This is an archive of the discontinued LLVM Phabricator instance.

[-Wunsafe-buffer-usage] Ignore array subscript on literal zero
ClosedPublic

Authored by ziqingluo-90 on Nov 18 2022, 12:29 PM.

Download Raw Diff

Details

Reviewers

NoQ
jkorous
t-rasmud
malavikasamak
aaron.ballman
gribozavr
xazax.hun

Commits

rGf6c54cdbc439: [-Wunsafe-buffer-usage] Ignore array subscript on literal zero

Summary

Improving unsafe array subscript warning reporting.
For array subscripts with a literal zero index, no warning will be emitted.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

ziqingluo-90 created this revision.Nov 18 2022, 12:29 PM

Herald added a project: Restricted Project. · View Herald TranscriptNov 18 2022, 12:29 PM

Herald added a subscriber: rnkovacs. · View Herald Transcript

ziqingluo-90 requested review of this revision.Nov 18 2022, 12:29 PM

Herald added a project: Restricted Project. · View Herald TranscriptNov 18 2022, 12:29 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Harbormaster completed remote builds in B198528: Diff 476567.Nov 18 2022, 12:30 PM

ziqingluo-90 added a parent revision: D138318: [-Wunsafe-buffer-usage] Improve pointer match pattern.Nov 18 2022, 12:30 PM

ziqingluo-90 updated this revision to Diff 476581.Nov 18 2022, 1:12 PM

Harbormaster completed remote builds in B198541: Diff 476581.Nov 18 2022, 1:13 PM

ziqingluo-90 added a child revision: D138329: [-Wunsafe-buffer-usage] Add a new recursive matcher to replace `forEachDescendant` in unsafe buffer check.Nov 18 2022, 1:32 PM

xazax.hun added inline comments.Nov 18 2022, 3:05 PM

clang/lib/Analysis/UnsafeBufferUsage.cpp
192	Isn't it the case you still want to cover zero indices but as a safe gadget to make sure fixits can be emitted? Having to add another gadget for this makes me think maybe categorizing the safety of gadgets upfront is not the right model.

LGTM!

clang/lib/Analysis/UnsafeBufferUsage.cpp
192	So according to the discussion in D140062 it actually is the right model to decide safety up front, and then maybe even have some duplication, because the safe gadget has to provide a lot more context in the matcher in order for us to emit any fix at all. So the fixable gadget wouldn't be "same thing but with different index". It'd be "a completely different thing with completely arbitrary index".

This revision is now accepted and ready to land.Dec 15 2022, 7:03 PM

This revision was landed with ongoing or failed builds.Dec 16 2022, 9:04 PM

Closed by commit rGf6c54cdbc439: [-Wunsafe-buffer-usage] Ignore array subscript on literal zero (authored by ziqingluo-90). · Explain Why

This revision was automatically updated to reflect the committed changes.

ziqingluo-90 added a commit: rGf6c54cdbc439: [-Wunsafe-buffer-usage] Ignore array subscript on literal zero.

Revision Contents

Path

Size

clang/

lib/

Analysis/

UnsafeBufferUsage.cpp

6 lines

test/

SemaCXX/

warn-unsafe-buffer-usage.cpp

27 lines

Diff 483718

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 Lines • Show All 183 Lines • ▼ Show 20 Lines	public:

static bool classof(const Gadget *G) {		static bool classof(const Gadget *G) {
return G->getKind() == Kind::ArraySubscript;		return G->getKind() == Kind::ArraySubscript;
}		}

static Matcher matcher() {		static Matcher matcher() {
// FIXME: What if the index is integer literal 0? Should this be		// FIXME: What if the index is integer literal 0? Should this be
// a safe gadget in this case?		// a safe gadget in this case?
return stmt(		return stmt(arraySubscriptExpr(hasBase(ignoringParenImpCasts(hasPointerType())),
		xazax.hunUnsubmitted Not Done Reply Inline Actions Isn't it the case you still want to cover zero indices but as a safe gadget to make sure fixits can be emitted? Having to add another gadget for this makes me think maybe categorizing the safety of gadgets upfront is not the right model. xazax.hun: Isn't it the case you still want to cover zero indices but as a safe gadget to make sure fixits…
		NoQUnsubmitted Not Done Reply Inline Actions So according to the discussion in D140062 it actually is the right model to decide safety up front, and then maybe even have some duplication, because the safe gadget has to provide a lot more context in the matcher in order for us to emit any fix at all. So the fixable gadget wouldn't be "same thing but with different index". It'd be "a completely different thing with completely arbitrary index". NoQ: So according to the discussion in D140062 it actually is the right model to decide safety up…
arraySubscriptExpr(hasBase(ignoringParenImpCasts(hasPointerType())))		unless(hasIndex(integerLiteral(equals(0)))))
.bind(ArraySubscrTag));		.bind(ArraySubscrTag));
}		}

const ArraySubscriptExpr *getBaseStmt() const override { return ASE; }		const ArraySubscriptExpr *getBaseStmt() const override { return ASE; }

