsafeOperation(const Stmt *Operation,
bool IsRelatedToDecl) override {
OperationWarningInfo Info = describeOperation(Operation);
if (IsRelatedToDecl) { if (IsRelatedToDecl) {
assert(!SuggestSuggestions && assert(!SuggestSuggestions &&
"Variables blamed for unsafe buffer usage without suggestions!"); "Variables blamed for unsafe buffer usage without suggestions!");
S.Diag(Loc, diag::note_unsafe_buffer_operation) << MsgParam << Range; assert(Info.OperationKind != OperationKindTy::CallToUnsafeFunction &&
"Not implemented yet!");
unsigned OperationKind;
switch (Info.OperationKind) {
case OperationKindTy::AnyOperation:
OperationKind = 0;
break;
case OperationKindTy::PointerArithmetic:
OperationKind = 1;
break;
case OperationKindTy::BufferAccessThroughPointer:
OperationKind = 2;
break;
case OperationKindTy::BufferAccessIntoArray:
OperationKind = 2; // We don't have a separate mode for this.
break;
case OperationKindTy::CallToUnsafeFunction:
llvm_unreachable("Not implemented yet!");
}
S.Diag(Info.OperandInfo.Loc, diag::note_unsafe_buffer_operation)
<< OperationKind << Info.OperandInfo.Range;
} else { } else {
S.Diag(Loc, diag::warn_unsafe_buffer_operation) << MsgParam << Range; // Introduce a scope so that the warning got emitted first.
{
auto D =
S.Diag(Info.OperandInfo.Loc, diag::warn_unsafe_buffer_operation);
D << (unsigned)Info.OperationKind
<< (unsigned)Info.OperandInfo.StorageInfo.IsCaptured
<< (unsigned)Info.OperandInfo.LayoutKind
<< (unsigned)Info.OperandInfo.StorageInfo.StorageKind;
if (Info.OperandInfo.StorageInfo.Object) {
D << 1 /*provide the object name*/
<< Info.OperandInfo.StorageInfo.Object;
} else {
D << 0 /*don't provide object name*/;
}
D << Info.OperandInfo.Range;
}
if (SuggestSuggestions) { if (SuggestSuggestions) {
S.Diag(Loc, diag::note_safe_buffer_usage_suggestions_disabled); S.Diag(Info.OperandInfo.Loc,
diag::note_safe_buffer_usage_suggestions_disabled);
} }
} }
} }
void handleUnsafeVariableGroup(const VarDecl *Variable, void handleUnsafeVariableGroup(const VarDecl *Variable,
const VariableGroupsManager &VarGrpMgr, const VariableGroupsManager &VarGrpMgr,
FixItList &&Fixes) override { FixItList &&Fixes) override {
assert(!SuggestSuggestions && assert(!SuggestSuggestions &&
▲ Show 20 LinesShow All 488 LinesShow Last 20 Lines

