This is an archive of the discontinued LLVM Phabricator instance.

Differential D15030

[clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
ClosedPublic

Authored by mgehre on Nov 26 2015, 2:50 PM.

Details

Reviewers
aaron.ballman
alexfh
bkramer
sbenza
Commits
rG37f10a0c25b3: [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
rCTE255470: [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
rL255470: [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
Summary

This is http://reviews.llvm.org/D13746 but instead of including <array>,
a stub is provided.
This check flags all array subscriptions on static arrays and
std::arrays that either have a non-compile-time-constant index or are
out of bounds.

Dynamic accesses into arrays are difficult for both tools and humans to
validate as safe. array_view is a bounds-checked, safe type for
accessing arrays of data. at() is another alternative that ensures
single accesses are bounds-checked. If iterators are needed to access an
array, use the iterators from an array_view constructed over the array.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions

Diff Detail

Event Timeline

mgehre updated this revision to Diff 41274.Nov 26 2015, 2:50 PM
mgehre retitled this revision from to [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index.
mgehre updated this object.
mgehre added reviewers: alexfh, sbenza, bkramer, aaron.ballman.
mgehre added a subscriber: cfe-commits.
aaron.ballman added inline comments.Dec 4 2015, 9:19 AM
clang-tidy/cppcoreguidelines/ProBoundsConstantArrayIndexCheck.cpp
30

Why GslHeader but not IncludeStyle?

80

instead of "compile-time constant", we should use "integer constant expression".

90

Please do not use auto here, it is not obvious what type will be returned.

93

Can just use if (Insertion) instead.

108

"index %0 is negative" is shorter and should be obvious as to what the issue is.

113

Please do not use auto here either.

docs/clang-tidy/checks/cppcoreguidelines-pro-bounds-constant-array-index.rst
5

Instead of "array subscriptions" it should be "array subscript expressions". Can also change "non-compile-time constant" to "that either do not have a constant integer expression"

8

I'm not comfortable with directly copying the text from the C++ Core Guidelines into our own documentation. I don't believe their license allows this.

10

s/generated/generate

test/clang-tidy/cppcoreguidelines-pro-bounds-constant-array-index.cpp
2

We should have an additional test that does not have the GslHeader option set as well.

alexfh edited edge metadata.Dec 4 2015, 1:09 PM

Sorry for the delay. Missed this patch somehow. A couple of comments in addition to what Aaron wrote.

clang-tidy/cppcoreguidelines/ProBoundsConstantArrayIndexCheck.h
26

This can be const.

docs/clang-tidy/checks/cppcoreguidelines-pro-bounds-constant-array-index.rst
5

nit: I believe, .rst files should also have the 80 columns limit.

mgehre updated this revision to Diff 42338.Dec 9 2015, 2:09 PM
mgehre edited edge metadata.

Thanks for the comments!

alexfh added a comment.Dec 10 2015, 5:51 AM

One more nit. Leaving the rest to Aaron, since most of the comments were his.

clang-tidy/cppcoreguidelines/ProBoundsConstantArrayIndexCheck.h
25

GslHeader can be const as well.

aaron.ballman accepted this revision.Dec 10 2015, 11:44 AM
aaron.ballman edited edge metadata.

With the fix for Alex's last comment, LGTM!

This revision is now accepted and ready to land.Dec 10 2015, 11:44 AM
Closed by commit rL255470: [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index (authored by mgehre). · Explain WhyDec 13 2015, 2:11 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

