This is an archive of the discontinued LLVM Phabricator instance.

Differential D146450

[-Wunsafe-buffer-usage] Bug fix: Handles the assertion violations for code within macros.
ClosedPublic

Authored by malavikasamak on Mar 20 2023, 12:25 PM.

Details

Reviewers
NoQ
jkorous
ziqingluo-90
t-rasmud
aaron.ballman
xazax.hun
ymandel
gribozavr
Commits
rG9bd0db80784e: [-Wunsafe-buffer-usage] Bug fix: Handles the assertion violations for code…
Summary

When macros get expanded, the source location for the expanded code received by the Fixable gadgets is invalid. We do not want to emit fixits for macro expanded code and it currently crashes the analysis. This patch fixes the assertion violations that were introduced for handling code with such invalid locations.

Diff Detail

Event Timeline

malavikasamak created this revision.Mar 20 2023, 12:25 PM
Herald added a reviewer: NoQ. · View Herald TranscriptMar 20 2023, 12:25 PM
Herald added a project: Restricted Project. · View Herald Transcript
malavikasamak requested review of this revision.Mar 20 2023, 12:25 PM
Harbormaster completed remote builds in B220513: Diff 506679.Mar 20 2023, 12:26 PM
malavikasamak added a parent revision: D144905: [-Wunsafe-buffer-usage] Handle unevaluated contexts that contain unsafe buffer usages.Mar 20 2023, 12:26 PM
malavikasamak added reviewers: jkorous, ziqingluo-90, t-rasmud.
ziqingluo-90 added inline comments.Mar 21 2023, 11:50 AM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1164

Ideally, we want to return a null to indicate that getExprText failed. Maybe add a FIXME here so that we can fix it later?

1348

If location has no value, this function should return std::nullopt.

1491

If ReplacementLastLoc has no value, we should return an empty FixItList meaning that no fix for the variable declaration.

yeah... we are being inconsistent in representing no fix using std::nullopt for Gadgets while using empty list for Decls. We can fix it later.

NoQ added inline comments.Mar 21 2023, 1:44 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1129

std::nullopt is a bit more idiomatic as it makes it clear whether the code intends to return an empty optional or a non-empty optional that contains default-initialized (invalid) source location.

1161

* is idiomatic for force-unwrap.

1164

Null StringRef is a thing, you can already use it. But of course callers need to be prepared.

Yeah, ideally there needs to be a clear indication that there was an error, because otherwise the callers may assume that the expression is correctly represented by the empty string. As an example of an expression that has a valid reason to be represented by an empty string, default constructors come to mind. Indeed, if C is a class with default constructor, then local variable C c; will have an initializer CXXConstructExpr that doesn't correspond to any text in the source-code. I guess we can run into some of those when we analyze partially spanified code. Of course, ideally by that time we should start using edit generators from libTransformers which already solve these problems.

1438–1439

The FixIts list is never empty; at the very least it unconditionally contains insertion of "{". If LocPassInit turns out to be invalid, we will end up emitting a broken fixit. I think an early return is more appropriate.

I think it's safer to do a

if(!LocPassInit)
  return {};
1491

I think it's safer to write code like

if(!ReplacementLastLoc)
  return {};

so that to make sure that we never emit an incomplete fixit (like we seem to be doing in the other function).

NoQ added a comment.Mar 21 2023, 1:45 PM

Looks great for a hotfix! I found a potential problem with new code emitting incomplete fixits which I think we can easily avoid.

NoQ added a comment.Mar 21 2023, 2:39 PM

Wait nvm, I misunderstood who's saying what, looks like @ziqingluo-90 has already identified the same problem. So there's just one problem.

malavikasamak updated this revision to Diff 507177.Mar 21 2023, 4:30 PM
malavikasamak marked 6 inline comments as done.

Addressing recent comments.

Harbormaster completed remote builds in B220881: Diff 507177.Mar 21 2023, 4:31 PM
malavikasamak added inline comments.Mar 21 2023, 4:31 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1164

I am not aware of how we can assign Null to a StringRef instance. Do you mean use {} instead of "" ?

ziqingluo-90 added inline comments.Mar 21 2023, 5:00 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1164

An empty StringRef wraps a null pointer. So I think you can just use it.

malavikasamak updated this revision to Diff 507187.Mar 21 2023, 5:14 PM
malavikasamak marked 3 inline comments as done.
Harbormaster completed remote builds in B220890: Diff 507187.Mar 21 2023, 5:15 PM
NoQ added inline comments.Mar 22 2023, 1:35 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1164

Ok now you probably want to update all call sites for getExprText() to handle the error, otherwise they may keep crashing or behaving incorrectly.

malavikasamak added inline comments.Mar 22 2023, 3:52 PM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1164

Maybe we can change the return type of getExprText to std::optional<StringRef> so we the callers can know when it returns an invalid string.

malavikasamak updated this revision to Diff 507573.Mar 22 2023, 6:16 PM

Changing return type of getExprText to std::optional.