clang/test/SemaCXX/unsafe-buffer-usage-diag-type.cpp

Show First 20 LinesShow All 42 Lines▼ Show 20 Lines
namespace structField { namespace structField {
struct Struct1 { struct Struct1 {
int * ptr; // FIXME: per-declaration warning aggregated at the struct definition? int * ptr; // FIXME: per-declaration warning aggregated at the struct definition?
}; };
void testRefersPtrStructFieldDecl(int i) { void testRefersPtrStructFieldDecl(int i) {
Struct1 s1; Struct1 s1;
s1.ptr + i; // expected-warning{{unsafe pointer arithmetic}} s1.ptr + i; // expected-warning{{unsafe arithmetic over raw pointer member variable 'ptr'}}
s1.ptr[i]; // expected-warning{{unsafe buffer access}} s1.ptr[i]; // expected-warning{{unsafe buffer access}}
} }
struct Struct2 { struct Struct2 {
int array[10]; // FIXME: per-declaration warning aggregated at the struct definition? int array[10]; // FIXME: per-declaration warning aggregated at the struct definition?
}; };
void testRefersArrayStructFieldDecl(int i) { void testRefersArrayStructFieldDecl(int i) {
Struct2 s2; Struct2 s2;
s2.array[i/2]; // expected-warning{{unsafe buffer access}} s2.array[i/2]; // expected-warning{{unsafe buffer access}}
} }
} }
namespace structFieldFromMethod { namespace structFieldFromMethod {
struct Struct1 { struct Struct1 {
int * ptr; // FIXME: per-declaration warning aggregated at the struct definition int * ptr; // FIXME: per-declaration warning aggregated at the struct definition
void testRefersPtrStructFieldDecl(int i) { void testRefersPtrStructFieldDecl(int i) {
ptr + i; // expected-warning{{unsafe pointer arithmetic}} ptr + i; // expected-warning{{unsafe arithmetic over raw pointer member variable 'ptr'}}
ptr[i]; // expected-warning{{unsafe buffer access}} ptr[i]; // expected-warning{{unsafe buffer access}}
} }
}; };
struct Struct2 { struct Struct2 {
int array[10]; // FIXME: per-declaration warning aggregated at the struct definition int array[10]; // FIXME: per-declaration warning aggregated at the struct definition
void testRefersArrayStructFieldDecl(int i) { void testRefersArrayStructFieldDecl(int i) {
Show All 20 Lines
void testRefersArrayStructFieldDecl(int i) { void testRefersArrayStructFieldDecl(int i) {
Struct2::array[i/2]; // expected-note{{used in buffer access here}} Struct2::array[i/2]; // expected-note{{used in buffer access here}}
} }
} }
int * return_ptr(); int * return_ptr();
void testNoDeclRef(int i) { void testNoDeclRef(int i) {
return_ptr() + i; // expected-warning{{unsafe pointer arithmetic}} return_ptr() + i; // expected-warning{{unsafe arithmetic over raw pointer return value of function 'return_ptr'}}
return_ptr()[i]; // expected-warning{{unsafe buffer access}} return_ptr()[i]; // expected-warning{{unsafe buffer access}}
} }

clang/test/SemaCXX/warn-unsafe-buffer-usage-c-linkage.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fsafe-buffer-usage-suggestions -verify %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fsafe-buffer-usage-suggestions -verify %s
extern "C" { extern "C" {
void foo(int *ptr) { void foo(int *ptr) {
ptr[5] = 10; // expected-warning{{unsafe buffer access}} ptr[5] = 10; // expected-warning{{unsafe buffer access through raw pointer parameter variable 'ptr'}}
} }
void bar(int *ptr); void bar(int *ptr);
struct c_struct { struct c_struct {
char *name; char *name;
}; };
} }
void bar(int *ptr) { void bar(int *ptr) {
ptr[5] = 10; // expected-warning{{unsafe buffer access}} ptr[5] = 10; // expected-warning{{unsafe buffer access through raw pointer parameter variable 'ptr'}}
} }
void call_foo(int *p) { void call_foo(int *p) {
foo(p); foo(p);
struct c_struct str; struct c_struct str;
str.name[7] = 9; // expected-warning{{unsafe buffer access}} str.name[7] = 9; // expected-warning{{unsafe buffer access through raw pointer member variable 'name'}}
bar(p); bar(p);
} }

clang/test/SemaCXX/warn-unsafe-buffer-usage-debug.cpp

Show First 20 LinesShow All 89 Lines▼ Show 20 Lines
{ {
int *x; int *x;
}; };
S f() { return S{new int[4]}; } S f() { return S{new int[4]}; }
void test_struct_claim_use() { void test_struct_claim_use() {
auto [x] = f(); auto [x] = f();
x[6] = 8; // expected-warning{{unsafe buffer access}} x[6] = 8; // expected-warning{{unsafe buffer access through raw pointer structured binding 'x'}}
x++; // expected-warning{{unsafe pointer arithmetic}} x++; // expected-warning{{unsafe arithmetic over raw pointer structured binding 'x'}}
} }

