This is an archive of the discontinued LLVM Phabricator instance.

Differential D87683

[clang-tidy] Crash fix for bugprone-misplaced-pointer-arithmetic-in-alloc
ClosedPublic

Authored by baloghadamsoftware on Sep 15 2020, 4:06 AM.

Details

Reviewers
gribozavr2
aaron.ballman
alexfh
hokein
njames93
Commits
rG779a2a2edcea: [clang-tidy] Crash fix for bugprone-misplaced-pointer-arithmetic-in-alloc
Summary

Placement new operators on non-object types cause crash in bugprone-misplaced-pointer-arithmetic-in-alloc. This patch fixes this issue.

Diff Detail

Event Timeline

baloghadamsoftware created this revision.Sep 15 2020, 4:06 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 15 2020, 4:06 AM
Herald added subscribers: martong, steakhal, gamesh411 and 5 others. · View Herald Transcript
baloghadamsoftware requested review of this revision.Sep 15 2020, 4:06 AM
Harbormaster completed remote builds in B71714: Diff 291862.Sep 15 2020, 4:38 AM
aaron.ballman accepted this revision.Sep 15 2020, 5:16 AM

LGTM!

This revision is now accepted and ready to land.Sep 15 2020, 5:16 AM
Eugene.Zelenko added reviewers: alexfh, hokein, njames93.Sep 15 2020, 7:10 AM
njames93 added a comment.Sep 15 2020, 9:27 AM

Please fix the test case first, can't call operator new(unsigned long, void*) with an argument of type void*
The other failures the pre merge bot detected can safely be disregarded

baloghadamsoftware added a comment.Sep 15 2020, 10:03 AM
In D87683#2274569, @njames93 wrote:

Please fix the test case first, can't call operator new(unsigned long, void*) with an argument of type void*
The other failures the pre merge bot detected can safely be disregarded

Placement new is defined per standard:

void* operator new  ( std::size_t count, void* ptr );

Here, the problem is that size_t is unsigned long on Linux and it seems that it is unsigned long long on Windows. How should I overcome this?

martong added a comment.Sep 15 2020, 11:30 AM
In D87683#2274663, @baloghadamsoftware wrote:
In D87683#2274569, @njames93 wrote:

Please fix the test case first, can't call operator new(unsigned long, void*) with an argument of type void*
The other failures the pre merge bot detected can safely be disregarded

Placement new is defined per standard:

void* operator new  ( std::size_t count, void* ptr );

Here, the problem is that size_t is unsigned long on Linux and it seems that it is unsigned long long on Windows. How should I overcome this?

In CSA, to overcome the platform problem, it is common to add a target triple for the RUN line:
https://github.com/llvm/llvm-project/blob/master/clang/test/Analysis/std-c-library-functions.c#L14

gribozavr2 added a comment.Sep 15 2020, 11:33 AM
In D87683#2274883, @martong wrote:
In D87683#2274663, @baloghadamsoftware wrote:
In D87683#2274569, @njames93 wrote:

Please fix the test case first, can't call operator new(unsigned long, void*) with an argument of type void*
The other failures the pre merge bot detected can safely be disregarded

Placement new is defined per standard:

void* operator new  ( std::size_t count, void* ptr );

Here, the problem is that size_t is unsigned long on Linux and it seems that it is unsigned long long on Windows. How should I overcome this?

In CSA, to overcome the platform problem, it is common to add a target triple for the RUN line:
https://github.com/llvm/llvm-project/blob/master/clang/test/Analysis/std-c-library-functions.c#L14

Please make the tests generic if possible:

typedef decltype(sizeof(void*)) size_t;
baloghadamsoftware updated this revision to Diff 292151.Sep 16 2020, 2:17 AM

std::size_t defined correctly in the tests.

Closed by commit rG779a2a2edcea: [clang-tidy] Crash fix for bugprone-misplaced-pointer-arithmetic-in-alloc (authored by baloghadamsoftware). · Explain WhySep 16 2020, 4:28 AM
This revision was automatically updated to reflect the committed changes.
baloghadamsoftware added a commit: rG779a2a2edcea: [clang-tidy] Crash fix for bugprone-misplaced-pointer-arithmetic-in-alloc.

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
bugprone/
6 lines
test/
clang-tidy/
checkers/
11 lines

Diff 292183

clang-tools-extra/clang-tidy/bugprone/MisplacedPointerArithmeticInAllocCheck.cpp

Show First 20 LinesShow All 71 Lines▼ Show 20 Lines if (const auto *Call = dyn_cast<CallExpr>(AllocExpr)) {
} }
CallName = Func->getName().str(); CallName = Func->getName().str();
} else { } else {
const auto *New = cast<CXXNewExpr>(AllocExpr); const auto *New = cast<CXXNewExpr>(AllocExpr);
if (New->isArray()) { if (New->isArray()) {
CallName = "operator new[]"; CallName = "operator new[]";
} else { } else {
const auto *CtrE = New->getConstructExpr(); const auto *CtrE = New->getConstructExpr();
if (!CtrE->getArg(CtrE->getNumArgs() - 1) if (!CtrE || !CtrE->getArg(CtrE->getNumArgs() - 1)
->getType() ->getType()
->isIntegralOrEnumerationType()) ->isIntegralOrEnumerationType())
return; return;
CallName = "operator new"; CallName = "operator new";
} }
} }
const SourceRange OldRParen = SourceRange(PtrArith->getLHS()->getEndLoc()); const SourceRange OldRParen = SourceRange(PtrArith->getLHS()->getEndLoc());
const StringRef RParen = const StringRef RParen =
Lexer::getSourceText(CharSourceRange::getTokenRange(OldRParen), Lexer::getSourceText(CharSourceRange::getTokenRange(OldRParen),
Show All 14 Lines

clang-tools-extra/test/clang-tidy/checkers/bugprone-misplaced-pointer-arithmetic-in-alloc.cpp

Show First 20 LinesShow All 45 Lines▼ Show 20 Linesvoid bad_new_array(int n, int m) {
// CHECK-MESSAGES: :[[@LINE-1]]:7: warning: arithmetic operation is applied to the result of operator new[]() instead of its size-like argument // CHECK-MESSAGES: :[[@LINE-1]]:7: warning: arithmetic operation is applied to the result of operator new[]() instead of its size-like argument
// CHECK-FIXES: p = new char[n - (m + 10)]; // CHECK-FIXES: p = new char[n - (m + 10)];
p = new char[n] - m + 10; p = new char[n] - m + 10;
// CHECK-MESSAGES: :[[@LINE-1]]:7: warning: arithmetic operation is applied to the result of operator new[]() instead of its size-like argument // CHECK-MESSAGES: :[[@LINE-1]]:7: warning: arithmetic operation is applied to the result of operator new[]() instead of its size-like argument
// CHECK-FIXES: p = new char[n - m] + 10; // CHECK-FIXES: p = new char[n - m] + 10;
// FIXME: should be p = new char[n - m + 10]; // FIXME: should be p = new char[n - m + 10];
} }
namespace std {
typedef decltype(sizeof(void*)) size_t;
}
void* operator new(std::size_t, void*);
void placement_new_ptr(void *buf, C *old) {
C **p = new (buf) C*(old) + 1;
// CHECK-MESSAGES-NOT: :[[@LINE-1]]:11: warning: arithmetic operation is applied to the result of operator new() instead of its size-like argument
}