Harbormaster completed remote builds in B221191: Diff 507573.Mar 22 2023, 6:17 PM
NoQ accepted this revision.Mar 23 2023, 5:05 PM

Looks great now!!

clang/lib/Analysis/UnsafeBufferUsage.cpp
1157
1255

clang-format will probably be upset about this.

This revision is now accepted and ready to land.Mar 23 2023, 5:05 PM
malavikasamak updated this revision to Diff 508211.Mar 24 2023, 2:09 PM
malavikasamak marked 3 inline comments as done.
Harbormaster completed remote builds in B221678: Diff 508211.Mar 24 2023, 2:10 PM
NoQ added a child revision: D146342: [-Wunsafe-buffer-usage] Move the whole analysis to the end of a translation unit.Apr 7 2023, 2:52 PM
malavikasamak added reviewers: aaron.ballman, xazax.hun, ymandel, gribozavr.Apr 11 2023, 2:30 PM
Herald added a subscriber: rnkovacs. · View Herald TranscriptApr 11 2023, 2:30 PM
malavikasamak updated this revision to Diff 515838.Apr 21 2023, 11:03 AM

Rebased on the latest llvm branch.

Harbormaster completed remote builds in B227258: Diff 515838.Apr 21 2023, 12:53 PM
NoQ accepted this revision.Apr 21 2023, 2:07 PM

LGTM! Probably needs clang-format in a few places.

clang/lib/Analysis/UnsafeBufferUsage.cpp
1198

clang-format probably doesn't like that.

1243

Wait, why is there a fallthrough here?

ziqingluo-90 added a comment.Apr 21 2023, 3:27 PM

LGTM! Thanks for fixing the bug!

clang/lib/Analysis/UnsafeBufferUsage.cpp
1240

This is irrelevant to this patch: IIRC, the naming convention for variables requires to capitalize the first letter.

1272

Maybe to use getPastLoc instead of getLocWithOffset(1). A problem with Loc.getLocWithOffset(1) is that the returned location always have same FileID as Loc. If Loc is part of a macro but Loc.getLocWithOffset(1) is not suppose to be so, Loc.getLocWithOffset(1) is having a wrong FileID. Locations in macros should have different FileIDs than the ones that are not in a macro.

ziqingluo-90 accepted this revision.Apr 21 2023, 3:27 PM
malavikasamak updated this revision to Diff 516529.Apr 24 2023, 2:16 PM
malavikasamak marked 3 inline comments as done.
malavikasamak added inline comments.
clang/lib/Analysis/UnsafeBufferUsage.cpp
1198

Ran this through clang-format.

1243

This is unrelated to this patch and seems to be added to satisfy the build bots in this commit:https://github.com/llvm/llvm-project/commit/45a0433b39ffbd7cee9cc8a92f2300324b3548e0. I can address this here or can go as a separate patch. Please let me know.

jkorous accepted this revision.Apr 24 2023, 3:06 PM

LGTM! Thanks for fixing this!

clang/lib/Analysis/UnsafeBufferUsage.cpp
1243

Since the fallthrough is not added by this patch we should address it separately.

Harbormaster completed remote builds in B227815: Diff 516529.Apr 24 2023, 3:40 PM
This revision was landed with ongoing or failed builds.Apr 24 2023, 4:10 PM
Closed by commit rG9bd0db80784e: [-Wunsafe-buffer-usage] Bug fix: Handles the assertion violations for code… (authored by malavikasamak). · Explain Why
This revision was automatically updated to reflect the committed changes.
malavikasamak added a commit: rG9bd0db80784e: [-Wunsafe-buffer-usage] Bug fix: Handles the assertion violations for code….
Herald added a project: Restricted Project. · View Herald TranscriptApr 24 2023, 4:10 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
malavikasamak added a reverting change: rG84ec1f7725d4: Revert "[-Wunsafe-buffer-usage] Bug fix: Handles the assertion violations for….Apr 24 2023, 4:49 PM