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-parm-main.cpp

// RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage -fcxx-exceptions -fsafe-buffer-usage-suggestions -verify %s // RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage -fcxx-exceptions -fsafe-buffer-usage-suggestions -verify %s
// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fcxx-exceptions -fdiagnostics-parseable-fixits -fsafe-buffer-usage-suggestions %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fcxx-exceptions -fdiagnostics-parseable-fixits -fsafe-buffer-usage-suggestions %s 2>&1 | FileCheck %s
// We do not fix parameters of the `main` function // We do not fix parameters of the `main` function
// CHECK-NOT: fix-it: // CHECK-NOT: fix-it:
// main function // main function
int main(int argc, char *argv[]) { // expected-warning{{'argv' is an unsafe pointer used for buffer access}} int main(int argc, char *argv[]) { // expected-warning{{'argv' is an unsafe pointer used for buffer access}}
char tmp; char tmp;
tmp = argv[5][5]; // expected-note{{used in buffer access here}} \ tmp = argv[5][5]; // expected-note{{used in buffer access here}} \
expected-warning{{unsafe buffer access}} // expected-warning{{unsafe buffer access through raw pointer parameter variable 'argv'}}
} }

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-parm-unsupported.cpp

Show First 20 LinesShow All 107 Lines▼ Show 20 Lines try {
tmp = p[5]; // expected-note{{used in buffer access here}} tmp = p[5]; // expected-note{{used in buffer access here}}
} }
catch (int) { catch (int) {
*p = 0; *p = 0;
} }
// The following two unsupported cases are not specific to // The following two unsupported cases are not specific to
// parm-fixits. Adding them here in case they get forgotten. // parm-fixits. Adding them here in case they get forgotten.
void isArrayDecayToPointerUPC(int a[][10], int (*b)[10]) { void isArrayDecayToPointerUPC(int a[][10], int (*b)[10]) { // \
// expected-warning@-1{{'a' is an unsafe pointer used for buffer access}} // expected-warning{{'a' is an unsafe pointer used for buffer access}} \
// expected-warning@-2{{'b' is an unsafe pointer used for buffer access}} // expected-warning{{'b' is an unsafe pointer used for buffer access}}
int tmp; int tmp;
tmp = a[5][5] + b[5][5]; // expected-warning2{{unsafe buffer access}} expected-note2{{used in buffer access here}} tmp = a[5][5] + b[5][5]; // \
// expected-warning{{unsafe buffer access into raw array parameter variable 'a'}} \
// expected-warning{{unsafe buffer access into raw array parameter variable 'b'}} \
// expected-note2{{used in buffer access here}}
} }
// parameter having default values: // parameter having default values:
void parmWithDefaultValue(int * x = 0) { void parmWithDefaultValue(int * x = 0) {
// expected-warning@-1{{'x' is an unsafe pointer used for buffer access}} // expected-warning@-1{{'x' is an unsafe pointer used for buffer access}}
int tmp; int tmp;
tmp = x[5]; // expected-note{{used in buffer access here}} tmp = x[5]; // expected-note{{used in buffer access here}}
} }
Show All 22 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-function-attr.cpp

Show All 13 Lines
void overloading(char c[]); void overloading(char c[]);
void overloading(int* x, int size); void overloading(int* x, int size);
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
void deprecatedFunction4(int z); void deprecatedFunction4(int z);
void caller(int z, int* x, int size, char c[]) { void caller(int z, int* x, int size, char c[]) {
deprecatedFunction3(); // expected-warning{{function introduces unsafe buffer manipulation}} deprecatedFunction3(); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
deprecatedFunction4(z); // expected-warning{{function introduces unsafe buffer manipulation}} deprecatedFunction4(z); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
someFunction(); someFunction();
overloading(x); // expected-warning{{function introduces unsafe buffer manipulation}} overloading(x); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
overloading(x, size); overloading(x, size);
overloading(c); overloading(c);
} }
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
void overloading(char c[]); void overloading(char c[]);
// Test variadics // Test variadics
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
void testVariadics(int *ptr, ...); void testVariadics(int *ptr, ...);
template<typename T, typename... Args> template<typename T, typename... Args>
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
T adder(T first, Args... args); T adder(T first, Args... args);
template <typename T> template <typename T>
void foo(T t) {} void foo(T t) {}
template<> template<>
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
void foo<int *>(int *t) {} void foo<int *>(int *t) {}
void caller1(int *p, int *q) { void caller1(int *p, int *q) {
testVariadics(p, q); // expected-warning{{function introduces unsafe buffer manipulation}} testVariadics(p, q); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
adder(p, q); // expected-warning{{function introduces unsafe buffer manipulation}} adder(p, q); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
int x; int x;
foo(x); foo(x);
foo(&x); // expected-warning{{function introduces unsafe buffer manipulation}} foo(&x); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
} }
// Test virtual functions // Test virtual functions
class BaseClass { class BaseClass {
public: public:
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
virtual void func() {} virtual void func() {}
virtual void func1() {} virtual void func1() {}
}; };
class DerivedClass : public BaseClass { class DerivedClass : public BaseClass {
public: public:
void func() {} void func() {}
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
void func1() {} void func1() {}
}; };
void testInheritance() { void testInheritance() {
DerivedClass DC; DerivedClass DC;
DC.func(); DC.func();
DC.func1(); // expected-warning{{function introduces unsafe buffer manipulation}} DC.func1(); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
BaseClass *BC; BaseClass *BC;
BC->func(); // expected-warning{{function introduces unsafe buffer manipulation}} BC->func(); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
BC->func1(); BC->func1();
BC = &DC; BC = &DC;
BC->func(); // expected-warning{{function introduces unsafe buffer manipulation}} BC->func(); // expected-warning{{function call introduces unsafe buffer manipulation over expression}}
BC->func1(); BC->func1();
} }