DeclUseList getClaimedVarUseSites() const override {		DeclUseList getClaimedVarUseSites() const override {
if (const auto *DRE =		if (const auto *DRE =
dyn_cast<DeclRefExpr>(ASE->getBase()->IgnoreParenImpCasts())) {		dyn_cast<DeclRefExpr>(ASE->getBase()->IgnoreParenImpCasts())) {
return {DRE};		return {DRE};
▲ Show 20 Lines • Show All 266 Lines • Show Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage.cpp

Show All 23 Lines	void testIncrement(char *p) {
--p; // expected-warning{{unchecked operation on raw buffer in expression}}		--p; // expected-warning{{unchecked operation on raw buffer in expression}}
p--; // expected-warning{{unchecked operation on raw buffer in expression}}		p--; // expected-warning{{unchecked operation on raw buffer in expression}}
}		}

void * voidPtrCall(void);		void * voidPtrCall(void);
char * charPtrCall(void);		char * charPtrCall(void);

void testArraySubscripts(int p, int *pp) {		void testArraySubscripts(int p, int *pp) {
foo(p[0], // expected-warning{{unchecked operation on raw buffer in expression}}		foo(p[1], // expected-warning{{unchecked operation on raw buffer in expression}}
pp[0][0], // expected-warning2{{unchecked operation on raw buffer in expression}}		pp[1][1], // expected-warning2{{unchecked operation on raw buffer in expression}}
0[0[pp]], // expected-warning2{{unchecked operation on raw buffer in expression}}		1[1[pp]], // expected-warning2{{unchecked operation on raw buffer in expression}}
0[pp][0] // expected-warning2{{unchecked operation on raw buffer in expression}}		1[pp][1] // expected-warning2{{unchecked operation on raw buffer in expression}}
);		);

if (p[3]) { // expected-warning{{unchecked operation on raw buffer in expression}}		if (p[3]) { // expected-warning{{unchecked operation on raw buffer in expression}}
void * q = p;		void * q = p;

foo(((int*)q)[10]); // expected-warning{{unchecked operation on raw buffer in expression}}		foo(((int*)q)[10]); // expected-warning{{unchecked operation on raw buffer in expression}}
}		}

foo(((int*)voidPtrCall())[3], // expected-warning{{unchecked operation on raw buffer in expression}}		foo(((int*)voidPtrCall())[3], // expected-warning{{unchecked operation on raw buffer in expression}}
3[(int*)voidPtrCall()], // expected-warning{{unchecked operation on raw buffer in expression}}		3[(int*)voidPtrCall()], // expected-warning{{unchecked operation on raw buffer in expression}}
charPtrCall()[3], // expected-warning{{unchecked operation on raw buffer in expression}}		charPtrCall()[3], // expected-warning{{unchecked operation on raw buffer in expression}}
3[charPtrCall()] // expected-warning{{unchecked operation on raw buffer in expression}}		3[charPtrCall()] // expected-warning{{unchecked operation on raw buffer in expression}}
);		);

int a[10], b[10][10];		int a[10], b[10][10];

// Not to warn subscripts on arrays		// Not to warn subscripts on arrays
foo(a[0], a[1],		foo(a[1], 1[a],
0[a], 1[a],
b[3][4],		b[3][4],
4[b][3],		4[b][3],
4[3[b]]);		4[3[b]]);

		// Not to warn when index is zero
		foo(p[0], pp[0][0], 0[0[pp]], 0[pp][0],
		((int*)voidPtrCall())[0],
		0[(int*)voidPtrCall()],
		charPtrCall()[0],
		0[charPtrCall()]
		);
}		}

void testArraySubscriptsWithAuto(int p, int *pp) {		void testArraySubscriptsWithAuto(int p, int *pp) {
int a[10];		int a[10];

auto ap1 = a;		auto ap1 = a;

foo(ap1[0]); // expected-warning{{unchecked operation on raw buffer in expression}}		foo(ap1[1]); // expected-warning{{unchecked operation on raw buffer in expression}}

auto ap2 = p;		auto ap2 = p;

foo(ap2[0]); // expected-warning{{unchecked operation on raw buffer in expression}}		foo(ap2[1]); // expected-warning{{unchecked operation on raw buffer in expression}}

auto ap3 = pp;		auto ap3 = pp;

foo(ap3[0][0]); // expected-warning2{{unchecked operation on raw buffer in expression}}		foo(ap3[1][1]); // expected-warning2{{unchecked operation on raw buffer in expression}}

auto ap4 = *pp;		auto ap4 = *pp;

foo(ap4[0]); // expected-warning{{unchecked operation on raw buffer in expression}}		foo(ap4[1]); // expected-warning{{unchecked operation on raw buffer in expression}}
}		}

void testUnevaluatedContext(int * p) {		void testUnevaluatedContext(int * p) {
//TODO: do not warn for unevaluated context		//TODO: do not warn for unevaluated context
foo(sizeof(p[1]), // expected-warning{{unchecked operation on raw buffer in expression}}		foo(sizeof(p[1]), // expected-warning{{unchecked operation on raw buffer in expression}}
sizeof(decltype(p[1]))); // expected-warning{{unchecked operation on raw buffer in expression}}		sizeof(decltype(p[1]))); // expected-warning{{unchecked operation on raw buffer in expression}}
}		}

▲ Show 20 Lines • Show All 98 Lines • Show Last 20 Lines