Revision Contents

PathSize
clang/
lib/
Analysis/
139 lines
test/
SemaCXX/
27 lines

Diff 516529

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 LinesShow All 1,111 Lines▼ Show 20 Linesstatic std::string getAPIntText(APInt Val) {
Val.toString(Txt, 10, true); Val.toString(Txt, 10, true);
// APInt::toString does not add '\0' to the end of the string for us: // APInt::toString does not add '\0' to the end of the string for us:
Txt.push_back('\0'); Txt.push_back('\0');
return Txt.data(); return Txt.data();
} }
// Return the source location of the last character of the AST `Node`. // Return the source location of the last character of the AST `Node`.
template <typename NodeTy> template <typename NodeTy>
static SourceLocation getEndCharLoc(const NodeTy *Node, const SourceManager &SM, static std::optional<SourceLocation>
getEndCharLoc(const NodeTy *Node, const SourceManager &SM,
const LangOptions &LangOpts) { const LangOptions &LangOpts) {
unsigned TkLen = Lexer::MeasureTokenLength(Node->getEndLoc(), SM, LangOpts); unsigned TkLen = Lexer::MeasureTokenLength(Node->getEndLoc(), SM, LangOpts);
SourceLocation Loc = Node->getEndLoc().getLocWithOffset(TkLen - 1); SourceLocation Loc = Node->getEndLoc().getLocWithOffset(TkLen - 1);
// We expect `Loc` to be valid. The location is obtained by moving forward if (Loc.isValid())
// from the beginning of the token 'len(token)-1' characters. The file ID of
// the locations within a token must be consistent.
assert(Loc.isValid() && "Expected the source location of the last"
"character of an AST Node to be always valid");
return Loc; return Loc;
return std::nullopt;
NoQUnsubmitted
Done
ReplyInline Actions
else
- return {};
+ return std::nullopt;
}
// Return the source location just past the last character of the AST `Node`.

std::nullopt is a bit more idiomatic as it makes it clear whether the code intends to return an empty optional or a non-empty optional that contains default-initialized (invalid) source location.

NoQ: `std::nullopt` is a bit more idiomatic as it makes it clear whether the code intends to return…
} }
// Return the source location just past the last character of the AST `Node`. // Return the source location just past the last character of the AST `Node`.
template <typename NodeTy> template <typename NodeTy>
static SourceLocation getPastLoc(const NodeTy *Node, const SourceManager &SM, static std::optional<SourceLocation> getPastLoc(const NodeTy *Node,
const SourceManager &SM,
const LangOptions &LangOpts) { const LangOptions &LangOpts) {
SourceLocation Loc = SourceLocation Loc =
Lexer::getLocForEndOfToken(Node->getEndLoc(), 0, SM, LangOpts); Lexer::getLocForEndOfToken(Node->getEndLoc(), 0, SM, LangOpts);
// We expect `Loc` to be valid as it is either associated to a file ID or if (Loc.isValid())
// it must be the end of a macro expansion. (see
// `Lexer::getLocForEndOfToken`)
assert(Loc.isValid() && "Expected the source location just past the last "
"character of an AST Node to be always valid");
return Loc; return Loc;
return std::nullopt;
} }
// Return text representation of an `Expr`. // Return text representation of an `Expr`.
static StringRef getExprText(const Expr *E, const SourceManager &SM, static std::optional<StringRef> getExprText(const Expr *E,
const SourceManager &SM,
const LangOptions &LangOpts) { const LangOptions &LangOpts) {
SourceLocation LastCharLoc = getPastLoc(E, SM, LangOpts); std::optional<SourceLocation> LastCharLoc = getPastLoc(E, SM, LangOpts);
if (LastCharLoc)
return Lexer::getSourceText( return Lexer::getSourceText(
CharSourceRange::getCharRange(E->getBeginLoc(), LastCharLoc), SM, CharSourceRange::getCharRange(E->getBeginLoc(), *LastCharLoc), SM,
LangOpts); LangOpts);
return std::nullopt;
NoQUnsubmitted
Done
ReplyInline Actions
std::optional<SourceLocation> LastCharLoc = getPastLoc(E, SM, LangOpts);
- if(LastCharLoc)
+ if (LastCharLoc)
return Lexer::getSourceText(
NoQ:
} }
std::optional<FixItList> std::optional<FixItList>
DerefSimplePtrArithFixableGadget::getFixits(const Strategy &s) const { DerefSimplePtrArithFixableGadget::getFixits(const Strategy &s) const {
NoQUnsubmitted
Done
ReplyInline Actions
return Lexer::getSourceText(
- CharSourceRange::getCharRange(E->getBeginLoc(), LastCharLoc.value()), SM,
+ CharSourceRange::getCharRange(E->getBeginLoc(), *LastCharLoc), SM,
LangOpts);

* is idiomatic for force-unwrap.