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-warnings.cpp

Show First 20 LinesShow All 178 Lines▼ Show 20 Lines
} }
void foo_uuc() { void foo_uuc() {
int *ptr; int *ptr;
int *local; // expected-warning{{'local' is an unsafe pointer used for buffer access}} int *local; // expected-warning{{'local' is an unsafe pointer used for buffer access}}
local = ptr; local = ptr;
local++; // expected-note{{used in pointer arithmetic here}} local++; // expected-note{{used in pointer arithmetic here}}
(local = ptr) += 5; // expected-warning{{unsafe pointer arithmetic}} (local = ptr) += 5; // expected-warning{{unsafe arithmetic over raw pointer expression}}
} }
void check_rhs_fix() { void check_rhs_fix() {
int *r = new int[8]; // expected-warning{{'r' is an unsafe pointer used for buffer access}} // expected-note-re{{{{^change type of 'r' to 'std::span' to preserve bounds information, and change 'x' to 'std::span' to propagate bounds information between them$}}}} int *r = new int[8]; // expected-warning{{'r' is an unsafe pointer used for buffer access}} // expected-note-re{{{{^change type of 'r' to 'std::span' to preserve bounds information, and change 'x' to 'std::span' to propagate bounds information between them$}}}}
int *x; int *x;
r[7] = 9; // expected-note{{used in buffer access here}} r[7] = 9; // expected-note{{used in buffer access here}}
r = x; r = x;
} }
▲ Show 20 LinesShow All 150 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-suggestions-flag.cpp

Show First 20 LinesShow All 50 Lines▼ Show 20 Linesvoid foo(int *x) { // \
// FIXME: Better "OFF" warning? // FIXME: Better "OFF" warning?
x[5] = 10; // \ x[5] = 10; // \
// ON-note {{used in buffer access here}} \ // ON-note {{used in buffer access here}} \
// OFF-warning{{unsafe buffer access}} \ // OFF-warning{{unsafe buffer access}} \
// OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}} // OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}}
x += 5; // \ x += 5; // \
// ON-note {{used in pointer arithmetic here}} \ // ON-note {{used in pointer arithmetic here}} \
// OFF-warning{{unsafe pointer arithmetic}} \ // OFF-warning{{unsafe arithmetic over raw pointer parameter variable 'x'}} \
// OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}} // OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}}
bar(x); // \ bar(x); // \
// ON-warning{{function introduces unsafe buffer manipulation}} \ // ON-warning{{function call introduces unsafe buffer manipulation over expression}} \
// OFF-warning{{function introduces unsafe buffer manipulation}} \ // OFF-warning{{function call introduces unsafe buffer manipulation over expression}} \
// OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}} // OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}}
} }

