This is an archive of the discontinued LLVM Phabricator instance.

Differential D135920

[clang][Sema] Use correct array size for diagnostic
ClosedPublic

Authored by void on Oct 13 2022, 2:30 PM.

Details

Reviewers
kees
serge-sans-paille
rsmith
efriedma
shafik
aaron.ballman
Commits
rGb76219b59020: [clang][Sema] Use correct array size for diagnostic
Summary

The diagnostic was confusing and reporting that an array contains far
more elements than it is defined to have, due to casting.

For example, this code:

double foo[4096];
((char*)foo)[sizeof(foo)];

warns that the "index 32768 is past the end of the array (which contains
32768 elements)."

Diff Detail

Event Timeline

void created this revision.Oct 13 2022, 2:30 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 13 2022, 2:30 PM
void requested review of this revision.Oct 13 2022, 2:30 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 13 2022, 2:30 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
void mentioned this in D135727: [clang] Correct sanitizer behavior in union FAMs.Oct 13 2022, 2:41 PM
Harbormaster completed remote builds in B192061: Diff 467607.Oct 13 2022, 3:12 PM
shafik added a subscriber: shafik.Oct 13 2022, 3:49 PM

Thank you for this fix, I have some comments.

clang/lib/Sema/SemaChecking.cpp
16074

index is also wrong as you can see from the diagnostic below array index 32768 is past.

I think what you want is index.getNumWords() and size.getNumWords().

16076

It is not clear what this is for.

If we look at warn_array_index_exceeds_bounds in DiagnosticSemaKinds.td we can see that element%s2 which I believe is a typo and means that this argument is lost.

void added inline comments.Oct 13 2022, 4:04 PM
clang/lib/Sema/SemaChecking.cpp
16074

I'm not so sure about the index part. The sizeof(foo) bit is 32768, so that part of the diagnostic is technically correct. (The best kind of correct! :-)

As for getNumWords(), won't that just default to the size of the array in int's?

16076

I think it's to (somehow) specify whether or not to add an s to the end of element...but I'm not 100% sure.

kees added inline comments.Oct 13 2022, 7:54 PM
clang/test/Sema/array-bounds-ptr-arith.c
13–14

Can this be changed to 8 from 80 to make sure it is also doing the math right on the check and not just the warning text?

void updated this revision to Diff 467941.Oct 14 2022, 3:12 PM

Update test to use a smaller index.

void marked an inline comment as done.Oct 14 2022, 3:12 PM
Harbormaster completed remote builds in B192289: Diff 467941.Oct 14 2022, 4:25 PM
serge-sans-paille added inline comments.Oct 17 2022, 11:45 AM
clang/test/SemaCXX/array-bounds.cpp
240

I find this new message quite confusing, because the array index is given in terms of char elements, while the array size is given in terms of double elements. I actually find the original message more consistent to that respect.

kees added inline comments.Oct 17 2022, 12:35 PM
clang/test/SemaCXX/array-bounds.cpp
240

Perhaps show both element count and byte offset?

array index $count is $(bytes - end_of_array_in_bytes) past the end of the array (which contains $end_of_array_in_bytes bytes of $array_max_index elements)

serge-sans-paille added inline comments.Oct 17 2022, 1:54 PM
clang/test/SemaCXX/array-bounds.cpp
240

if we have no cast, I find the version without the patch just fine.

If we have a cast, I suggest we just express the result in bytes, something along those lines (inspired by your suggestion):

array index $count is $(bytes - end_of_array_in_bytes) bytes past the end of the allocated memory for that array (which contains $end_of_array_in_bytes bytes)
void added inline comments.Oct 17 2022, 3:23 PM
clang/test/SemaCXX/array-bounds.cpp
240

I so far have this. It looks not too bad even for the non-cast. Thoughts?

$ cat ab.c
void test_pr10771() {
    double foo[4096];  // expected-note {{array 'foo' declared here}}

    ((char*)foo)[sizeof(foo)] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
    foo[4098] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
}
$ clang++ -x c++ -o /dev/null -S -std=c++14 ~/llvm/ab.c
/home/morbo/llvm/ab.c:4:13: warning: array index 32768 is 0 bytes past the end of the array (that has type 'double[4096]') [-Warray-bounds]
    ((char*)foo)[sizeof(foo)] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
            ^    ~~~~~~~~~~~
/home/morbo/llvm/ab.c:2:5: note: array 'foo' declared here
    double foo[4096];  // expected-note {{array 'foo' declared here}}
    ^
/home/morbo/llvm/ab.c:5:5: warning: array index 4098 is 16 bytes past the end of the array (that has type 'double[4096]') [-Warray-bounds]
    foo[4098] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
    ^   ~~~~
/home/morbo/llvm/ab.c:2:5: note: array 'foo' declared here
    double foo[4096];  // expected-note {{array 'foo' declared here}}
    ^
2 warnings generated.
void updated this revision to Diff 468353.Oct 17 2022, 3:55 PM

Improve the error message to include how many bytes the index goes over

warning: the pointer incremented by 14 refers 1 byte past the end of the array (that has type 'const char[13]')
void updated this revision to Diff 468355.Oct 17 2022, 4:04 PM

Update more testcases.

void added a comment.Oct 17 2022, 4:09 PM

The messages that's a bit annoying are the ones reporting "0 bytes past the end of the array":

warning: array index 2 is 0 bytes past the end of the array (that has type 'int[2]')

I'm not sure what to do with these (except to leave them alone).

void updated this revision to Diff 468356.Oct 17 2022, 4:13 PM

Fix rogue test.

Harbormaster completed remote builds in B192608: Diff 468356.Oct 17 2022, 4:44 PM
shafik requested changes to this revision.Oct 17 2022, 5:01 PM

The current approach of mixing bytes and indices in the same diagnostic is too confusing. I think we see some acceptable messages for out of bounds access by looking at three different implementations diagnostic for OOB access in a constant expression context:

int main() {
    constexpr int arr[1]{};
    constexpr int x = arr[3];
}

We have clang which produces:

<source>:3:23: note: cannot refer to element 3 of array of 1 element in a constant expression
    constexpr int x = arr[3];
                      ^

gcc produces:

<source>:3:28: error: array subscript value '3' is outside the bounds of array 'arr' of type 'const int [1]'
    3 |     constexpr int x = arr[3];
      |                       ~~~~~^

and MSVC produces:

<source>(3): note: failure was caused by out of range index 3; allowed range is 0 <= index < 1

I think any approach similar to this would be acceptable.

This revision now requires changes to proceed.Oct 17 2022, 5:01 PM
dblaikie added a subscriber: dblaikie.Oct 17 2022, 5:15 PM
void added a comment.Oct 18 2022, 12:07 AM
In D135920#3863648, @shafik wrote:

The current approach of mixing bytes and indices in the same diagnostic is too confusing.

"Current" approach?