NoQ: `*` is idiomatic for force-unwrap.
const VarDecl *VD = dyn_cast<VarDecl>(BaseDeclRefExpr->getDecl()); const VarDecl *VD = dyn_cast<VarDecl>(BaseDeclRefExpr->getDecl());
if (VD && s.lookup(VD) == Strategy::Kind::Span) { if (VD && s.lookup(VD) == Strategy::Kind::Span) {
ziqingluo-90Unsubmitted
Done
ReplyInline Actions

Ideally, we want to return a null to indicate that getExprText failed. Maybe add a FIXME here so that we can fix it later?

ziqingluo-90: Ideally, we want to return a null to indicate that `getExprText` failed. Maybe add a `FIXME`…
NoQUnsubmitted
Done
ReplyInline Actions

Null StringRef is a thing, you can already use it. But of course callers need to be prepared.

Yeah, ideally there needs to be a clear indication that there was an error, because otherwise the callers may assume that the expression is correctly represented by the empty string. As an example of an expression that has a valid reason to be represented by an empty string, default constructors come to mind. Indeed, if C is a class with default constructor, then local variable C c; will have an initializer CXXConstructExpr that doesn't correspond to any text in the source-code. I guess we can run into some of those when we analyze partially spanified code. Of course, ideally by that time we should start using edit generators from libTransformers which already solve these problems.

NoQ: Null `StringRef` is a thing, you can already use it. But of course callers need to be prepared.
malavikasamakAuthorUnsubmitted
Done
ReplyInline Actions

I am not aware of how we can assign Null to a StringRef instance. Do you mean use {} instead of "" ?

malavikasamak: I am not aware of how we can assign Null to a StringRef instance. Do you mean use {} instead of…
ziqingluo-90Unsubmitted
Done
ReplyInline Actions

An empty StringRef wraps a null pointer. So I think you can just use it.

ziqingluo-90: An empty `StringRef` wraps a null pointer. So I think you can just use it.
NoQUnsubmitted
Done
ReplyInline Actions

Ok now you probably want to update all call sites for getExprText() to handle the error, otherwise they may keep crashing or behaving incorrectly.

NoQ: Ok now you probably want to update all call sites for `getExprText()` to handle the error…
malavikasamakAuthorUnsubmitted
Done
ReplyInline Actions

Maybe we can change the return type of getExprText to std::optional<StringRef> so we the callers can know when it returns an invalid string.

malavikasamak: Maybe we can change the return type of getExprText to std::optional<StringRef> so we the…
ASTContext &Ctx = VD->getASTContext(); ASTContext &Ctx = VD->getASTContext();
// std::span can't represent elements before its begin() // std::span can't represent elements before its begin()
if (auto ConstVal = Offset->getIntegerConstantExpr(Ctx)) if (auto ConstVal = Offset->getIntegerConstantExpr(Ctx))
if (ConstVal->isNegative()) if (ConstVal->isNegative())
return std::nullopt; return std::nullopt;
// note that the expr may (oddly) has multiple layers of parens // note that the expr may (oddly) has multiple layers of parens
// example: // example:
Show All 15 Lines if (VD && s.lookup(VD) == Strategy::Kind::Span) {
// replace ')' with ']' // replace ')' with ']'
const Expr *LHS = AddOp->getLHS(), *RHS = AddOp->getRHS(); const Expr *LHS = AddOp->getLHS(), *RHS = AddOp->getRHS();
const SourceManager &SM = Ctx.getSourceManager(); const SourceManager &SM = Ctx.getSourceManager();
const LangOptions &LangOpts = Ctx.getLangOpts(); const LangOptions &LangOpts = Ctx.getLangOpts();
CharSourceRange StarWithTrailWhitespace = CharSourceRange StarWithTrailWhitespace =
clang::CharSourceRange::getCharRange(DerefOp->getOperatorLoc(), clang::CharSourceRange::getCharRange(DerefOp->getOperatorLoc(),
LHS->getBeginLoc()); LHS->getBeginLoc());
std::optional<SourceLocation> LHSLocation = getPastLoc(LHS, SM, LangOpts);
if (!LHSLocation)
NoQUnsubmitted
Done
ReplyInline Actions
std::optional<SourceLocation> LHSLocation = getPastLoc(LHS, SM, LangOpts);
- if(!LHSLocation) return std::nullopt;
+ if (!LHSLocation)
+ return std::nullopt;
CharSourceRange PlusWithSurroundingWhitespace =

clang-format probably doesn't like that.