clang/test/SemaCXX/warn-unsafe-buffer-usage.cpp

Show All 35 Lines
void * voidPtrCall(void); void * voidPtrCall(void);
char * charPtrCall(void); char * charPtrCall(void);
void testArraySubscripts(int *p, int **pp) { // expected-note{{change type of 'pp' to 'std::span' to preserve bounds information}} void testArraySubscripts(int *p, int **pp) { // expected-note{{change type of 'pp' to 'std::span' to preserve bounds information}}
// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}} // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
// expected-warning@-2{{'pp' is an unsafe pointer used for buffer access}} // expected-warning@-2{{'pp' is an unsafe pointer used for buffer access}}
foo(p[1], // expected-note{{used in buffer access here}} foo(p[1], // expected-note{{used in buffer access here}}
pp[1][1], // expected-note{{used in buffer access here}} pp[1][1], // expected-note{{used in buffer access here}}
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access through raw pointer parameter variable 'pp'}}
1[1[pp]], // expected-note{{used in buffer access here}} 1[1[pp]], // expected-note{{used in buffer access here}}
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access through raw pointer parameter variable 'pp'}}
1[pp][1] // expected-note{{used in buffer access here}} 1[pp][1] // expected-note{{used in buffer access here}}
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access through raw pointer parameter variable 'pp'}}
); );
if (p[3]) { // expected-note{{used in buffer access here}} if (p[3]) { // expected-note{{used in buffer access here}}
void * q = p; void * q = p;
foo(((int*)q)[10]); // expected-warning{{unsafe buffer access}} foo(((int*)q)[10]); // expected-warning{{unsafe buffer access through raw pointer expression}}
} }
foo(((int*)voidPtrCall())[3], // expected-warning{{unsafe buffer access}} foo(((int*)voidPtrCall())[3], // expected-warning{{unsafe buffer access through raw pointer expression}}
3[(int*)voidPtrCall()], // expected-warning{{unsafe buffer access}} 3[(int*)voidPtrCall()], // expected-warning{{unsafe buffer access through raw pointer expression}}
charPtrCall()[3], // expected-warning{{unsafe buffer access}} charPtrCall()[3], // expected-warning{{unsafe buffer access through raw pointer return value of function 'charPtrCall'}}
3[charPtrCall()] // expected-warning{{unsafe buffer access}} 3[charPtrCall()] // expected-warning{{unsafe buffer access through raw pointer return value of function 'charPtrCall'}}
); );
int a[10]; // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}} int a[10]; // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}
int b[10][10]; // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}} int b[10][10]; // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}}
foo(a[1], 1[a], // expected-note2{{used in buffer access here}} foo(a[1], 1[a], // expected-note2{{used in buffer access here}}
b[3][4], // expected-warning{{unsafe buffer access}} b[3][4], // expected-warning{{unsafe buffer access into raw array local variable 'b'}}
// expected-note@-1{{used in buffer access here}} // expected-note@-1{{used in buffer access here}}
4[b][3], // expected-warning{{unsafe buffer access}} 4[b][3], // expected-warning{{unsafe buffer access into raw array local variable 'b'}}
// expected-note@-1{{used in buffer access here}} // expected-note@-1{{used in buffer access here}}
4[3[b]]); // expected-warning{{unsafe buffer access}} 4[3[b]]); // expected-warning{{unsafe buffer access into raw array local variable 'b'}}
// expected-note@-1{{used in buffer access here}} // expected-note@-1{{used in buffer access here}}
// Not to warn when index is zero // Not to warn when index is zero
foo(p[0], pp[0][0], 0[0[pp]], 0[pp][0], foo(p[0], pp[0][0], 0[0[pp]], 0[pp][0],
((int*)voidPtrCall())[0], ((int*)voidPtrCall())[0],
0[(int*)voidPtrCall()], 0[(int*)voidPtrCall()],
charPtrCall()[0], charPtrCall()[0],
0[charPtrCall()] 0[charPtrCall()]
Show All 23 Linesvoid testQualifiedParameters(const int * p, const int * const q, const int a[10], const int b[10][10]) {
// expected-warning@-2{{'q' is an unsafe pointer used for buffer access}} // expected-warning@-2{{'q' is an unsafe pointer used for buffer access}}
