This is an archive of the discontinued LLVM Phabricator instance.

Differential D143676

[-Wunsafe-buffer-usage] FixableGadget for handling stand alone pointers under UPC.
ClosedPublic

Authored by malavikasamak on Feb 9 2023, 1:04 PM.

Details

Reviewers
NoQ
jkorous
t-rasmud
ziqingluo-90
xazax.hun
ymandel
aaron.ballman
sgatev
gribozavr
Commits
rGa046d1877201: [-Wunsafe-buffer-usage] FixableGadget for handling stand alone pointers under…
Summary

This patch introduces UPCStandalonePointerGadget, a FixableGadget that emits fixits to handle cases where a pointer identified as unsafe is simply referenced. An example of such a case is when the pointer is input as an argument to a method call, where we can not change the type of the argument. For cases where the strategy for the unsafe pointer is to use std::span, the idea is to extract the underlying pointer by invoking the "data()" method on the span instance.

For example, the gadget emits a fixit for S3, where S1, S2 are handled by other gadgets:

S1: int *ptr = new int[10]; 
S2: int val1 = ptr[k];  // Unsafe operation on ptr
S3: foo(ptr); // Some method that accepts raw pointer => FIXIT: foo(ptr.data());

Diff Detail

Event Timeline

malavikasamak created this revision.Feb 9 2023, 1:04 PM
Herald added a reviewer: NoQ. · View Herald TranscriptFeb 9 2023, 1:04 PM
Herald added a project: Restricted Project. · View Herald Transcript
malavikasamak requested review of this revision.Feb 9 2023, 1:04 PM
Harbormaster completed remote builds in B212882: Diff 496219.Feb 9 2023, 1:04 PM
malavikasamak added a parent revision: D143128: [-Wunsafe-buffer-usage] Fix-Its transforming `&DRE[any]` to `&DRE.data()[any]`.Feb 9 2023, 1:06 PM
malavikasamak updated this revision to Diff 496228.Feb 9 2023, 1:45 PM

Updating diff to get rid of white-space changes.

Harbormaster completed remote builds in B212887: Diff 496228.Feb 9 2023, 1:46 PM
malavikasamak added reviewers: jkorous, t-rasmud, ziqingluo-90.Feb 9 2023, 3:03 PM
ziqingluo-90 added inline comments.Feb 9 2023, 3:58 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
184

I haven't thought it through carefully but I'm afraid that this could result in one match result with both LHS and RHS being matched and bound to the same tag. Only one Fixable will be created from this match result but we actually need two. Besides, reading the tag from the match result could return either LHS or RHS non-deterministically I guess.

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-pointer-access.cpp
29

we could also test when both p and q are used somewhere unsafely.

malavikasamak updated this revision to Diff 496281.Feb 9 2023, 4:35 PM

Added a new test case.

Harbormaster completed remote builds in B212929: Diff 496281.Feb 9 2023, 4:36 PM
malavikasamak marked an inline comment as done.Feb 9 2023, 4:36 PM
malavikasamak added inline comments.
clang/lib/Analysis/UnsafeBufferUsage.cpp
184

Do you mean that this can result in only one side of the equation will be fixed? Added a test case "condition_check_two_usafe_buffers" to check such cases.

NoQ added inline comments.Feb 9 2023, 6:27 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
184

This code produces two matches, one for LHS one for RHS, and never produces a match in which both are bound: https://godbolt.org/z/dadETKf8d

So there's no "either LHS or RHS non-deterministically", it's just two independent MatchResults.

So I think this looks correct, just like the callExpr() case.

ziqingluo-90 added inline comments.Feb 9 2023, 6:45 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
184

Oh yes, you are right. I really didn't think it through.

jkorous added inline comments.Feb 13 2023, 10:30 AM
clang/lib/Analysis/UnsafeBufferUsage.cpp
503

I get confused by the word Access. I think here we are actually processing cases where the memory address pointed to is not accessed.

531

We can now remove the dyn_cast since Node has type DeclRefExpr*.