I think we see some acceptable messages for out of bounds access by looking at three different implementations diagnostic for OOB access in a constant expression context:

int main() {
    constexpr int arr[1]{};
    constexpr int x = arr[3];
}

We have clang which produces:

<source>:3:23: note: cannot refer to element 3 of array of 1 element in a constant expression
    constexpr int x = arr[3];
                      ^

gcc produces:

<source>:3:28: error: array subscript value '3' is outside the bounds of array 'arr' of type 'const int [1]'
    3 |     constexpr int x = arr[3];
      |                       ~~~~~^

and MSVC produces:

<source>(3): note: failure was caused by out of range index 3; allowed range is 0 <= index < 1

I think any approach similar to this would be acceptable.

The issue is when we get strange mixtures of byte indexes with non-byte arrays. The situations we're dealing with is this one:

void test() {
  double foo[4096];

  ((char*)foo)[sizeof(foo)] = '\0';
}

What's generated by ToT is a diagnostic saying that the index (in bytes) is past the array size (also in bytes):

array index 32768 is past the end of the array (which contains 32768 elements)

So there's a disconnect between the original size of the array (which is in doubles) and the array size being reported (which is in bytes). It seems that no matter what it's not going to be easy to give anything but "mixed" information (bytes and indices) to the user to ensure that we've fully described the issue at hand.

aaron.ballman added a subscriber: aaron.ballman.Oct 18 2022, 5:58 AM
aaron.ballman added inline comments.
clang/test/SemaCXX/array-bounds.cpp
240

The part I struggle with is the "is 0 bytes past the end of the array" -- that reads as if it's not past the end of the array at all because it's saying "You've accessed right up to the end of the array; congratulations on your very careful use!".

void added inline comments.Oct 18 2022, 1:55 PM
clang/test/SemaCXX/array-bounds.cpp
240

Okay. How about this then?

Typical diagnostic:

  warning: array index %{index} is past the end of the array (that has type %{type})

Diagnostic if the array is cast to something else:

  warning: array index %{index} is past the end of the array (that has type %{type}, cast to ${cast_type})
void updated this revision to Diff 468728.Oct 18 2022, 3:59 PM

Update the error message to remove the reference to bytes, which can be confusing.

Harbormaster completed remote builds in B192867: Diff 468728.Oct 18 2022, 4:57 PM
serge-sans-paille accepted this revision.Oct 18 2022, 10:22 PM

I really like the new message, thanks for taking account the diverging reviews!

aaron.ballman accepted this revision.Oct 19 2022, 5:52 AM

LGTM, I think the new diagnostic wording is an improvement. Can you please add a release note to mention the diagnostic wording was patched up?

void added a comment.Oct 19 2022, 12:01 PM
In D135920#3868170, @aaron.ballman wrote:

Can you please add a release note to mention the diagnostic wording was patched up?

Done.

void updated this revision to Diff 468997.Oct 19 2022, 12:02 PM

Add release note.

void added a comment.Oct 19 2022, 12:02 PM

@shafik PTAL.

Harbormaster completed remote builds in B193060: Diff 468997.Oct 19 2022, 12:42 PM
void updated this revision to Diff 469044.Oct 19 2022, 2:14 PM

Reformatting.

Harbormaster completed remote builds in B193095: Diff 469044.Oct 19 2022, 2:44 PM
This revision was not accepted when it landed; it landed in state Needs Review.Oct 20 2022, 11:57 AM
Closed by commit rGb76219b59020: [clang][Sema] Use correct array size for diagnostic (authored by void). · Explain Why
This revision was automatically updated to reflect the committed changes.
void added a commit: rGb76219b59020: [clang][Sema] Use correct array size for diagnostic.
shafik added a comment.Oct 20 2022, 4:25 PM

Apologies for the late reply but after the last changes to the diagnostic messages are much better.

void added a comment.Oct 20 2022, 4:29 PM
In D135920#3872705, @shafik wrote:

Apologies for the late reply but after the last changes to the diagnostic messages are much better.

Thanks! Sorry I jumped the gun and submitted before your reply...

Revision Contents

PathSize
clang/
docs/
4 lines
include/
clang/
Basic/
7 lines
lib/
Sema/
11 lines
test/
Sema/
4 lines
2 lines
SemaCXX/
14 lines
4 lines
92 lines
2 lines
SemaObjC/
3 lines

Diff 469309

clang/docs/ReleaseNotes.rst

Show First 20 LinesShow All 315 Lines▼ Show 20 Lines- Fixed an accidental duplicate diagnostic involving the declaration of a
`Issue 58181 <https://github.com/llvm/llvm-project/issues/58181>`_. `Issue 58181 <https://github.com/llvm/llvm-project/issues/58181>`_.
- Copy-elided initialization of lock scopes is now handled differently in - Copy-elided initialization of lock scopes is now handled differently in
``-Wthread-safety-analysis``: annotations on the move constructor are no ``-Wthread-safety-analysis``: annotations on the move constructor are no
longer taken into account, in favor of annotations on the function returning longer taken into account, in favor of annotations on the function returning
the lock scope by value. This could result in new warnings if code depended the lock scope by value. This could result in new warnings if code depended
on the previous undocumented behavior. As a side effect of this change, on the previous undocumented behavior. As a side effect of this change,
constructor calls outside of initializer expressions are no longer ignored, constructor calls outside of initializer expressions are no longer ignored,
which can result in new warnings (or make existing warnings disappear). which can result in new warnings (or make existing warnings disappear).
- The wording of diagnostics regarding arithmetic on fixed-sized arrays and
pointers is improved to include the type of the array and whether it's cast
to another type. This should improve comprehension for why an index is
out-of-bounds.
Non-comprehensive list of changes in this release Non-comprehensive list of changes in this release
------------------------------------------------- -------------------------------------------------
- It's now possible to set the crash diagnostics directory through - It's now possible to set the crash diagnostics directory through
the environment variable ``CLANG_CRASH_DIAGNOSTICS_DIR``. the environment variable ``CLANG_CRASH_DIAGNOSTICS_DIR``.
The ``-fcrash-diagnostics-dir`` flag takes precedence. The ``-fcrash-diagnostics-dir`` flag takes precedence.
- When using header modules, inclusion of a private header and violations of - When using header modules, inclusion of a private header and violations of
the `use-declaration rules the `use-declaration rules
▲ Show 20 LinesShow All 364 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 9,395 Lines▼ Show 20 Linesdef ext_implicit_exception_spec_mismatch : ExtWarn<
"function previously declared with an %select{explicit|implicit}0 exception " "function previously declared with an %select{explicit|implicit}0 exception "
"specification redeclared with an %select{implicit|explicit}0 exception " "specification redeclared with an %select{implicit|explicit}0 exception "
"specification">, InGroup<DiagGroup<"implicit-exception-spec-mismatch">>; "specification">, InGroup<DiagGroup<"implicit-exception-spec-mismatch">>;
def warn_ptr_arith_precedes_bounds : Warning< def warn_ptr_arith_precedes_bounds : Warning<
"the pointer decremented by %0 refers before the beginning of the array">, "the pointer decremented by %0 refers before the beginning of the array">,
InGroup<ArrayBoundsPointerArithmetic>, DefaultIgnore; InGroup<ArrayBoundsPointerArithmetic>, DefaultIgnore;
def warn_ptr_arith_exceeds_bounds : Warning< def warn_ptr_arith_exceeds_bounds : Warning<
"the pointer incremented by %0 refers past the end of the array (that " "the pointer incremented by %0 refers past the end of the array (that has type %1)">,
"contains %1 element%s2)">,
InGroup<ArrayBoundsPointerArithmetic>, DefaultIgnore; InGroup<ArrayBoundsPointerArithmetic>, DefaultIgnore;
def warn_array_index_precedes_bounds : Warning< def warn_array_index_precedes_bounds : Warning<
"array index %0 is before the beginning of the array">, "array index %0 is before the beginning of the array">,
InGroup<ArrayBounds>; InGroup<ArrayBounds>;
def warn_array_index_exceeds_bounds : Warning< def warn_array_index_exceeds_bounds : Warning<
"array index %0 is past the end of the array (which contains %1 " "array index %0 is past the end of the array (that has type %1%select{|, cast to %3}2)">,
"element%s2)">, InGroup<ArrayBounds>; InGroup<ArrayBounds>;
def warn_ptr_arith_exceeds_max_addressable_bounds : Warning< def warn_ptr_arith_exceeds_max_addressable_bounds : Warning<
"the pointer incremented by %0 refers past the last possible element for an array in %1-bit " "the pointer incremented by %0 refers past the last possible element for an array in %1-bit "
"address space containing %2-bit (%3-byte) elements (max possible %4 element%s5)">, "address space containing %2-bit (%3-byte) elements (max possible %4 element%s5)">,
InGroup<ArrayBounds>; InGroup<ArrayBounds>;
def warn_array_index_exceeds_max_addressable_bounds : Warning< def warn_array_index_exceeds_max_addressable_bounds : Warning<
"array index %0 refers past the last possible element for an array in %1-bit " "array index %0 refers past the last possible element for an array in %1-bit "
"address space containing %2-bit (%3-byte) elements (max possible %4 element%s5)">, "address space containing %2-bit (%3-byte) elements (max possible %4 element%s5)">,
InGroup<ArrayBounds>; InGroup<ArrayBounds>;
▲ Show 20 LinesShow All 2,304 LinesShow Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 16,063 Lines▼ Show 20 Lines if (ASE) {
SourceMgr.getSpellingLoc(IndexExpr->getBeginLoc()); SourceMgr.getSpellingLoc(IndexExpr->getBeginLoc());
if (SourceMgr.isWrittenInSameFile(RBracketLoc, IndexLoc)) if (SourceMgr.isWrittenInSameFile(RBracketLoc, IndexLoc))
return; return;
} }
} }
unsigned DiagID = ASE ? diag::warn_array_index_exceeds_bounds unsigned DiagID = ASE ? diag::warn_array_index_exceeds_bounds
: diag::warn_ptr_arith_exceeds_bounds; : diag::warn_ptr_arith_exceeds_bounds;
unsigned CastMsg = (!ASE || BaseType == EffectiveType) ? 0 : 1;
QualType CastMsgTy = ASE ? ASE->getLHS()->getType() : QualType();
DiagRuntimeBehavior(BaseExpr->getBeginLoc(), BaseExpr, DiagRuntimeBehavior(
PDiag(DiagID) << toString(index, 10, true) BaseExpr->getBeginLoc(), BaseExpr,
shafikUnsubmitted
Not Done
ReplyInline Actions