// expected-warning@-3{{'a' is an unsafe pointer used for buffer access}} // expected-warning@-3{{'a' is an unsafe pointer used for buffer access}}
// expected-warning@-4{{'b' is an unsafe pointer used for buffer access}} // expected-warning@-4{{'b' is an unsafe pointer used for buffer access}}
foo(p[1], 1[p], p[-1], // expected-note3{{used in buffer access here}} foo(p[1], 1[p], p[-1], // expected-note3{{used in buffer access here}}
q[1], 1[q], q[-1], // expected-note3{{used in buffer access here}} q[1], 1[q], q[-1], // expected-note3{{used in buffer access here}}
a[1], // expected-note{{used in buffer access here}} `a` is of pointer type a[1], // expected-note{{used in buffer access here}} `a` is of pointer type
b[1][2] // expected-note{{used in buffer access here}} `b[1]` is of array type b[1][2] // expected-note{{used in buffer access here}} `b[1]` is of array type
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access into raw array parameter variable 'b'}}
); );
} }
struct T { struct T {
int a[10]; int a[10];
int * b; int * b;
struct { struct {
int a[10]; int a[10];
int * b; int * b;
} c; } c;
}; };
typedef struct T T_t; typedef struct T T_t;
T_t funRetT(); T_t funRetT();
T_t * funRetTStar(); T_t * funRetTStar();
void testStructMembers(struct T * sp, struct T s, T_t * sp2, T_t s2) { void testStructMembers(struct T * sp, struct T s, T_t * sp2, T_t s2) {
foo(sp->a[1], // expected-warning{{unsafe buffer access}} foo(sp->a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
sp->b[1], // expected-warning{{unsafe buffer access}} sp->b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b}}
sp->c.a[1], // expected-warning{{unsafe buffer access}} sp->c.a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
sp->c.b[1], // expected-warning{{unsafe buffer access}} sp->c.b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
s.a[1], // expected-warning{{unsafe buffer access}} s.a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
s.b[1], // expected-warning{{unsafe buffer access}} s.b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
s.c.a[1], // expected-warning{{unsafe buffer access}} s.c.a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
s.c.b[1], // expected-warning{{unsafe buffer access}} s.c.b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
sp2->a[1], // expected-warning{{unsafe buffer access}} sp2->a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
sp2->b[1], // expected-warning{{unsafe buffer access}} sp2->b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
sp2->c.a[1], // expected-warning{{unsafe buffer access}} sp2->c.a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
sp2->c.b[1], // expected-warning{{unsafe buffer access}} sp2->c.b[1], // expected-warning{{nsafe buffer access through raw pointer member variable 'b'}}
s2.a[1], // expected-warning{{unsafe buffer access}} s2.a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
s2.b[1], // expected-warning{{unsafe buffer access}} s2.b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
s2.c.a[1], // expected-warning{{unsafe buffer access}} s2.c.a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
s2.c.b[1], // expected-warning{{unsafe buffer access}} s2.c.b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
funRetT().a[1], // expected-warning{{unsafe buffer access}} funRetT().a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
funRetT().b[1], // expected-warning{{unsafe buffer access}} funRetT().b[1], // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
funRetTStar()->a[1], // expected-warning{{unsafe buffer access}} funRetTStar()->a[1], // expected-warning{{unsafe buffer access into raw array member variable 'a'}}
funRetTStar()->b[1] // expected-warning{{unsafe buffer access}} funRetTStar()->b[1] // expected-warning{{unsafe buffer access through raw pointer member variable 'b'}}
); );
} }
int garray[10]; // expected-warning{{'garray' is an unsafe buffer that does not perform bounds checks}} int garray[10]; // expected-warning{{'garray' is an unsafe buffer that does not perform bounds checks}}
int * gp = garray; // expected-warning{{'gp' is an unsafe pointer used for buffer access}} int * gp = garray; // expected-warning{{'gp' is an unsafe pointer used for buffer access}}