NoQ: `clang-format` probably doesn't like that.
malavikasamakAuthorUnsubmitted
Done
ReplyInline Actions

Ran this through clang-format.

malavikasamak: Ran this through clang-format.
return std::nullopt;
CharSourceRange PlusWithSurroundingWhitespace = CharSourceRange PlusWithSurroundingWhitespace =
clang::CharSourceRange::getCharRange(getPastLoc(LHS, SM, LangOpts), clang::CharSourceRange::getCharRange(*LHSLocation, RHS->getBeginLoc());
RHS->getBeginLoc());
std::optional<SourceLocation> AddOpLocation =
getPastLoc(AddOp, SM, LangOpts);
std::optional<SourceLocation> DerefOpLocation =
getPastLoc(DerefOp, SM, LangOpts);
if (!AddOpLocation || !DerefOpLocation)
return std::nullopt;
CharSourceRange ClosingParenWithPrecWhitespace = CharSourceRange ClosingParenWithPrecWhitespace =
clang::CharSourceRange::getCharRange(getPastLoc(AddOp, SM, LangOpts), clang::CharSourceRange::getCharRange(*AddOpLocation, *DerefOpLocation);
getPastLoc(DerefOp, SM, LangOpts));
return FixItList{ return FixItList{
{FixItHint::CreateRemoval(StarWithTrailWhitespace), {FixItHint::CreateRemoval(StarWithTrailWhitespace),
FixItHint::CreateReplacement(PlusWithSurroundingWhitespace, "["), FixItHint::CreateReplacement(PlusWithSurroundingWhitespace, "["),
FixItHint::CreateReplacement(ClosingParenWithPrecWhitespace, "]")}}; FixItHint::CreateReplacement(ClosingParenWithPrecWhitespace, "]")}};
} }
return std::nullopt; // something wrong or unsupported, give up return std::nullopt; // something wrong or unsupported, give up
} }
std::optional<FixItList> std::optional<FixItList>
PointerDereferenceGadget::getFixits(const Strategy &S) const { PointerDereferenceGadget::getFixits(const Strategy &S) const {
const VarDecl *VD = cast<VarDecl>(BaseDeclRefExpr->getDecl()); const VarDecl *VD = cast<VarDecl>(BaseDeclRefExpr->getDecl());
switch (S.lookup(VD)) { switch (S.lookup(VD)) {
case Strategy::Kind::Span: { case Strategy::Kind::Span: {
ASTContext &Ctx = VD->getASTContext(); ASTContext &Ctx = VD->getASTContext();
SourceManager &SM = Ctx.getSourceManager(); SourceManager &SM = Ctx.getSourceManager();
// Required changes: *(ptr); => (ptr[0]); and *ptr; => ptr[0] // Required changes: *(ptr); => (ptr[0]); and *ptr; => ptr[0]
// Deletes the *operand // Deletes the *operand
CharSourceRange derefRange = clang::CharSourceRange::getCharRange( CharSourceRange derefRange = clang::CharSourceRange::getCharRange(
Op->getBeginLoc(), Op->getBeginLoc().getLocWithOffset(1)); Op->getBeginLoc(), Op->getBeginLoc().getLocWithOffset(1));
// Inserts the [0] // Inserts the [0]
std::optional<SourceLocation> endOfOperand = std::optional<SourceLocation> EndOfOperand =
getEndCharLoc(BaseDeclRefExpr, SM, Ctx.getLangOpts()); getEndCharLoc(BaseDeclRefExpr, SM, Ctx.getLangOpts());
if (endOfOperand) { if (EndOfOperand) {
return FixItList{{FixItHint::CreateRemoval(derefRange), return FixItList{{FixItHint::CreateRemoval(derefRange),
FixItHint::CreateInsertion( FixItHint::CreateInsertion(
endOfOperand.value().getLocWithOffset(1), "[0]")}}; (*EndOfOperand).getLocWithOffset(1), "[0]")}};
ziqingluo-90Unsubmitted
Done
ReplyInline Actions

This is irrelevant to this patch: IIRC, the naming convention for variables requires to capitalize the first letter.

ziqingluo-90: This is irrelevant to this patch: IIRC, the naming convention for variables requires to…
} }
} }
[[fallthrough]]; [[fallthrough]];
NoQUnsubmitted
Not Done
ReplyInline Actions

Wait, why is there a fallthrough here?