index is also wrong as you can see from the diagnostic below array index 32768 is past.

I think what you want is index.getNumWords() and size.getNumWords().

shafik: `index` is also wrong as you can see from the diagnostic below `array index 32768 is past`. I…
voidAuthorUnsubmitted
Done
ReplyInline Actions

I'm not so sure about the index part. The sizeof(foo) bit is 32768, so that part of the diagnostic is technically correct. (The best kind of correct! :-)

As for getNumWords(), won't that just default to the size of the array in int's?

void: I'm not so sure about the `index` part. The `sizeof(foo)` bit is 32768, so that part of the…
<< toString(size, 10, true) PDiag(DiagID) << toString(index, 10, true) << ArrayTy->desugar()
<< (unsigned)size.getLimitedValue(~0U) << CastMsg << CastMsgTy << IndexExpr->getSourceRange());
shafikUnsubmitted
Not Done
ReplyInline Actions

It is not clear what this is for.

If we look at warn_array_index_exceeds_bounds in DiagnosticSemaKinds.td we can see that element%s2 which I believe is a typo and means that this argument is lost.

shafik: It is not clear what this is for. If we look at `warn_array_index_exceeds_bounds` in…
voidAuthorUnsubmitted
Done
ReplyInline Actions

I think it's to (somehow) specify whether or not to add an s to the end of element...but I'm not 100% sure.

void: I think it's to (somehow) specify whether or not to add an `s` to the end of `element`...but…
<< IndexExpr->getSourceRange());
} else { } else {
unsigned DiagID = diag::warn_array_index_precedes_bounds; unsigned DiagID = diag::warn_array_index_precedes_bounds;
if (!ASE) { if (!ASE) {
DiagID = diag::warn_ptr_arith_precedes_bounds; DiagID = diag::warn_ptr_arith_precedes_bounds;
if (index.isNegative()) index = -index; if (index.isNegative()) index = -index;
} }
DiagRuntimeBehavior(BaseExpr->getBeginLoc(), BaseExpr, DiagRuntimeBehavior(BaseExpr->getBeginLoc(), BaseExpr,
▲ Show 20 LinesShow All 1,804 LinesShow Last 20 Lines

clang/test/Sema/array-bounds-ptr-arith.c

// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s // RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s
// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=0 // RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=0
// RUN: %clang_cc1 -verify=expected,strict -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=2 // RUN: %clang_cc1 -verify=expected,strict -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=2
// Test case from PR10615 // Test case from PR10615
struct ext2_super_block{ struct ext2_super_block{
unsigned char s_uuid[8]; // expected-note {{declared here}} unsigned char s_uuid[8]; // expected-note {{declared here}}
}; };
void* ext2_statfs (struct ext2_super_block *es,int a) { void* ext2_statfs (struct ext2_super_block *es,int a) {
return (void *)es->s_uuid + sizeof(int); // no-warning return (void *)es->s_uuid + sizeof(int); // no-warning
} }
void* broken (struct ext2_super_block *es,int a) { void* broken (struct ext2_super_block *es,int a) {
return (void *)es->s_uuid + 9; // expected-warning {{the pointer incremented by 9 refers past the end of the array}} return (void *)es->s_uuid + 9; // expected-warning {{the pointer incremented by 9 refers past the end of the array (that has type 'unsigned char[8]')}}
keesUnsubmitted
Done
ReplyInline Actions

Can this be changed to 8 from 80 to make sure it is also doing the math right on the check and not just the warning text?