int gvar = gp[1]; // FIXME: file scope unsafe buffer access is not warned int gvar = gp[1]; // FIXME: file scope unsafe buffer access is not warned
void testLambdaCaptureAndGlobal(int * p) { void testLambdaCaptureAndGlobal(int * p) {
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines
} }
typedef T_t * T_ptr_t; typedef T_t * T_ptr_t;
void testTypedefs(T_ptr_t p) { void testTypedefs(T_ptr_t p) {
// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}} // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
foo(p[1], // expected-note{{used in buffer access here}} foo(p[1], // expected-note{{used in buffer access here}}
p[1].a[1], // expected-note{{used in buffer access here}} p[1].a[1], // expected-note{{used in buffer access here}}
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access into raw array member variable 'a'}}
p[1].b[1] // expected-note{{used in buffer access here}} p[1].b[1] // expected-note{{used in buffer access here}}
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access through raw pointer member variable 'b'}}
); );
} }
template<typename T, int N> T f(T t, T * pt, T a[N], T (&b)[N]) { template<typename T, int N> T f(T t, T * pt, T a[N], T (&b)[N]) {
// expected-warning@-1{{'t' is an unsafe pointer used for buffer access}} // expected-warning@-1{{'t' is an unsafe pointer used for buffer access}}
// expected-warning@-2{{'pt' is an unsafe pointer used for buffer access}} // expected-warning@-2{{'pt' is an unsafe pointer used for buffer access}}
// expected-warning@-3{{'a' is an unsafe pointer used for buffer access}} // expected-warning@-3{{'a' is an unsafe pointer used for buffer access}}
// expected-warning@-4{{'b' is an unsafe buffer that does not perform bounds checks}} // expected-warning@-4{{'b' is an unsafe buffer that does not perform bounds checks}}
Show All 10 Lines
template<typename T> template<typename T>
void testPointerArithmetic(int * p, const int **q, T * x) { void testPointerArithmetic(int * p, const int **q, T * x) {
// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}} // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
// expected-warning@-2{{'x' is an unsafe pointer used for buffer access}} // expected-warning@-2{{'x' is an unsafe pointer used for buffer access}}
int a[10]; int a[10];
auto y = &a[0]; // expected-warning{{'y' is an unsafe pointer used for buffer access}} auto y = &a[0]; // expected-warning{{'y' is an unsafe pointer used for buffer access}}
foo(p + 1, 1 + p, p - 1, // expected-note3{{used in pointer arithmetic here}} foo(p + 1, 1 + p, p - 1, // expected-note3{{used in pointer arithmetic here}}
*q + 1, 1 + *q, *q - 1, // expected-warning3{{unsafe pointer arithmetic}} *q + 1, 1 + *q, *q - 1, // expected-warning3{{unsafe arithmetic over raw pointer expression}}
x + 1, 1 + x, x - 1, // expected-note3{{used in pointer arithmetic here}} x + 1, 1 + x, x - 1, // expected-note3{{used in pointer arithmetic here}}
y + 1, 1 + y, y - 1, // expected-note3{{used in pointer arithmetic here}} y + 1, 1 + y, y - 1, // expected-note3{{used in pointer arithmetic here}}
getPtr() + 1, 1 + getPtr(), getPtr() - 1 // expected-warning3{{unsafe pointer arithmetic}} getPtr() + 1, 1 + getPtr(), getPtr() - 1 // expected-warning3{{unsafe arithmetic over raw pointer return value of function 'getPtr'}}
); );
p += 1; p -= 1; // expected-note2{{used in pointer arithmetic here}} p += 1; p -= 1; // expected-note2{{used in pointer arithmetic here}}
*q += 1; *q -= 1; // expected-warning2{{unsafe pointer arithmetic}} *q += 1; *q -= 1; // expected-warning2{{unsafe arithmetic over raw pointer expression}}
y += 1; y -= 1; // expected-note2{{used in pointer arithmetic here}} y += 1; y -= 1; // expected-note2{{used in pointer arithmetic here}}
x += 1; x -= 1; // expected-note2{{used in pointer arithmetic here}} x += 1; x -= 1; // expected-note2{{used in pointer arithmetic here}}
} }
void testTemplate(int * p) { void testTemplate(int * p) {
int *a[10]; int *a[10];
foo(f(p, &p, a, a)[1]); // expected-warning{{unsafe buffer access}} foo(f(p, &p, a, a)[1]); // expected-warning{{unsafe buffer access through raw pointer return value of function 'f<int *, 10>'}}
// FIXME: expected note@-1{{in instantiation of function template specialization 'f<int *, 10>' requested here}}
NoQAuthorUnsubmitted
Done
ReplyInline Actions