1142

We should be able to remove this dyn_cast too.

ziqingluo-90 added a child revision: D143680: [-Wunsafe-buffer-usage] Improve fix-its for local variable declarations with null pointer initializers.Feb 13 2023, 11:17 AM
malavikasamak updated this revision to Diff 499603.Feb 22 2023, 11:31 AM
malavikasamak marked 3 inline comments as done.
malavikasamak retitled this revision from [-Wunsafe-buffer-usage][WIP] Introducing a new fixable for handling pointer context DRE access. to [-Wunsafe-buffer-usage] Introducing a new fixable for handling pointer context DRE access..
Harbormaster completed remote builds in B215336: Diff 499603.Feb 22 2023, 11:34 AM
malavikasamak retitled this revision from [-Wunsafe-buffer-usage] Introducing a new fixable for handling pointer context DRE access. to [-Wunsafe-buffer-usage] FixableGadget for handling pointer references under UPC..Mar 2 2023, 11:55 AM
malavikasamak edited the summary of this revision. (Show Details)
malavikasamak added reviewers: xazax.hun, ymandel, aaron.ballman, sgatev, gribozavr.Mar 2 2023, 12:49 PM
Herald added a subscriber: rnkovacs. · View Herald TranscriptMar 2 2023, 12:49 PM
NoQ added a comment.Mar 16 2023, 3:16 PM

Other than my usual complaint about declRefExpr(to(varDecl())), LGTM!

clang/include/clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def
37

🚲🏠 : "Reference" kinda reads like "int *&q = p" which is not what we mean. (Yes, in DeclRefExpr "Ref" stands for "Reference" but nobody likes it.) Folks also seem to be adding UPC/ULC when appropriate. Maybe UPCStandalonePointer???

malavikasamak updated this revision to Diff 507837.Mar 23 2023, 11:39 AM
malavikasamak marked an inline comment as done.
malavikasamak edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B221388: Diff 507837.Mar 23 2023, 11:40 AM
NoQ added inline comments.Mar 23 2023, 3:43 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1142

Nitpick: This is one of the few recommended use cases for auto (https://www.llvm.org/docs/CodingStandards.html#use-auto-type-deduction-to-make-code-more-readable).

1148–1152

This code probably wants to check for empty optional before dereferencing(?)

malavikasamak updated this revision to Diff 507918.Mar 23 2023, 4:25 PM
malavikasamak marked an inline comment as done.
malavikasamak added inline comments.
clang/lib/Analysis/UnsafeBufferUsage.cpp
1148–1152

The getEndCharLoc method does not return an optional at this point of time in our stack. So, I am going to change the type of endOfOperand to SourceLocation to reflect this.

Harbormaster completed remote builds in B221449: Diff 507918.Mar 23 2023, 4:26 PM
ziqingluo-90 accepted this revision.Mar 29 2023, 11:20 AM

LGTM now!

This revision is now accepted and ready to land.Mar 29 2023, 11:20 AM
NoQ accepted this revision.Apr 3 2023, 12:28 PM

I think this is good to go!

malavikasamak retitled this revision from [-Wunsafe-buffer-usage] FixableGadget for handling pointer references under UPC. to [-Wunsafe-buffer-usage] FixableGadget for handling stand alone pointers under UPC..Apr 7 2023, 11:10 AM
NoQ added a parent revision: D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation..Apr 7 2023, 2:58 PM
NoQ removed a parent revision: D143128: [-Wunsafe-buffer-usage] Fix-Its transforming `&DRE[any]` to `&DRE.data()[any]`.
This revision was landed with ongoing or failed builds.Apr 7 2023, 3:32 PM
Closed by commit rGa046d1877201: [-Wunsafe-buffer-usage] FixableGadget for handling stand alone pointers under… (authored by malavikasamak). · Explain Why
This revision was automatically updated to reflect the committed changes.
malavikasamak added a commit: rGa046d1877201: [-Wunsafe-buffer-usage] FixableGadget for handling stand alone pointers under….
Herald added a project: Restricted Project. · View Herald TranscriptApr 7 2023, 3:32 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
Analyses/
1 line
lib/
Analysis/
76 lines
test/
SemaCXX/
110 lines

Diff 507837

clang/include/clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def

Show All 28 Lines
WARNING_GADGET(Decrement) WARNING_GADGET(Decrement)
WARNING_GADGET(ArraySubscript) WARNING_GADGET(ArraySubscript)
WARNING_GADGET(PointerArithmetic) WARNING_GADGET(PointerArithmetic)
WARNING_GADGET(UnsafeBufferUsageAttr) WARNING_GADGET(UnsafeBufferUsageAttr)
FIXABLE_GADGET(ULCArraySubscript) // `DRE[any]` in an Unspecified Lvalue Context FIXABLE_GADGET(ULCArraySubscript) // `DRE[any]` in an Unspecified Lvalue Context
FIXABLE_GADGET(PointerDereference) FIXABLE_GADGET(PointerDereference)
FIXABLE_GADGET(UPCAddressofArraySubscript) // '&DRE[any]' in an Unspecified Pointer Context FIXABLE_GADGET(UPCAddressofArraySubscript) // '&DRE[any]' in an Unspecified Pointer Context
FIXABLE_GADGET(DerefSimplePtrArithFixable) FIXABLE_GADGET(DerefSimplePtrArithFixable)
NoQUnsubmitted
Done
ReplyInline Actions