Diff 42338

clang-tidy/cppcoreguidelines/CMakeLists.txt

set(LLVM_LINK_COMPONENTS support) set(LLVM_LINK_COMPONENTS support)
add_clang_library(clangTidyCppCoreGuidelinesModule add_clang_library(clangTidyCppCoreGuidelinesModule
CppCoreGuidelinesTidyModule.cpp CppCoreGuidelinesTidyModule.cpp
ProBoundsArrayToPointerDecayCheck.cpp ProBoundsArrayToPointerDecayCheck.cpp
ProBoundsConstantArrayIndexCheck.cpp
ProBoundsPointerArithmeticCheck.cpp ProBoundsPointerArithmeticCheck.cpp
ProTypeConstCastCheck.cpp ProTypeConstCastCheck.cpp
ProTypeCstyleCastCheck.cpp ProTypeCstyleCastCheck.cpp
ProTypeReinterpretCastCheck.cpp ProTypeReinterpretCastCheck.cpp
ProTypeStaticCastDowncastCheck.cpp ProTypeStaticCastDowncastCheck.cpp
ProTypeUnionAccessCheck.cpp ProTypeUnionAccessCheck.cpp
ProTypeVarargCheck.cpp ProTypeVarargCheck.cpp
Show All 10 Lines

clang-tidy/cppcoreguidelines/CppCoreGuidelinesTidyModule.cpp

//===--- CppCoreGuidelinesModule.cpp - clang-tidy -------------------------===// //===--- CppCoreGuidelinesModule.cpp - clang-tidy -------------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "../ClangTidy.h" #include "../ClangTidy.h"
#include "../ClangTidyModule.h" #include "../ClangTidyModule.h"
#include "../ClangTidyModuleRegistry.h" #include "../ClangTidyModuleRegistry.h"
#include "../misc/AssignOperatorSignatureCheck.h" #include "../misc/AssignOperatorSignatureCheck.h"
#include "ProBoundsArrayToPointerDecayCheck.h" #include "ProBoundsArrayToPointerDecayCheck.h"
#include "ProBoundsConstantArrayIndexCheck.h"
#include "ProBoundsPointerArithmeticCheck.h" #include "ProBoundsPointerArithmeticCheck.h"
#include "ProTypeConstCastCheck.h" #include "ProTypeConstCastCheck.h"
#include "ProTypeCstyleCastCheck.h" #include "ProTypeCstyleCastCheck.h"
#include "ProTypeReinterpretCastCheck.h" #include "ProTypeReinterpretCastCheck.h"
#include "ProTypeStaticCastDowncastCheck.h" #include "ProTypeStaticCastDowncastCheck.h"
#include "ProTypeUnionAccessCheck.h" #include "ProTypeUnionAccessCheck.h"
#include "ProTypeVarargCheck.h" #include "ProTypeVarargCheck.h"
namespace clang { namespace clang {
namespace tidy { namespace tidy {
namespace cppcoreguidelines { namespace cppcoreguidelines {
/// A module containing checks of the C++ Core Guidelines /// A module containing checks of the C++ Core Guidelines
class CppCoreGuidelinesModule : public ClangTidyModule { class CppCoreGuidelinesModule : public ClangTidyModule {
public: public:
void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override { void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
CheckFactories.registerCheck<ProBoundsArrayToPointerDecayCheck>( CheckFactories.registerCheck<ProBoundsArrayToPointerDecayCheck>(
"cppcoreguidelines-pro-bounds-array-to-pointer-decay"); "cppcoreguidelines-pro-bounds-array-to-pointer-decay");
CheckFactories.registerCheck<ProBoundsConstantArrayIndexCheck>(
"cppcoreguidelines-pro-bounds-constant-array-index");
CheckFactories.registerCheck<ProBoundsPointerArithmeticCheck>( CheckFactories.registerCheck<ProBoundsPointerArithmeticCheck>(
"cppcoreguidelines-pro-bounds-pointer-arithmetic"); "cppcoreguidelines-pro-bounds-pointer-arithmetic");
CheckFactories.registerCheck<ProTypeConstCastCheck>( CheckFactories.registerCheck<ProTypeConstCastCheck>(
"cppcoreguidelines-pro-type-const-cast"); "cppcoreguidelines-pro-type-const-cast");
CheckFactories.registerCheck<ProTypeCstyleCastCheck>( CheckFactories.registerCheck<ProTypeCstyleCastCheck>(
"cppcoreguidelines-pro-type-cstyle-cast"); "cppcoreguidelines-pro-type-cstyle-cast");
CheckFactories.registerCheck<ProTypeReinterpretCastCheck>( CheckFactories.registerCheck<ProTypeReinterpretCastCheck>(
"cppcoreguidelines-pro-type-reinterpret-cast"); "cppcoreguidelines-pro-type-reinterpret-cast");
Show All 23 Lines