kees: Can this be changed to `8` from `80` to make sure it is also doing the math right on the check…
} }
// Test case reduced from PR11594 // Test case reduced from PR11594
struct S { struct S {
int n; int n;
}; };
void pr11594(struct S *s) { void pr11594(struct S *s) {
int a[10]; int a[10];
Show All 12 Lines
typedef TPtr *TabHandle; typedef TPtr *TabHandle;
struct RDar11387038_B { struct RDar11387038_B {
TabHandle x; TabHandle x;
}; };
typedef struct RDar11387038_B RDar11387038_B; typedef struct RDar11387038_B RDar11387038_B;
void radar11387038(void) { void radar11387038(void) {
RDar11387038_B *pRDar11387038_B; RDar11387038_B *pRDar11387038_B;
struct RDar11387038 *y = &(*pRDar11387038_B->x)->z[4]; // strict-warning {{array index 4 is past the end of the array (which contains 1 element)}} struct RDar11387038 *y = &(*pRDar11387038_B->x)->z[4]; // strict-warning {{array index 4 is past the end of the array (that has type 'struct RDar11387038[1]')}}
} }
void pr51682(void) { void pr51682(void) {
int arr[1]; int arr[1];
switch (0) { switch (0) {
case 0: case 0:
break; break;
case 1: case 1:
asm goto("" ::"r"(arr[42] >> 1)::failed); asm goto("" ::"r"(arr[42] >> 1)::failed);
break; break;
} }
failed:; failed:;
} }

clang/test/Sema/integer-overflow.c

Show First 20 LinesShow All 136 Lines▼ Show 20 Lines
// expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}}
(__real__ x) = 4608 * 1024 * 1024; (__real__ x) = 4608 * 1024 * 1024;
// expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}}
(__imag__ x) = 4608 * 1024 * 1024; (__imag__ x) = 4608 * 1024 * 1024;
// expected-warning@+4 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+4 {{overflow in expression; result is 536870912 with type 'int'}}
// expected-warning@+3 {{array index 536870912 is past the end of the array (which contains 10 elements)}} // expected-warning@+3 {{array index 536870912 is past the end of the array (that has type 'uint64_t[10]' (aka 'unsigned long long[10]'))}}
// expected-note@+1 {{array 'a' declared here}} // expected-note@+1 {{array 'a' declared here}}
uint64_t a[10]; uint64_t a[10];
a[4608 * 1024 * 1024] = 1i; a[4608 * 1024 * 1024] = 1i;
// expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}}
uint64_t *b; uint64_t *b;
uint64_t b2 = b[4608 * 1024 * 1024] + 1; uint64_t b2 = b[4608 * 1024 * 1024] + 1;
▲ Show 20 LinesShow All 61 LinesShow Last 20 Lines

clang/test/SemaCXX/array-bounds-ptr-arith.cpp

// RUN: %clang_cc1 -verify -Wno-string-plus-int -Warray-bounds-pointer-arithmetic %s // RUN: %clang_cc1 -verify -Wno-string-plus-int -Warray-bounds-pointer-arithmetic %s
void swallow (const char *x) { (void)x; } void swallow (const char *x) { (void)x; }
void test_pointer_arithmetic(int n) { void test_pointer_arithmetic(int n) {
const char hello[] = "Hello world!"; // expected-note 2 {{declared here}} const char hello[] = "Hello world!"; // expected-note 2 {{declared here}}
const char *helloptr = hello; const char *helloptr = hello;
swallow("Hello world!" + 6); // no-warning swallow("Hello world!" + 6); // no-warning
swallow("Hello world!" - 6); // expected-warning {{refers before the beginning of the array}} swallow("Hello world!" - 6); // expected-warning {{the pointer decremented by 6 refers before the beginning of the array}}
swallow("Hello world!" + 14); // expected-warning {{refers past the end of the array}} swallow("Hello world!" + 14); // expected-warning {{the pointer incremented by 14 refers past the end of the array (that has type 'const char[13]')}}
swallow("Hello world!" + 13); // no-warning swallow("Hello world!" + 13); // no-warning
swallow(hello + 6); // no-warning swallow(hello + 6); // no-warning
swallow(hello - 6); // expected-warning {{refers before the beginning of the array}} swallow(hello - 6); // expected-warning {{the pointer decremented by 6 refers before the beginning of the array}}
swallow(hello + 14); // expected-warning {{refers past the end of the array}} swallow(hello + 14); // expected-warning {{the pointer incremented by 14 refers past the end of the array (that has type 'const char[13]')}}
swallow(hello + 13); // no-warning swallow(hello + 13); // no-warning
swallow(helloptr + 6); // no-warning swallow(helloptr + 6); // no-warning
swallow(helloptr - 6); // no-warning swallow(helloptr - 6); // no-warning
swallow(helloptr + 14); // no-warning swallow(helloptr + 14); // no-warning
swallow(helloptr + 13); // no-warning swallow(helloptr + 13); // no-warning
double numbers[2]; // expected-note {{declared here}} double numbers[2]; // expected-note {{declared here}}
swallow((char*)numbers + sizeof(double)); // no-warning swallow((char*)numbers + sizeof(double)); // no-warning
swallow((char*)numbers + 60); // expected-warning {{refers past the end of the array}} swallow((char*)numbers + 60); // expected-warning {{the pointer incremented by 60 refers past the end of the array (that has type 'double[2]')}}
char buffer[5]; // expected-note 2 {{declared here}} char buffer[5]; // expected-note 2 {{declared here}}
// TODO: Add FixIt notes for adding parens around non-ptr part of arith expr // TODO: Add FixIt notes for adding parens around non-ptr part of arith expr
swallow(buffer + sizeof("Hello")-1); // expected-warning {{refers past the end of the array}} swallow(buffer + sizeof("Hello")-1); // expected-warning {{the pointer incremented by 6 refers past the end of the array (that has type 'char[5]')}}
swallow(buffer + (sizeof("Hello")-1)); // no-warning swallow(buffer + (sizeof("Hello")-1)); // no-warning
if (n > 0 && n <= 6) swallow(buffer + 6 - n); // expected-warning {{refers past the end of the array}} if (n > 0 && n <= 6) swallow(buffer + 6 - n); // expected-warning {{the pointer incremented by 6 refers past the end of the array (that has type 'char[5]')}}
if (n > 0 && n <= 6) swallow(buffer + (6 - n)); // no-warning if (n > 0 && n <= 6) swallow(buffer + (6 - n)); // no-warning
} }

clang/test/SemaCXX/array-bounds-strict-flex-arrays.cpp

Show All 10 Lines
} }
// Under -fstrict-flex-arrays={1,2} `a` is not a flexible array // Under -fstrict-flex-arrays={1,2} `a` is not a flexible array
struct t0 { struct t0 {
int f; int f;
int a[10]; // relaxed-note {{array 'a' declared here}} int a[10]; // relaxed-note {{array 'a' declared here}}
}; };
void test0(t0 *s2) { void test0(t0 *s2) {
s2->a[12] = 0; // relaxed-warning {{array index 12 is past the end of the array (which contains 10 elements)}} s2->a[12] = 0; // relaxed-warning {{array index 12 is past the end of the array (that has type 'int[10]')}}
} }
// Under -fstrict-flex-arrays=2 `a` is not a flexible array, but it is under -fstrict-flex-arrays=1 // Under -fstrict-flex-arrays=2 `a` is not a flexible array, but it is under -fstrict-flex-arrays=1
struct t1 { struct t1 {
int f; int f;
int a[1]; // strict-note {{array 'a' declared here}} int a[1]; // strict-note {{array 'a' declared here}}
}; };
void test1(t1 *s2) { void test1(t1 *s2) {
s2->a[2] = 0; // strict-warning {{array index 2 is past the end of the array (which contains 1 element)}} s2->a[2] = 0; // strict-warning {{array index 2 is past the end of the array (that has type 'int[1]')}}
} }
// Under -fstrict-flex-arrays={1,2} `a` is a flexible array. // Under -fstrict-flex-arrays={1,2} `a` is a flexible array.
struct t2 { struct t2 {
int f; int f;
int a[0]; int a[0];
}; };
void test1(t2 *s2) { void test1(t2 *s2) {
s2->a[2] = 0; // no-warning s2->a[2] = 0; // no-warning
} }