NoQ: Wait, why is there a fallthrough here?
malavikasamakAuthorUnsubmitted
Done
ReplyInline Actions

This is unrelated to this patch and seems to be added to satisfy the build bots in this commit:https://github.com/llvm/llvm-project/commit/45a0433b39ffbd7cee9cc8a92f2300324b3548e0. I can address this here or can go as a separate patch. Please let me know.

malavikasamak: This is unrelated to this patch and seems to be added to satisfy the build bots in this commit…
jkorousUnsubmitted
Not Done
ReplyInline Actions

Since the fallthrough is not added by this patch we should address it separately.

jkorous: Since the fallthrough is not added by this patch we should address it separately.
case Strategy::Kind::Iterator: case Strategy::Kind::Iterator:
case Strategy::Kind::Array: case Strategy::Kind::Array:
case Strategy::Kind::Vector: case Strategy::Kind::Vector:
llvm_unreachable("Strategy not implemented yet!"); llvm_unreachable("Strategy not implemented yet!");
case Strategy::Kind::Wontfix: case Strategy::Kind::Wontfix:
llvm_unreachable("Invalid strategy!"); llvm_unreachable("Invalid strategy!");
} }
return std::nullopt; return std::nullopt;
} }
// Generates fix-its replacing an expression of the form UPC(DRE) with // Generates fix-its replacing an expression of the form UPC(DRE) with
NoQUnsubmitted
Done
ReplyInline Actions
std::optional<StringRef> dreString = getExprText(DRE, SM, LangOpts);
- if(!dreString) return std::nullopt;
+ if (!dreString)
+ return std::nullopt;
std::optional<StringRef> indexString = getExprText(Idx, SM, LangOpts);

clang-format will probably be upset about this.

NoQ: `clang-format` will probably be upset about this.
// `DRE.data()` // `DRE.data()`
std::optional<FixItList> UPCStandalonePointerGadget::getFixits(const Strategy &S) std::optional<FixItList> UPCStandalonePointerGadget::getFixits(const Strategy &S)
const { const {
const auto VD = cast<VarDecl>(Node->getDecl()); const auto VD = cast<VarDecl>(Node->getDecl());
switch (S.lookup(VD)) { switch (S.lookup(VD)) {
case Strategy::Kind::Span: { case Strategy::Kind::Span: {
ASTContext &Ctx = VD->getASTContext(); ASTContext &Ctx = VD->getASTContext();
SourceManager &SM = Ctx.getSourceManager(); SourceManager &SM = Ctx.getSourceManager();
// Inserts the .data() after the DRE // Inserts the .data() after the DRE
SourceLocation endOfOperand = getEndCharLoc(Node, SM, Ctx.getLangOpts()); std::optional<SourceLocation> EndOfOperand =
getPastLoc(Node, SM, Ctx.getLangOpts());
if (EndOfOperand)
return FixItList{{FixItHint::CreateInsertion( return FixItList{{FixItHint::CreateInsertion(
endOfOperand.getLocWithOffset(1), ".data()")}}; *EndOfOperand, ".data()")}};
} }
case Strategy::Kind::Wontfix: case Strategy::Kind::Wontfix:
ziqingluo-90Unsubmitted
Done
ReplyInline Actions

Maybe to use getPastLoc instead of getLocWithOffset(1). A problem with Loc.getLocWithOffset(1) is that the returned location always have same FileID as Loc. If Loc is part of a macro but Loc.getLocWithOffset(1) is not suppose to be so, Loc.getLocWithOffset(1) is having a wrong FileID. Locations in macros should have different FileIDs than the ones that are not in a macro.