🚲🏠 : "Reference" kinda reads like "int *&q = p" which is not what we mean. (Yes, in DeclRefExpr "Ref" stands for "Reference" but nobody likes it.) Folks also seem to be adding UPC/ULC when appropriate. Maybe UPCStandalonePointer???

NoQ: 🚲🏠 : "Reference" kinda reads like "`int *&q = p`" which is not what we mean. (Yes, in…
FIXABLE_GADGET(UPCStandalonePointer)
#undef FIXABLE_GADGET #undef FIXABLE_GADGET
#undef WARNING_GADGET #undef WARNING_GADGET
#undef GADGET #undef GADGET

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 LinesShow All 163 Lines▼ Show 20 Lines
static internal::Matcher<Stmt> static internal::Matcher<Stmt>
isInUnspecifiedPointerContext(internal::Matcher<Stmt> InnerMatcher) { isInUnspecifiedPointerContext(internal::Matcher<Stmt> InnerMatcher) {
// A UPC can be // A UPC can be
// 1. an argument of a function call (except the callee has [[unsafe_...]] // 1. an argument of a function call (except the callee has [[unsafe_...]]
// attribute), or // attribute), or
// 2. the operand of a cast operation; or // 2. the operand of a cast operation; or
// ... // ...
auto CallArgMatcher = auto CallArgMatcher =
callExpr(hasAnyArgument(allOf( callExpr(forEachArgumentWithParam(InnerMatcher,
hasPointerType() /* array also decays to pointer type*/, hasPointerType() /* array also decays to pointer type*/),
InnerMatcher)),
unless(callee(functionDecl(hasAttr(attr::UnsafeBufferUsage))))); unless(callee(functionDecl(hasAttr(attr::UnsafeBufferUsage)))));
auto CastOperandMatcher = auto CastOperandMatcher =
explicitCastExpr(hasCastKind(CastKind::CK_PointerToIntegral), explicitCastExpr(hasCastKind(CastKind::CK_PointerToIntegral),
castSubExpr(allOf(hasPointerType(), InnerMatcher))); castSubExpr(allOf(hasPointerType(), InnerMatcher)));
return stmt(anyOf(CallArgMatcher, CastOperandMatcher)); auto CompOperandMatcher =
binaryOperator(hasAnyOperatorName("!=", "==", "<", "<=", ">", ">="),
eachOf(hasLHS(allOf(hasPointerType(), InnerMatcher)),
hasRHS(allOf(hasPointerType(), InnerMatcher))));
ziqingluo-90Unsubmitted
Not Done
ReplyInline Actions

I haven't thought it through carefully but I'm afraid that this could result in one match result with both LHS and RHS being matched and bound to the same tag. Only one Fixable will be created from this match result but we actually need two. Besides, reading the tag from the match result could return either LHS or RHS non-deterministically I guess.

ziqingluo-90: I haven't thought it through carefully but I'm afraid that this could result in one match…
malavikasamakAuthorUnsubmitted
Done
ReplyInline Actions

Do you mean that this can result in only one side of the equation will be fixed? Added a test case "condition_check_two_usafe_buffers" to check such cases.

malavikasamak: Do you mean that this can result in only one side of the equation will be fixed? Added a test…
NoQUnsubmitted
Not Done
ReplyInline Actions

This code produces two matches, one for LHS one for RHS, and never produces a match in which both are bound: https://godbolt.org/z/dadETKf8d

So there's no "either LHS or RHS non-deterministically", it's just two independent MatchResults.

So I think this looks correct, just like the callExpr() case.