clang/test/SemaCXX/array-bounds.cpp

// RUN: %clang_cc1 -verify -std=c++14 %s // RUN: %clang_cc1 -verify -std=c++14 %s
int foo() { int foo() {
int x[2]; // expected-note 4 {{array 'x' declared here}} int x[2]; // expected-note 4 {{array 'x' declared here}}
int y[2]; // expected-note 2 {{array 'y' declared here}} int y[2]; // expected-note 2 {{array 'y' declared here}}
int z[1]; // expected-note {{array 'z' declared here}} int z[1]; // expected-note {{array 'z' declared here}}
int w[1][1]; // expected-note {{array 'w' declared here}} int w[1][1]; // expected-note {{array 'w' declared here}}
int v[1][1][1]; // expected-note {{array 'v' declared here}} int v[1][1][1]; // expected-note {{array 'v' declared here}}
int *p = &y[2]; // no-warning int *p = &y[2]; // no-warning
(void) sizeof(x[2]); // no-warning (void) sizeof(x[2]); // no-warning
y[2] = 2; // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} y[2] = 2; // expected-warning {{array index 2 is past the end of the array (that has type 'int[2]')}}
z[1] = 'x'; // expected-warning {{array index 1 is past the end of the array (which contains 1 element)}} z[1] = 'x'; // expected-warning {{array index 1 is past the end of the array (that has type 'int[1]')}}
w[0][2] = 0; // expected-warning {{array index 2 is past the end of the array (which contains 1 element)}} w[0][2] = 0; // expected-warning {{array index 2 is past the end of the array (that has type 'int[1]')}}
v[0][0][2] = 0; // expected-warning {{array index 2 is past the end of the array (which contains 1 element)}} v[0][0][2] = 0; // expected-warning {{array index 2 is past the end of the array (that has type 'int[1]')}}
return x[2] + // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} return x[2] + // expected-warning {{array index 2 is past the end of the array (that has type 'int[2]')}}
y[-1] + // expected-warning {{array index -1 is before the beginning of the array}} y[-1] + // expected-warning {{array index -1 is before the beginning of the array}}
x[sizeof(x)] + // expected-warning {{array index 8 is past the end of the array (which contains 2 elements)}} x[sizeof(x)] + // expected-warning {{array index 8 is past the end of the array (that has type 'int[2]')}}
x[sizeof(x) / sizeof(x[0])] + // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} x[sizeof(x) / sizeof(x[0])] + // expected-warning {{array index 2 is past the end of the array (that has type 'int[2]')}}
x[sizeof(x) / sizeof(x[0]) - 1] + // no-warning x[sizeof(x) / sizeof(x[0]) - 1] + // no-warning
x[sizeof(x[2])]; // expected-warning {{array index 4 is past the end of the array (which contains 2 elements)}} x[sizeof(x[2])]; // expected-warning {{array index 4 is past the end of the array (that has type 'int[2]')}}
} }
// This code example tests that -Warray-bounds works with arrays that // This code example tests that -Warray-bounds works with arrays that
// are template parameters. // are template parameters.
template <char *sz> class Qux { template <char *sz> class Qux {
bool test() { return sz[0] == 'a'; } bool test() { return sz[0] == 'a'; }
}; };
void f1(int a[1]) { void f1(int a[1]) {
int val = a[3]; // no warning for function argumnet int val = a[3]; // no warning for function argumnet
} }
void f2(const int (&a)[2]) { // expected-note {{declared here}} void f2(const int (&a)[2]) { // expected-note {{declared here}}
int val = a[3]; // expected-warning {{array index 3 is past the end of the array (which contains 2 elements)}} int val = a[3]; // expected-warning {{array index 3 is past the end of the array (that has type 'const int[2]')}}
} }
void test() { void test() {
struct { struct {
int a[0]; int a[0];
} s2; } s2;
s2.a[3] = 0; // no warning for 0-sized array s2.a[3] = 0; // no warning for 0-sized array
union { union {
short a[2]; // expected-note 4 {{declared here}} short a[2]; // expected-note 4 {{declared here}}
char c[4]; char c[4];
} u; } u;
u.a[3] = 1; // expected-warning {{array index 3 is past the end of the array (which contains 2 elements)}} u.a[3] = 1; // expected-warning {{array index 3 is past the end of the array (that has type 'short[2]')}}
u.c[3] = 1; // no warning u.c[3] = 1; // no warning
short *p = &u.a[2]; // no warning short *p = &u.a[2]; // no warning
p = &u.a[3]; // expected-warning {{array index 3 is past the end of the array (which contains 2 elements)}} p = &u.a[3]; // expected-warning {{array index 3 is past the end of the array (that has type 'short[2]')}}
*(&u.a[2]) = 1; // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} *(&u.a[2]) = 1; // expected-warning {{array index 2 is past the end of the array (that has type 'short[2]')}}
*(&u.a[3]) = 1; // expected-warning {{array index 3 is past the end of the array (which contains 2 elements)}} *(&u.a[3]) = 1; // expected-warning {{array index 3 is past the end of the array (that has type 'short[2]')}}
*(&u.c[3]) = 1; // no warning *(&u.c[3]) = 1; // no warning
const int const_subscript = 3; const int const_subscript = 3;
int array[2]; // expected-note {{declared here}} int array[2]; // expected-note {{declared here}}
array[const_subscript] = 0; // expected-warning {{array index 3 is past the end of the array (which contains 2 elements)}} array[const_subscript] = 0; // expected-warning {{array index 3 is past the end of the array (that has type 'int[2]')}}
int *ptr; int *ptr;
ptr[3] = 0; // no warning for pointer references ptr[3] = 0; // no warning for pointer references
int array2[] = { 0, 1, 2 }; // expected-note 2 {{declared here}} int array2[] = { 0, 1, 2 }; // expected-note 2 {{declared here}}
array2[3] = 0; // expected-warning {{array index 3 is past the end of the array (which contains 3 elements)}} array2[3] = 0; // expected-warning {{array index 3 is past the end of the array (that has type 'int[3]')}}
array2[2+2] = 0; // expected-warning {{array index 4 is past the end of the array (which contains 3 elements)}} array2[2+2] = 0; // expected-warning {{array index 4 is past the end of the array (that has type 'int[3]')}}
const char *str1 = "foo"; const char *str1 = "foo";
char c1 = str1[5]; // no warning for pointers char c1 = str1[5]; // no warning for pointers
const char str2[] = "foo"; // expected-note {{declared here}} const char str2[] = "foo"; // expected-note {{declared here}}
char c2 = str2[5]; // expected-warning {{array index 5 is past the end of the array (which contains 4 elements)}} char c2 = str2[5]; // expected-warning {{array index 5 is past the end of the array (that has type 'const char[4]')}}
int (*array_ptr)[2]; int (*array_ptr)[2];
(*array_ptr)[3] = 1; // expected-warning {{array index 3 is past the end of the array (which contains 2 elements)}} (*array_ptr)[3] = 1; // expected-warning {{array index 3 is past the end of the array (that has type 'int[2]')}}
} }
template <int I> struct S { template <int I> struct S {
char arr[I]; // expected-note 3 {{declared here}} char arr[I]; // expected-note 3 {{declared here}}
}; };
template <int I> void f() { template <int I> void f() {
S<3> s; S<3> s;
s.arr[4] = 0; // expected-warning 2 {{array index 4 is past the end of the array (which contains 3 elements)}} s.arr[4] = 0; // expected-warning 2 {{array index 4 is past the end of the array (that has type 'char[3]')}}
s.arr[I] = 0; // expected-warning {{array index 5 is past the end of the array (which contains 3 elements)}} s.arr[I] = 0; // expected-warning {{array index 5 is past the end of the array (that has type 'char[3]')}}
} }
void test_templates() { void test_templates() {
f<5>(); // expected-note {{in instantiation}} f<5>(); // expected-note {{in instantiation}}
} }
#define SIZE 10 #define SIZE 10
#define ARR_IN_MACRO(flag, arr, idx) flag ? arr[idx] : 1 #define ARR_IN_MACRO(flag, arr, idx) flag ? arr[idx] : 1