clang-tidy/cppcoreguidelines/ProBoundsConstantArrayIndexCheck.h

  • This file was added.
//===--- ProBoundsConstantArrayIndexCheck.h - clang-tidy---------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CPPCOREGUIDELINES_PRO_BOUNDS_CONSTANT_ARRAY_INDEX_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CPPCOREGUIDELINES_PRO_BOUNDS_CONSTANT_ARRAY_INDEX_H
#include "../ClangTidy.h"
#include "../utils/IncludeInserter.h"
namespace clang {
namespace tidy {
/// This checks that all array subscriptions on static arrays and std::arrays
/// have a constant index and are within bounds
///
/// For the user-facing documentation see:
/// http://clang.llvm.org/extra/clang-tidy/checks/cppcoreguidelines-pro-bounds-constant-array-index.html
class ProBoundsConstantArrayIndexCheck : public ClangTidyCheck {
std::string GslHeader;
alexfhUnsubmitted
Not Done
ReplyInline Actions

GslHeader can be const as well.

alexfh: GslHeader can be const as well.
const IncludeSorter::IncludeStyle IncludeStyle;
alexfhUnsubmitted
Not Done
ReplyInline Actions

This can be const.

alexfh: This can be const.
std::unique_ptr<IncludeInserter> Inserter;
public:
ProBoundsConstantArrayIndexCheck(StringRef Name, ClangTidyContext *Context);
void registerPPCallbacks(CompilerInstance &Compiler) override;
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void storeOptions(ClangTidyOptions::OptionMap &Opts) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
};
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CPPCOREGUIDELINES_PRO_BOUNDS_CONSTANT_ARRAY_INDEX_H

clang-tidy/cppcoreguidelines/ProBoundsConstantArrayIndexCheck.cpp

  • This file was added.
//===--- ProBoundsConstantArrayIndexCheck.cpp - clang-tidy-----------------===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
#include "ProBoundsConstantArrayIndexCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include "clang/Frontend/CompilerInstance.h"
#include "clang/Lex/Preprocessor.h"
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
ProBoundsConstantArrayIndexCheck::ProBoundsConstantArrayIndexCheck(
StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context), GslHeader(Options.get("GslHeader", "")),
IncludeStyle(IncludeSorter::parseIncludeStyle(
Options.get("IncludeStyle", "llvm"))) {}
void ProBoundsConstantArrayIndexCheck::storeOptions(
ClangTidyOptions::OptionMap &Opts) {
Options.store(Opts, "GslHeader", GslHeader);
Options.store(Opts, "IncludeStyle", IncludeStyle);
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Why GslHeader but not IncludeStyle?

aaron.ballman: Why GslHeader but not IncludeStyle?
}
void ProBoundsConstantArrayIndexCheck::registerPPCallbacks(
CompilerInstance &Compiler) {
if (!getLangOpts().CPlusPlus)
return;
Inserter.reset(new IncludeInserter(Compiler.getSourceManager(),
Compiler.getLangOpts(), IncludeStyle));
Compiler.getPreprocessor().addPPCallbacks(Inserter->CreatePPCallbacks());
}
void ProBoundsConstantArrayIndexCheck::registerMatchers(MatchFinder *Finder) {
if (!getLangOpts().CPlusPlus)
return;
Finder->addMatcher(arraySubscriptExpr(hasBase(ignoringImpCasts(hasType(
constantArrayType().bind("type")))),
hasIndex(expr().bind("index")))
.bind("expr"),
this);
Finder->addMatcher(
cxxOperatorCallExpr(
hasOverloadedOperatorName("[]"),
hasArgument(
0, hasType(cxxRecordDecl(hasName("::std::array")).bind("type"))),
hasArgument(1, expr().bind("index")))
.bind("expr"),
this);
}
void ProBoundsConstantArrayIndexCheck::check(
const MatchFinder::MatchResult &Result) {
const auto *Matched = Result.Nodes.getNodeAs<Expr>("expr");
const auto *IndexExpr = Result.Nodes.getNodeAs<Expr>("index");
llvm::APSInt Index;
if (!IndexExpr->isIntegerConstantExpr(Index, *Result.Context, nullptr,
/*isEvaluated=*/true)) {
SourceRange BaseRange;
if (const auto *ArraySubscriptE = dyn_cast<ArraySubscriptExpr>(Matched))
BaseRange = ArraySubscriptE->getBase()->getSourceRange();
else
BaseRange =
dyn_cast<CXXOperatorCallExpr>(Matched)->getArg(0)->getSourceRange();
SourceRange IndexRange = IndexExpr->getSourceRange();
auto Diag = diag(Matched->getExprLoc(),
"do not use array subscript when the index is "
"not an integer constant expression; use gsl::at() "
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