ziqingluo-90: Maybe to use `getPastLoc` instead of `getLocWithOffset(1)`. A problem with `Loc.
case Strategy::Kind::Iterator: case Strategy::Kind::Iterator:
case Strategy::Kind::Array: case Strategy::Kind::Array:
case Strategy::Kind::Vector: case Strategy::Kind::Vector:
llvm_unreachable("unsupported strategies for FixableGadgets"); llvm_unreachable("unsupported strategies for FixableGadgets");
} }
return std::nullopt; return std::nullopt;
} }
Show All 11 LinesfixUPCAddressofArraySubscriptWithSpan(const UnaryOperator *Node) {
const SourceManager &SM = Ctx.getSourceManager(); const SourceManager &SM = Ctx.getSourceManager();
const LangOptions &LangOpts = Ctx.getLangOpts(); const LangOptions &LangOpts = Ctx.getLangOpts();
std::stringstream SS; std::stringstream SS;
bool IdxIsLitZero = false; bool IdxIsLitZero = false;
if (auto ICE = Idx->getIntegerConstantExpr(Ctx)) if (auto ICE = Idx->getIntegerConstantExpr(Ctx))
if ((*ICE).isZero()) if ((*ICE).isZero())
IdxIsLitZero = true; IdxIsLitZero = true;
std::optional<StringRef> DreString = getExprText(DRE, SM, LangOpts);
if (!DreString)
return std::nullopt;
if (IdxIsLitZero) { if (IdxIsLitZero) {
// If the index is literal zero, we produce the most concise fix-it: // If the index is literal zero, we produce the most concise fix-it:
SS << getExprText(DRE, SM, LangOpts).str() << ".data()"; SS << (*DreString).str() << ".data()";
} else { } else {
SS << "&" << getExprText(DRE, SM, LangOpts).str() << ".data()" std::optional<StringRef> IndexString = getExprText(Idx, SM, LangOpts);
<< "[" << getExprText(Idx, SM, LangOpts).str() << "]"; if (!IndexString)
return std::nullopt;
SS << "&" << (*DreString).str() << ".data()"
<< "[" << (*IndexString).str() << "]";
} }
return FixItList{ return FixItList{
FixItHint::CreateReplacement(Node->getSourceRange(), SS.str())}; FixItHint::CreateReplacement(Node->getSourceRange(), SS.str())};
} }
std::optional<FixItList> UPCPreIncrementGadget::getFixits(const Strategy &S) const { std::optional<FixItList> UPCPreIncrementGadget::getFixits(const Strategy &S) const {
DeclUseList DREs = getClaimedVarUseSites(); DeclUseList DREs = getClaimedVarUseSites();
if (DREs.size() != 1) if (DREs.size() != 1)
return std::nullopt; // In cases of `++Ptr` where `Ptr` is not a DRE, we return std::nullopt; // In cases of `++Ptr` where `Ptr` is not a DRE, we
// give up // give up
if (const VarDecl *VD = dyn_cast<VarDecl>(DREs.front()->getDecl())) { if (const VarDecl *VD = dyn_cast<VarDecl>(DREs.front()->getDecl())) {
if (S.lookup(VD) == Strategy::Kind::Span) { if (S.lookup(VD) == Strategy::Kind::Span) {
FixItList Fixes; FixItList Fixes;
std::stringstream SS; std::stringstream SS;
const Stmt *PreIncNode = getBaseStmt(); const Stmt *PreIncNode = getBaseStmt();
StringRef varName = VD->getName(); StringRef varName = VD->getName();
const ASTContext &Ctx = VD->getASTContext(); const ASTContext &Ctx = VD->getASTContext();
// To transform UPC(++p) to UPC((p = p.subspan(1)).data()): // To transform UPC(++p) to UPC((p = p.subspan(1)).data()):
SS << "(" << varName.data() << " = " << varName.data() SS << "(" << varName.data() << " = " << varName.data()
<< ".subspan(1)).data()"; << ".subspan(1)).data()";
std::optional<SourceLocation> PreIncLocation =
getEndCharLoc(PreIncNode, Ctx.getSourceManager(), Ctx.getLangOpts());
if (!PreIncLocation)
return std::nullopt;
Fixes.push_back(FixItHint::CreateReplacement( Fixes.push_back(FixItHint::CreateReplacement(
SourceRange(PreIncNode->getBeginLoc(), SourceRange(PreIncNode->getBeginLoc(), *PreIncLocation), SS.str()));
getEndCharLoc(PreIncNode, Ctx.getSourceManager(),
Ctx.getLangOpts())),
SS.str()));
return Fixes; return Fixes;
} }
} }
return std::nullopt; // Not in the cases that we can handle for now, give up. return std::nullopt; // Not in the cases that we can handle for now, give up.
} }
ziqingluo-90Unsubmitted
Done
ReplyInline Actions

If location has no value, this function should return std::nullopt.