int test_no_warn_macro_unreachable() { int test_no_warn_macro_unreachable() {
int arr[SIZE]; // expected-note {{array 'arr' declared here}} int arr[SIZE]; // expected-note {{array 'arr' declared here}}
return ARR_IN_MACRO(0, arr, SIZE) + // no-warning return ARR_IN_MACRO(0, arr, SIZE) + // no-warning
ARR_IN_MACRO(1, arr, SIZE); // expected-warning{{array index 10 is past the end of the array (which contains 10 elements)}} ARR_IN_MACRO(1, arr, SIZE); // expected-warning{{array index 10 is past the end of the array (that has type 'int[10]')}}
} }
// This exhibited an assertion failure for a 32-bit build of Clang. // This exhibited an assertion failure for a 32-bit build of Clang.
int test_pr9240() { int test_pr9240() {
short array[100]; // expected-note {{array 'array' declared here}} short array[100]; // expected-note {{array 'array' declared here}}
return array[(unsigned long long) 100]; // expected-warning {{array index 100 is past the end of the array (which contains 100 elements)}} return array[(unsigned long long) 100]; // expected-warning {{array index 100 is past the end of the array (that has type 'short[100]')}}
} }
// PR 9284 - a template parameter can cause an array bounds access to be // PR 9284 - a template parameter can cause an array bounds access to be
// infeasible. // infeasible.
template <bool extendArray> template <bool extendArray>
void pr9284() { void pr9284() {
int arr[3 + (extendArray ? 1 : 0)]; int arr[3 + (extendArray ? 1 : 0)];
if (extendArray) if (extendArray)
arr[3] = 42; // no-warning arr[3] = 42; // no-warning
} }
template <bool extendArray> template <bool extendArray>
void pr9284b() { void pr9284b() {
int arr[3 + (extendArray ? 1 : 0)]; // expected-note {{array 'arr' declared here}} int arr[3 + (extendArray ? 1 : 0)]; // expected-note {{array 'arr' declared here}}
if (!extendArray) if (!extendArray)
arr[3] = 42; // expected-warning{{array index 3 is past the end of the array (which contains 3 elements)}} arr[3] = 42; // expected-warning{{array index 3 is past the end of the array (that has type 'int[3]')}}
} }
void test_pr9284() { void test_pr9284() {
pr9284<true>(); pr9284<true>();
pr9284<false>(); pr9284<false>();
pr9284b<true>(); pr9284b<true>();
pr9284b<false>(); // expected-note{{in instantiation of function template specialization 'pr9284b<false>' requested here}} pr9284b<false>(); // expected-note{{in instantiation of function template specialization 'pr9284b<false>' requested here}}
} }
int test_pr9296() { int test_pr9296() {
int array[2]; int array[2];
return array[true]; // no-warning return array[true]; // no-warning
} }
int test_sizeof_as_condition(int flag) { int test_sizeof_as_condition(int flag) {
int arr[2] = { 0, 0 }; // expected-note {{array 'arr' declared here}} int arr[2] = { 0, 0 }; // expected-note {{array 'arr' declared here}}
if (flag) if (flag)
return sizeof(char) != sizeof(char) ? arr[2] : arr[1]; return sizeof(char) != sizeof(char) ? arr[2] : arr[1];
return sizeof(char) == sizeof(char) ? arr[2] : arr[1]; // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} return sizeof(char) == sizeof(char) ? arr[2] : arr[1]; // expected-warning {{array index 2 is past the end of the array (that has type 'int[2]')}}
} }
void test_switch() { void test_switch() {
switch (4) { switch (4) {
case 1: { case 1: {
int arr[2]; int arr[2];
arr[2] = 1; // no-warning arr[2] = 1; // no-warning
break; break;
} }
case 4: { case 4: {
int arr[2]; // expected-note {{array 'arr' declared here}} int arr[2]; // expected-note {{array 'arr' declared here}}
arr[2] = 1; // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} arr[2] = 1; // expected-warning {{array index 2 is past the end of the array (that has type 'int[2]')}}
break; break;
} }
default: { default: {
int arr[2]; int arr[2];
arr[2] = 1; // no-warning arr[2] = 1; // no-warning
break; break;
} }
} }
Show All 35 Linesnamespace tailpad {
class baz { class baz {
public: public:
char c1[1]; // expected-note {{declared here}} char c1[1]; // expected-note {{declared here}}
int x; int x;
char c2[1]; char c2[1];
}; };
char bar(struct foo *F, baz *B) { char bar(struct foo *F, baz *B) {
return F->c1[3] + // expected-warning {{array index 3 is past the end of the array (which contains 1 element)}} return F->c1[3] + // expected-warning {{array index 3 is past the end of the array (that has type 'char[1]')}}
F->c2[3] + // no warning, foo could have tail padding allocated. F->c2[3] + // no warning, foo could have tail padding allocated.
B->c1[3] + // expected-warning {{array index 3 is past the end of the array (which contains 1 element)}} B->c1[3] + // expected-warning {{array index 3 is past the end of the array (that has type 'char[1]')}}
B->c2[3]; // no warning, baz could have tail padding allocated. B->c2[3]; // no warning, baz could have tail padding allocated.
} }
} }
namespace metaprogramming { namespace metaprogramming {
#define ONE 1 #define ONE 1
struct foo { struct foo {
char c[ONE]; // expected-note {{array 'c' declared here}} char c[ONE]; // expected-note {{array 'c' declared here}}
}; };
template <int N> struct bar { char c[N]; }; // expected-note {{declared here}} template <int N> struct bar { char c[N]; }; // expected-note {{declared here}}
char test(foo *F, bar<1> *B) { char test(foo *F, bar<1> *B) {
return F->c[3] + // expected-warning {{array index 3 is past the end of the array (which contains 1 element)}} return F->c[3] + // expected-warning {{array index 3 is past the end of the array (that has type 'char[1]')}}
B->c[3]; // expected-warning {{array index 3 is past the end of the array (which contains 1 element)}} B->c[3]; // expected-warning {{array index 3 is past the end of the array (that has type 'char[1]')}}
} }
} }
void bar(int x) {} void bar(int x) {}
int test_more() { int test_more() {
int foo[5]; // expected-note 5 {{array 'foo' declared here}} int foo[5]; // expected-note 5 {{array 'foo' declared here}}
bar(foo[5]); // expected-warning {{array index 5 is past the end of the array (which contains 5 elements)}} bar(foo[5]); // expected-warning {{array index 5 is past the end of the array (that has type 'int[5]')}}
++foo[5]; // expected-warning {{array index 5 is past the end of the array (which contains 5 elements)}} ++foo[5]; // expected-warning {{array index 5 is past the end of the array (that has type 'int[5]')}}
if (foo[6]) // expected-warning {{array index 6 is past the end of the array (which contains 5 elements)}} if (foo[6]) // expected-warning {{array index 6 is past the end of the array (that has type 'int[5]')}}
return --foo[6]; // expected-warning {{array index 6 is past the end of the array (which contains 5 elements)}} return --foo[6]; // expected-warning {{array index 6 is past the end of the array (that has type 'int[5]')}}
else else
return foo[5]; // expected-warning {{array index 5 is past the end of the array (which contains 5 elements)}} return foo[5]; // expected-warning {{array index 5 is past the end of the array (that has type 'int[5]')}}
} }
void test_pr10771() { void test_pr10771() {
double foo[4096]; // expected-note {{array 'foo' declared here}} double foo[4096]; // expected-note {{array 'foo' declared here}}
((char*)foo)[sizeof(foo) - 1] = '\0'; // no-warning ((char*)foo)[sizeof(foo) - 1] = '\0'; // no-warning
*(((char*)foo) + sizeof(foo) - 1) = '\0'; // no-warning *(((char*)foo) + sizeof(foo) - 1) = '\0'; // no-warning
((char*)foo)[sizeof(foo)] = '\0'; // expected-warning {{array index 32768 is past the end of the array (which contains 32768 elements)}} ((char*)foo)[sizeof(foo)] = '\0'; // expected-warning {{array index 32768 is past the end of the array (that has type 'double[4096]', cast to 'char *')}}
serge-sans-pailleUnsubmitted
Not Done
ReplyInline Actions