instead of "compile-time constant", we should use "integer constant expression".

aaron.ballman: instead of "compile-time constant", we should use "integer constant expression".
"instead");
if (!GslHeader.empty()) {
Diag << FixItHint::CreateInsertion(BaseRange.getBegin(), "gsl::at(")
<< FixItHint::CreateReplacement(
SourceRange(BaseRange.getEnd().getLocWithOffset(1),
IndexRange.getBegin().getLocWithOffset(-1)),
", ")
<< FixItHint::CreateReplacement(Matched->getLocEnd(), ")");
Optional<FixItHint> Insertion = Inserter->CreateIncludeInsertion(
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Please do not use auto here, it is not obvious what type will be returned.

aaron.ballman: Please do not use auto here, it is not obvious what type will be returned.
Result.SourceManager->getMainFileID(), GslHeader,
/*IsAngled=*/false);
if (Insertion)
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Can just use if (Insertion) instead.

aaron.ballman: Can just use if (Insertion) instead.
Diag << Insertion.getValue();
}
return;
}
const auto *StdArrayDecl =
Result.Nodes.getNodeAs<ClassTemplateSpecializationDecl>("type");
// For static arrays, this is handled in clang-diagnostic-array-bounds.
if (!StdArrayDecl)
return;
if (Index.isSigned() && Index.isNegative()) {
diag(Matched->getExprLoc(),
"std::array<> index %0 is negative")
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

"index %0 is negative" is shorter and should be obvious as to what the issue is.

aaron.ballman: "index %0 is negative" is shorter and should be obvious as to what the issue is.
<< Index.toString(10);
return;
}
const TemplateArgumentList &TemplateArgs = StdArrayDecl->getTemplateArgs();
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Please do not use auto here either.

aaron.ballman: Please do not use auto here either.
if (TemplateArgs.size() < 2)
return;
// First template arg of std::array is the type, second arg is the size.
const auto &SizeArg = TemplateArgs[1];
if (SizeArg.getKind() != TemplateArgument::Integral)
return;
llvm::APInt ArraySize = SizeArg.getAsIntegral();
// Get uint64_t values, because different bitwidths would lead to an assertion
// in APInt::uge.
if (Index.getZExtValue() >= ArraySize.getZExtValue()) {
diag(Matched->getExprLoc(), "std::array<> index %0 is past the end of the array "
"(which contains %1 elements)")
<< Index.toString(10) << ArraySize.toString(10, false);
}
}
} // namespace tidy
} // namespace clang

docs/clang-tidy/checks/cppcoreguidelines-pro-bounds-constant-array-index.rst

  • This file was added.
cppcoreguidelines-pro-bounds-constant-array-index
=================================================
This check flags all array subscript expressions on static arrays and
std::arrays that either do not have a constant integer expression index or
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Instead of "array subscriptions" it should be "array subscript expressions". Can also change "non-compile-time constant" to "that either do not have a constant integer expression"

aaron.ballman: Instead of "array subscriptions" it should be "array subscript expressions". Can also change…
alexfhUnsubmitted
Not Done
ReplyInline Actions

nit: I believe, .rst files should also have the 80 columns limit.