NoQ: This code produces two matches, one for LHS one for RHS, and never produces a match in which…
ziqingluo-90Unsubmitted
Not Done
ReplyInline Actions

Oh yes, you are right. I really didn't think it through.

ziqingluo-90: Oh yes, you are right. I really didn't think it through.
return stmt(anyOf(CallArgMatcher, CastOperandMatcher, CompOperandMatcher));
// FIXME: any more cases? (UPC excludes the RHS of an assignment. For now we // FIXME: any more cases? (UPC excludes the RHS of an assignment. For now we
// don't have to check that.) // don't have to check that.)
} }
} // namespace clang::ast_matchers } // namespace clang::ast_matchers
namespace { namespace {
// Because the analysis revolves around variables and their types, we'll need to // Because the analysis revolves around variables and their types, we'll need to
// track uses of variables (aka DeclRefExprs). // track uses of variables (aka DeclRefExprs).
▲ Show 20 LinesShow All 299 Lines▼ Show 20 Linespublic:
virtual DeclUseList getClaimedVarUseSites() const override { virtual DeclUseList getClaimedVarUseSites() const override {
if (const auto *DRE = dyn_cast<DeclRefExpr>(Node->getBase()->IgnoreImpCasts())) { if (const auto *DRE = dyn_cast<DeclRefExpr>(Node->getBase()->IgnoreImpCasts())) {
return {DRE}; return {DRE};
} }
return {}; return {};
} }
}; };
// Fixable gadget to handle the expressions DRE in the unspecified pointer
// context.
class UPCStandalonePointerGadget : public FixableGadget {
jkorousUnsubmitted
Done
ReplyInline Actions

I get confused by the word Access. I think here we are actually processing cases where the memory address pointed to is not accessed.

jkorous: I get confused by the word `Access`. I think here we are actually processing cases where the…
private:
static constexpr const char *const DeclRefExprTag = "PtrAccess";
const DeclRefExpr *Node;
public:
UPCStandalonePointerGadget(const MatchFinder::MatchResult &Result)
: FixableGadget(Kind::UPCStandalonePointer),
Node(Result.Nodes.getNodeAs<DeclRefExpr>(DeclRefExprTag)) {
assert(Node != nullptr && "Expecting a non-null matching result");
}
static bool classof(const Gadget *G) {
return G->getKind() == Kind::UPCStandalonePointer;
}
static Matcher matcher() {
auto ArrayOrPtr = anyOf(hasPointerType(), hasArrayType());
auto target = expr(
ignoringParenImpCasts(declRefExpr(allOf(ArrayOrPtr, to(varDecl()))).bind(DeclRefExprTag)));
return stmt(isInUnspecifiedPointerContext(target));
}
virtual std::optional<FixItList> getFixits(const Strategy &S) const override;
virtual const Stmt *getBaseStmt() const override { return Node; }
virtual DeclUseList getClaimedVarUseSites() const override {
return {Node};
jkorousUnsubmitted
Done
ReplyInline Actions

We can now remove the dyn_cast since Node has type DeclRefExpr*.

jkorous: We can now remove the `dyn_cast` since `Node` has type `DeclRefExpr*`.
}
};
class PointerDereferenceGadget: public FixableGadget { class PointerDereferenceGadget: public FixableGadget {
static constexpr const char *const BaseDeclRefExprTag = "BaseDRE"; static constexpr const char *const BaseDeclRefExprTag = "BaseDRE";
static constexpr const char *const OperatorTag = "op"; static constexpr const char *const OperatorTag = "op";
const DeclRefExpr *BaseDeclRefExpr = nullptr; const DeclRefExpr *BaseDeclRefExpr = nullptr;
const UnaryOperator *Op; const UnaryOperator *Op;
public: public:
▲ Show 20 LinesShow All 586 Lines▼ Show 20 Lines if (const auto *DRE =
StrBuffer.append(getExprText(Idx, SM, LangOpts)); StrBuffer.append(getExprText(Idx, SM, LangOpts));
StrBuffer.append(")"); StrBuffer.append(")");
return FixItList{FixItHint::CreateReplacement(Node->getSourceRange(), return FixItList{FixItHint::CreateReplacement(Node->getSourceRange(),
StrBuffer.str())}; StrBuffer.str())};
} }
return std::nullopt; // something went wrong. no fix-it return std::nullopt; // something went wrong. no fix-it
} }
// Generates fix-its replacing an expression of the form UPC(DRE) with
// `DRE.data()`
std::optional<FixItList> UPCStandalonePointerGadget::getFixits(const Strategy &S)
const {
const VarDecl *VD = cast<VarDecl>(Node->getDecl());
jkorousUnsubmitted
Done
ReplyInline Actions

We should be able to remove this dyn_cast too.

jkorous: We should be able to remove this `dyn_cast` too.
NoQUnsubmitted
Done
ReplyInline Actions
const {
- const VarDecl *VD = cast<VarDecl>(Node->getDecl());
+ const auto *VD = cast<VarDecl>(Node->getDecl());
switch (S.lookup(VD)) {

Nitpick: This is one of the few recommended use cases for auto (https://www.llvm.org/docs/CodingStandards.html#use-auto-type-deduction-to-make-code-more-readable).