I find this new message quite confusing, because the array index is given in terms of char elements, while the array size is given in terms of double elements. I actually find the original message more consistent to that respect.

serge-sans-paille: I find this new message quite confusing, because the array index is given in terms of char…
keesUnsubmitted
Not Done
ReplyInline Actions

Perhaps show both element count and byte offset?

array index $count is $(bytes - end_of_array_in_bytes) past the end of the array (which contains $end_of_array_in_bytes bytes of $array_max_index elements)

kees: Perhaps show both element count and byte offset? `array index $count is $(bytes…
serge-sans-pailleUnsubmitted
Not Done
ReplyInline Actions

if we have no cast, I find the version without the patch just fine.

If we have a cast, I suggest we just express the result in bytes, something along those lines (inspired by your suggestion):

array index $count is $(bytes - end_of_array_in_bytes) bytes past the end of the allocated memory for that array (which contains $end_of_array_in_bytes bytes)
serge-sans-paille: if we have no cast, I find the version without the patch just fine. If we have a cast, I…
voidAuthorUnsubmitted
Done
ReplyInline Actions

I so far have this. It looks not too bad even for the non-cast. Thoughts?

$ cat ab.c
void test_pr10771() {
    double foo[4096];  // expected-note {{array 'foo' declared here}}

    ((char*)foo)[sizeof(foo)] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
    foo[4098] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
}
$ clang++ -x c++ -o /dev/null -S -std=c++14 ~/llvm/ab.c
/home/morbo/llvm/ab.c:4:13: warning: array index 32768 is 0 bytes past the end of the array (that has type 'double[4096]') [-Warray-bounds]
    ((char*)foo)[sizeof(foo)] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
            ^    ~~~~~~~~~~~
/home/morbo/llvm/ab.c:2:5: note: array 'foo' declared here
    double foo[4096];  // expected-note {{array 'foo' declared here}}
    ^
/home/morbo/llvm/ab.c:5:5: warning: array index 4098 is 16 bytes past the end of the array (that has type 'double[4096]') [-Warray-bounds]
    foo[4098] = '\0';  // expected-warning {{array index 32768 is past the end of the array (which contains 4096 elements of type 'double[4096])}}
    ^   ~~~~
/home/morbo/llvm/ab.c:2:5: note: array 'foo' declared here
    double foo[4096];  // expected-note {{array 'foo' declared here}}
    ^
2 warnings generated.
void: I so far have this. It looks not too bad even for the non-cast. Thoughts? ``` $ cat ab.c void…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

The part I struggle with is the "is 0 bytes past the end of the array" -- that reads as if it's not past the end of the array at all because it's saying "You've accessed right up to the end of the array; congratulations on your very careful use!".

aaron.ballman: The part I struggle with is the "is 0 bytes past the end of the array" -- that reads as if it's…
voidAuthorUnsubmitted
Done
ReplyInline Actions

Okay. How about this then?

Typical diagnostic:

  warning: array index %{index} is past the end of the array (that has type %{type})

Diagnostic if the array is cast to something else:

  warning: array index %{index} is past the end of the array (that has type %{type}, cast to ${cast_type})
void: Okay. How about this then? ``` Typical diagnostic: warning: array index %{index} is past…
// TODO: This should probably warn, too. // TODO: This should probably warn, too.
*(((char*)foo) + sizeof(foo)) = '\0'; // no-warning *(((char*)foo) + sizeof(foo)) = '\0'; // no-warning
} }
int test_pr11007_aux(const char * restrict, ...); int test_pr11007_aux(const char * restrict, ...);
// Test checking with varargs. // Test checking with varargs.
void test_pr11007() { void test_pr11007() {
double a[5]; // expected-note {{array 'a' declared here}} double a[5]; // expected-note {{array 'a' declared here}}
test_pr11007_aux("foo", a[1000]); // expected-warning {{array index 1000 is past the end of the array}} test_pr11007_aux("foo", a[1000]); // expected-warning {{array index 1000 is past the end of the array (that has type 'double[5]')}}
} }
void test_rdar10916006(void) void test_rdar10916006(void)
{ {
int a[128]; // expected-note {{array 'a' declared here}} int a[128]; // expected-note {{array 'a' declared here}}
a[(unsigned char)'\xA1'] = 1; // expected-warning {{array index 161 is past the end of the array}} a[(unsigned char)'\xA1'] = 1; // expected-warning {{array index 161 is past the end of the array (that has type 'int[128]')}}
} }
struct P { struct P {
int a; int a;
int b; int b;
}; };
void test_struct_array_index() { void test_struct_array_index() {
struct P p[10]; // expected-note {{array 'p' declared here}} struct P p[10]; // expected-note {{array 'p' declared here}}
p[11] = {0, 1}; // expected-warning {{array index 11 is past the end of the array (which contains 10 elements)}} p[11] = {0, 1}; // expected-warning {{array index 11 is past the end of the array (that has type 'struct P[10]')}}
} }
int operator+(const struct P &s1, const struct P &s2); int operator+(const struct P &s1, const struct P &s2);
int test_operator_overload_struct_array_index() { int test_operator_overload_struct_array_index() {
struct P x[10] = {0}; // expected-note {{array 'x' declared here}} struct P x[10] = {0}; // expected-note {{array 'x' declared here}}
return x[1] + x[11]; // expected-warning {{array index 11 is past the end of the array (which contains 10 elements)}} return x[1] + x[11]; // expected-warning {{array index 11 is past the end of the array (that has type 'struct P[10]')}}
} }
int multi[2][2][2]; // expected-note 3 {{array 'multi' declared here}} int multi[2][2][2]; // expected-note 3 {{array 'multi' declared here}}
int test_multiarray() { int test_multiarray() {
return multi[2][0][0] + // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} return multi[2][0][0] + // expected-warning {{array index 2 is past the end of the array (that has type 'int[2][2][2]')}}
multi[0][2][0] + // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} multi[0][2][0] + // expected-warning {{array index 2 is past the end of the array (that has type 'int[2][2]')}}
multi[0][0][2]; // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} multi[0][0][2]; // expected-warning {{array index 2 is past the end of the array (that has type 'int[2]')}}
} }
struct multi_s { struct multi_s {
int arr[4]; int arr[4];
}; };
struct multi_s multi2[4]; // expected-note {{array 'multi2' declared here}} struct multi_s multi2[4]; // expected-note {{array 'multi2' declared here}}
int test_struct_multiarray() { int test_struct_multiarray() {
return multi2[4].arr[0]; // expected-warning {{array index 4 is past the end of the array (which contains 4 elements)}} return multi2[4].arr[0]; // expected-warning {{array index 4 is past the end of the array (that has type 'struct multi_s[4]')}}
} }
namespace PR39746 { namespace PR39746 {
struct S; struct S;
extern S xxx[2]; // expected-note {{array 'xxx' declared here}} extern S xxx[2]; // expected-note {{array 'xxx' declared here}}
class C {}; class C {};
C &f() { return reinterpret_cast<C *>(xxx)[1]; } // no-warning C &f() { return reinterpret_cast<C *>(xxx)[1]; } // no-warning
// We have no info on whether this is out-of-bounds. // We have no info on whether this is out-of-bounds.
C &g() { return reinterpret_cast<C *>(xxx)[2]; } // no-warning C &g() { return reinterpret_cast<C *>(xxx)[2]; } // no-warning
// We can still diagnose this. // We can still diagnose this.
C &h() { return reinterpret_cast<C *>(xxx)[-1]; } // expected-warning {{array index -1 is before the beginning of the array}} C &h() { return reinterpret_cast<C *>(xxx)[-1]; } // expected-warning {{array index -1 is before the beginning of the array}}
} }
namespace PR41087 { namespace PR41087 {
template <typename Ty> void foo() { template <typename Ty> void foo() {
Ty buffer[2]; // expected-note 3{{array 'buffer' declared here}} Ty buffer[2]; // expected-note 3{{array 'buffer' declared here}}
((char *)buffer)[2] = 'A'; // expected-warning 1{{array index 2 is past the end of the array (which contains 2 elements)}} ((char *)buffer)[2] = 'A'; // expected-warning 1{{array index 2 is past the end of the array (that has type 'char[2]', cast to 'char *')}}
((char *)buffer)[-1] = 'A'; // expected-warning 2{{array index -1 is before the beginning of the array}} ((char *)buffer)[-1] = 'A'; // expected-warning 2{{array index -1 is before the beginning of the array}}
} }
void f() { void f() {
foo<char>(); // expected-note 1{{in instantiation of function template specialization}} foo<char>(); // expected-note 1{{in instantiation of function template specialization}}
foo<int>(); // expected-note 1{{in instantiation of function template specialization}} foo<int>(); // expected-note 1{{in instantiation of function template specialization}}
}; };
} }
namespace var_template_array { namespace var_template_array {
template <typename T> int arr[2]; // expected-note {{array 'arr<int>' declared here}} template <typename T> int arr[2]; // expected-note {{array 'arr<int>' declared here}}
template <> int arr<float>[1]; // expected-note {{array 'arr<float>' declared here}} template <> int arr<float>[1]; // expected-note {{array 'arr<float>' declared here}}
void test() { void test() {
arr<int>[1] = 0; // ok arr<int>[1] = 0; // ok
arr<int>[2] = 0; // expected-warning {{array index 2 is past the end of the array (which contains 2 elements)}} arr<int>[2] = 0; // expected-warning {{array index 2 is past the end of the array (that has type 'int[2]')}}
arr<float>[1] = 0; // expected-warning {{array index 1 is past the end of the array (which contains 1 element)}} arr<float>[1] = 0; // expected-warning {{array index 1 is past the end of the array (that has type 'int[1]')}}
} }
} // namespace var_template_array } // namespace var_template_array

clang/test/SemaCXX/integer-overflow.cpp

Show First 20 LinesShow All 161 Lines▼ Show 20 Lines
// expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}}
(__imag__ x) = 4608 * 1024 * 1024; (__imag__ x) = 4608 * 1024 * 1024;
// expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}}
uint64_t a[10]; uint64_t a[10];
a[4608 * 1024 * 1024] = 1; a[4608 * 1024 * 1024] = 1;
#if __cplusplus < 201103L #if __cplusplus < 201103L
// expected-warning@-2 {{array index 536870912 is past the end of the array (which contains 10 elements)}} // expected-warning@-2 {{array index 536870912 is past the end of the array (that has type 'uint64_t[10]' (aka 'unsigned long long[10]'))}}
// expected-note@-4 {{array 'a' declared here}} // expected-note@-4 {{array 'a' declared here}}
#endif #endif
// expected-warning@+1 2{{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+1 2{{overflow in expression; result is 536870912 with type 'int'}}
return ((4608 * 1024 * 1024) + ((uint64_t)(4608 * 1024 * 1024))); return ((4608 * 1024 * 1024) + ((uint64_t)(4608 * 1024 * 1024)));
} }
void check_integer_overflows_in_function_calls() { void check_integer_overflows_in_function_calls() {
Show All 32 Lines

clang/test/SemaObjC/flexible-array-bounds.m

Show All 17 Lines
@interface Flexible1 { @interface Flexible1 {
@public @public
char flexible[1]; char flexible[1];
} }
@end @end
char readit(Flexible *p) { return p->flexible[2]; } char readit(Flexible *p) { return p->flexible[2]; }
char readit0(Flexible0 *p) { return p->flexible[2]; } char readit0(Flexible0 *p) { return p->flexible[2]; }
char readit1(Flexible1 *p) { return p->flexible[2]; } // warn-warning {{array index 2 is past the end of the array (which contains 1 element)}} char readit1(Flexible1 *p) { return p->flexible[2]; } // warn-warning {{array index 2 is past the end of the array (that has type 'char[1]')}}