alexfh: nit: I believe, .rst files should also have the 80 columns limit.
are out of bounds (for std::array). For out-of-bounds checking of static
arrays, see the clang-diagnostic-array-bounds check.
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

I'm not comfortable with directly copying the text from the C++ Core Guidelines into our own documentation. I don't believe their license allows this.

aaron.ballman: I'm not comfortable with directly copying the text from the C++ Core Guidelines into our own…
The check can generate fixes after the option
cppcoreguidelines-pro-bounds-constant-array-index.GslHeader has been
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

s/generated/generate

aaron.ballman: s/generated/generate
set to the name of the include file that contains gsl::at(), e.g. "gsl/gsl.h".
This rule is part of the "Bounds safety" profile of the C++ Core Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions.

docs/clang-tidy/checks/list.rst

List of clang-tidy Checks List of clang-tidy Checks
========================= =========================
.. toctree:: .. toctree::
cert-setlongjmp cert-setlongjmp
cert-static-object-exception cert-static-object-exception
cert-thrown-exception-type cert-thrown-exception-type
cert-variadic-function-def cert-variadic-function-def
cppcoreguidelines-pro-bounds-array-to-pointer-decay cppcoreguidelines-pro-bounds-array-to-pointer-decay
cppcoreguidelines-pro-bounds-constant-array-index
cppcoreguidelines-pro-bounds-pointer-arithmetic cppcoreguidelines-pro-bounds-pointer-arithmetic
cppcoreguidelines-pro-type-const-cast cppcoreguidelines-pro-type-const-cast
cppcoreguidelines-pro-type-cstyle-cast cppcoreguidelines-pro-type-cstyle-cast
cppcoreguidelines-pro-type-reinterpret-cast cppcoreguidelines-pro-type-reinterpret-cast
cppcoreguidelines-pro-type-static-cast-downcast cppcoreguidelines-pro-type-static-cast-downcast
cppcoreguidelines-pro-type-union-access cppcoreguidelines-pro-type-union-access
cppcoreguidelines-pro-type-vararg cppcoreguidelines-pro-type-vararg
google-build-explicit-make-pair google-build-explicit-make-pair
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines

test/clang-tidy/cppcoreguidelines-pro-bounds-constant-array-index-gslheader.cpp

  • This file was added.
// RUN: %check_clang_tidy %s cppcoreguidelines-pro-bounds-constant-array-index %t -- -config='{CheckOptions: [{key: cppcoreguidelines-pro-bounds-constant-array-index.GslHeader, value: "dir1/gslheader.h"}]}' -- -std=c++11
// CHECK-FIXES: #include "dir1/gslheader.h"
typedef unsigned int size_t;
namespace std {
template<typename T, size_t N>
struct array {
T& operator[](size_t n);
T& at(size_t n);
};
}
namespace gsl {
template<class T, size_t N>
T& at( T(&a)[N], size_t index );
template<class T, size_t N>
T& at( std::array<T, N> &a, size_t index );
}
constexpr int const_index(int base) {
return base + 3;
}
void f(std::array<int, 10> a, int pos) {
a [ pos / 2 /*comment*/] = 1;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: do not use array subscript when the index is not an integer constant expression; use gsl::at() instead [cppcoreguidelines-pro-bounds-constant-array-index]
// CHECK-FIXES: gsl::at(a, pos / 2 /*comment*/) = 1;
int j = a[pos - 1];
// CHECK-MESSAGES: :[[@LINE-1]]:11: warning: do not use array subscript when the index is not an integer constant expression; use gsl::at() instead
// CHECK-FIXES: int j = gsl::at(a, pos - 1);
a.at(pos-1) = 2; // OK, at() instead of []
gsl::at(a, pos-1) = 2; // OK, gsl::at() instead of []
a[-1] = 3;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: std::array<> index -1 is negative [cppcoreguidelines-pro-bounds-constant-array-index]
a[10] = 4;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: std::array<> index 10 is past the end of the array (which contains 10 elements) [cppcoreguidelines-pro-bounds-constant-array-index]
a[const_index(7)] = 3;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: std::array<> index 10 is past the end of the array (which contains 10 elements)
a[0] = 3; // OK, constant index and inside bounds
a[1] = 3; // OK, constant index and inside bounds
a[9] = 3; // OK, constant index and inside bounds
a[const_index(6)] = 3; // OK, constant index and inside bounds
}
void g() {
int a[10];
for (int i = 0; i < 10; ++i) {
a[i] = i;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: do not use array subscript when the index is not an integer constant expression; use gsl::at() instead
// CHECK-FIXES: gsl::at(a, i) = i;
gsl::at(a, i) = i; // OK, gsl::at() instead of []
}
a[-1] = 3; // flagged by clang-diagnostic-array-bounds
a[10] = 4; // flagged by clang-diagnostic-array-bounds
a[const_index(7)] = 3; // flagged by clang-diagnostic-array-bounds
a[0] = 3; // OK, constant index and inside bounds
a[1] = 3; // OK, constant index and inside bounds
a[9] = 3; // OK, constant index and inside bounds
a[const_index(6)] = 3; // OK, constant index and inside bounds
}
struct S {
int& operator[](int i);
};
void customOperator() {
S s;
int i = 0;
s[i] = 3; // OK, custom operator
}