NoQ: Nitpick: This is one of the few recommended use cases for `auto` (https://www.llvm.
switch (S.lookup(VD)) {
case Strategy::Kind::Span: {
ASTContext &Ctx = VD->getASTContext();
SourceManager &SM = Ctx.getSourceManager();
// Inserts the .data() after the DRE
std::optional<SourceLocation> endOfOperand =
getEndCharLoc(Node, SM, Ctx.getLangOpts());
return FixItList{{FixItHint::CreateInsertion(
endOfOperand.value().getLocWithOffset(1), ".data()")}};
NoQUnsubmitted
Not Done
ReplyInline Actions

This code probably wants to check for empty optional before dereferencing(?)

NoQ: This code probably wants to check for empty optional before dereferencing(?)
malavikasamakAuthorUnsubmitted
Done
ReplyInline Actions

The getEndCharLoc method does not return an optional at this point of time in our stack. So, I am going to change the type of endOfOperand to SourceLocation to reflect this.

malavikasamak: The getEndCharLoc method does not return an optional at this point of time in our stack. So, I…
}
case Strategy::Kind::Wontfix:
case Strategy::Kind::Iterator:
case Strategy::Kind::Array:
case Strategy::Kind::Vector:
llvm_unreachable("unsupported strategies for FixableGadgets");
}
return std::nullopt;
}
// For a non-null initializer `Init` of `T *` type, this function returns // For a non-null initializer `Init` of `T *` type, this function returns
// `FixItHint`s producing a list initializer `{Init, S}` as a part of a fix-it // `FixItHint`s producing a list initializer `{Init, S}` as a part of a fix-it
// to output stream. // to output stream.
// In many cases, this function cannot figure out the actual extent `S`. It // In many cases, this function cannot figure out the actual extent `S`. It
// then will use a place holder to replace `S` to ask users to fill `S` in. The // then will use a place holder to replace `S` to ask users to fill `S` in. The
// initializer shall be used to initialize a variable of type `std::span<T>`. // initializer shall be used to initialize a variable of type `std::span<T>`.
// //
// FIXME: Support multi-level pointers // FIXME: Support multi-level pointers
▲ Show 20 LinesShow All 262 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-pointer-access.cpp

  • This file was added.
// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s
void foo(int* v) {
}
void m1(int* v1, int* v2, int) {
}
void condition_check_nullptr() {
auto p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
int tmp = p[5];
if(p != nullptr) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
}
void condition_check() {
auto p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
auto q = new int[10];
int tmp = p[5];
ziqingluo-90Unsubmitted
Done
ReplyInline Actions

we could also test when both p and q are used somewhere unsafely.

ziqingluo-90: we could also test when both `p` and `q` are used somewhere unsafely.
if(p == q) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
if(q != p){}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:12-[[@LINE-1]]:12}:".data()"
if(p < q) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
if(p <= q) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
if(p > q) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
if(p >= q) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
if( p == q && p != nullptr) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:8-[[@LINE-1]]:8}:".data()"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:18-[[@LINE-2]]:18}:".data()"
}
void condition_check_two_usafe_buffers() {
auto p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
auto q = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
int tmp = p[5];
tmp = q[5];
if(p == q) {}
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:".data()"
}
void unsafe_method_invocation_single_param() {
auto p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
int tmp = p[5];
foo(p);
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:8-[[@LINE-1]]:8}:".data()"
}
void safe_method_invocation_single_param() {
auto p = new int[10];
foo(p);
}
void unsafe_method_invocation_double_param() {
auto p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
int tmp = p[5];
m1(p, p, 10);
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:10-[[@LINE-2]]:10}:".data()"
auto q = new int[10];
m1(p, q, 4);
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:7}:".data()"
m1(q, p, 9);
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:10-[[@LINE-1]]:10}:".data()"
m1(q, q, 8);
}