I don't think this FIXME was correct. The code we're warning about isn't expanded from a template.

NoQ: I don't think this FIXME was correct. The code we're warning about isn't expanded from a…
const int **q = const_cast<const int **>(&p); const int **q = const_cast<const int **>(&p);
testPointerArithmetic(p, q, p); //FIXME: expected note{{in instantiation of}} testPointerArithmetic(p, q, p);
} }
void testPointerToMember() { void testPointerToMember() {
struct S_t { struct S_t {
int x; int x;
int * y; int * y;
} S; } S;
int S_t::* p = &S_t::x; int S_t::* p = &S_t::x;
int * S_t::* q = &S_t::y; int * S_t::* q = &S_t::y;
foo(S.*p, foo(S.*p,
(S.*q)[1]); // expected-warning{{unsafe buffer access}} (S.*q)[1]); // expected-warning{{unsafe buffer access through raw pointer expression}}
} }
// test that nested callable definitions are scanned only once // test that nested callable definitions are scanned only once
void testNestedCallableDefinition(int * p) { void testNestedCallableDefinition(int * p) {
class A { class A {
void inner(int * p) { void inner(int * p) {
// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}} // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
p++; // expected-note{{used in pointer arithmetic here}} p++; // expected-note{{used in pointer arithmetic here}}
▲ Show 20 LinesShow All 75 Lines▼ Show 20 Lines
int testArrayAccesses(int n) { int testArrayAccesses(int n) {
// auto deduced array type // auto deduced array type
int cArr[2][3] = {{1, 2, 3}, {4, 5, 6}}; int cArr[2][3] = {{1, 2, 3}, {4, 5, 6}};
// expected-warning@-1{{'cArr' is an unsafe buffer that does not perform bounds checks}} // expected-warning@-1{{'cArr' is an unsafe buffer that does not perform bounds checks}}
int d = cArr[0][0]; int d = cArr[0][0];
foo(cArr[0][0]); foo(cArr[0][0]);
foo(cArr[1][2]); // expected-note{{used in buffer access here}} foo(cArr[1][2]); // expected-note{{used in buffer access here}}
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access into raw array local variable 'cArr'}}
auto cPtr = cArr[1][2]; // expected-note{{used in buffer access here}} auto cPtr = cArr[1][2]; // expected-note{{used in buffer access here}}
// expected-warning@-1{{unsafe buffer access}} // expected-warning@-1{{unsafe buffer access into raw array local variable 'cArr'}}
foo(cPtr); foo(cPtr);
// Typdefs // Typdefs
typedef int A[3]; typedef int A[3];
const A tArr = {4, 5, 6}; const A tArr = {4, 5, 6};
// expected-warning@-1{{'tArr' is an unsafe buffer that does not perform bounds checks}} // expected-warning@-1{{'tArr' is an unsafe buffer that does not perform bounds checks}}
foo(tArr[0], tArr[1]); // expected-note{{used in buffer access here}} foo(tArr[0], tArr[1]); // expected-note{{used in buffer access here}}
return cArr[0][1]; // expected-warning{{unsafe buffer access}} return cArr[0][1]; // expected-warning{{unsafe buffer access into raw array local variable 'cArr'}}
} }
void testArrayPtrArithmetic(int x[]) { // expected-warning{{'x' is an unsafe pointer used for buffer access}} void testArrayPtrArithmetic(int x[]) { // expected-warning{{'x' is an unsafe pointer used for buffer access}}
foo (x + 3); // expected-note{{used in pointer arithmetic here}} foo (x + 3); // expected-note{{used in pointer arithmetic here}}
int y[3] = {0, 1, 2}; // expected-warning{{'y' is an unsafe buffer that does not perform bounds checks}} int y[3] = {0, 1, 2}; // expected-warning{{'y' is an unsafe buffer that does not perform bounds checks}}
foo(y + 4); // expected-note{{used in pointer arithmetic here}} foo(y + 4); // expected-note{{used in pointer arithmetic here}}
} }
Show All 13 Lines