test/clang-tidy/cppcoreguidelines-pro-bounds-constant-array-index.cpp

  • This file was added.
// RUN: %check_clang_tidy %s cppcoreguidelines-pro-bounds-constant-array-index %t
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

We should have an additional test that does not have the GslHeader option set as well.

aaron.ballman: We should have an additional test that does not have the GslHeader option set as well.
typedef unsigned int size_t;
namespace std {
template<typename T, size_t N>
struct array {
T& operator[](size_t n);
T& at(size_t n);
};
}
namespace gsl {
template<class T, size_t N>
T& at( T(&a)[N], size_t index );
template<class T, size_t N>
T& at( std::array<T, N> &a, size_t index );
}
constexpr int const_index(int base) {
return base + 3;
}
void f(std::array<int, 10> a, int pos) {
a [ pos / 2 /*comment*/] = 1;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: do not use array subscript when the index is not an integer constant expression; use gsl::at() instead [cppcoreguidelines-pro-bounds-constant-array-index]
int j = a[pos - 1];
// CHECK-MESSAGES: :[[@LINE-1]]:11: warning: do not use array subscript when the index is not an integer constant expression; use gsl::at() instead
a.at(pos-1) = 2; // OK, at() instead of []
gsl::at(a, pos-1) = 2; // OK, gsl::at() instead of []
a[-1] = 3;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: std::array<> index -1 is negative [cppcoreguidelines-pro-bounds-constant-array-index]
a[10] = 4;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: std::array<> index 10 is past the end of the array (which contains 10 elements) [cppcoreguidelines-pro-bounds-constant-array-index]
a[const_index(7)] = 3;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: std::array<> index 10 is past the end of the array (which contains 10 elements)
a[0] = 3; // OK, constant index and inside bounds
a[1] = 3; // OK, constant index and inside bounds
a[9] = 3; // OK, constant index and inside bounds
a[const_index(6)] = 3; // OK, constant index and inside bounds
}
void g() {
int a[10];
for (int i = 0; i < 10; ++i) {
a[i] = i;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: do not use array subscript when the index is not an integer constant expression; use gsl::at() instead
// CHECK-FIXES: gsl::at(a, i) = i;
gsl::at(a, i) = i; // OK, gsl::at() instead of []
}
a[-1] = 3; // flagged by clang-diagnostic-array-bounds
a[10] = 4; // flagged by clang-diagnostic-array-bounds
a[const_index(7)] = 3; // flagged by clang-diagnostic-array-bounds
a[0] = 3; // OK, constant index and inside bounds
a[1] = 3; // OK, constant index and inside bounds
a[9] = 3; // OK, constant index and inside bounds
a[const_index(6)] = 3; // OK, constant index and inside bounds
}
struct S {
int& operator[](int i);
};
void customOperator() {
S s;
int i = 0;
s[i] = 3; // OK, custom operator
}