ziqingluo-90: If `location` has no value, this function should return `std::nullopt`.
// For a non-null initializer `Init` of `T *` type, this function returns // For a non-null initializer `Init` of `T *` type, this function returns
// `FixItHint`s producing a list initializer `{Init, S}` as a part of a fix-it // `FixItHint`s producing a list initializer `{Init, S}` as a part of a fix-it
// to output stream. // to output stream.
// In many cases, this function cannot figure out the actual extent `S`. It // In many cases, this function cannot figure out the actual extent `S`. It
// then will use a place holder to replace `S` to ask users to fill `S` in. The // then will use a place holder to replace `S` to ask users to fill `S` in. The
// initializer shall be used to initialize a variable of type `std::span<T>`. // initializer shall be used to initialize a variable of type `std::span<T>`.
Show All 14 LinespopulateInitializerFixItWithSpan(const Expr *Init, const ASTContext &Ctx,
// object, i.e., a `std:span` variable declaration with no initializer. // object, i.e., a `std:span` variable declaration with no initializer.
// So the fix-it is just to remove the initializer. // So the fix-it is just to remove the initializer.
if (Init->isNullPointerConstant( if (Init->isNullPointerConstant(
std::remove_const_t<ASTContext &>(Ctx), std::remove_const_t<ASTContext &>(Ctx),
// FIXME: Why does this function not ask for `const ASTContext // FIXME: Why does this function not ask for `const ASTContext
// &`? It should. Maybe worth an NFC patch later. // &`? It should. Maybe worth an NFC patch later.
Expr::NullPointerConstantValueDependence:: Expr::NullPointerConstantValueDependence::
NPC_ValueDependentIsNotNull)) { NPC_ValueDependentIsNotNull)) {
SourceRange SR(Init->getBeginLoc(), getEndCharLoc(Init, SM, LangOpts)); std::optional<SourceLocation> InitLocation =
getEndCharLoc(Init, SM, LangOpts);
if (!InitLocation)
return {};
SourceRange SR(Init->getBeginLoc(), *InitLocation);
return {FixItHint::CreateRemoval(SR)}; return {FixItHint::CreateRemoval(SR)};
} }
FixItList FixIts{}; FixItList FixIts{};
std::string ExtentText = UserFillPlaceHolder.data(); std::string ExtentText = UserFillPlaceHolder.data();
StringRef One = "1"; StringRef One = "1";
// Insert `{` before `Init`: // Insert `{` before `Init`:
FixIts.push_back(FixItHint::CreateInsertion(Init->getBeginLoc(), "{")); FixIts.push_back(FixItHint::CreateInsertion(Init->getBeginLoc(), "{"));
// Try to get the data extent. Break into different cases: // Try to get the data extent. Break into different cases:
if (auto CxxNew = dyn_cast<CXXNewExpr>(Init->IgnoreImpCasts())) { if (auto CxxNew = dyn_cast<CXXNewExpr>(Init->IgnoreImpCasts())) {
// In cases `Init` is `new T[n]` and there is no explicit cast over // In cases `Init` is `new T[n]` and there is no explicit cast over
// `Init`, we know that `Init` must evaluates to a pointer to `n` objects // `Init`, we know that `Init` must evaluates to a pointer to `n` objects
// of `T`. So the extent is `n` unless `n` has side effects. Similar but // of `T`. So the extent is `n` unless `n` has side effects. Similar but
// simpler for the case where `Init` is `new T`. // simpler for the case where `Init` is `new T`.
if (const Expr *Ext = CxxNew->getArraySize().value_or(nullptr)) { if (const Expr *Ext = CxxNew->getArraySize().value_or(nullptr)) {
if (!Ext->HasSideEffects(Ctx)) if (!Ext->HasSideEffects(Ctx)) {
ExtentText = getExprText(Ext, SM, LangOpts); std::optional<StringRef> ExtentString = getExprText(Ext, SM, LangOpts);
if (!ExtentString)
return {};
ExtentText = *ExtentString;
}
} else if (!CxxNew->isArray()) } else if (!CxxNew->isArray())
// Although the initializer is not allocating a buffer, the pointer // Although the initializer is not allocating a buffer, the pointer
// variable could still be used in buffer access operations. // variable could still be used in buffer access operations.
ExtentText = One; ExtentText = One;
} else if (const auto *CArrTy = Ctx.getAsConstantArrayType( } else if (const auto *CArrTy = Ctx.getAsConstantArrayType(
Init->IgnoreImpCasts()->getType())) { Init->IgnoreImpCasts()->getType())) {
// In cases `Init` is of an array type after stripping off implicit casts, // In cases `Init` is of an array type after stripping off implicit casts,
// the extent is the array size. Note that if the array size is not a // the extent is the array size. Note that if the array size is not a
// constant, we cannot use it as the extent. // constant, we cannot use it as the extent.
ExtentText = getAPIntText(CArrTy->getSize()); ExtentText = getAPIntText(CArrTy->getSize());
} else { } else {
// In cases `Init` is of the form `&Var` after stripping of implicit // In cases `Init` is of the form `&Var` after stripping of implicit
// casts, where `&` is the built-in operator, the extent is 1. // casts, where `&` is the built-in operator, the extent is 1.
if (auto AddrOfExpr = dyn_cast<UnaryOperator>(Init->IgnoreImpCasts())) if (auto AddrOfExpr = dyn_cast<UnaryOperator>(Init->IgnoreImpCasts()))
if (AddrOfExpr->getOpcode() == UnaryOperatorKind::UO_AddrOf && if (AddrOfExpr->getOpcode() == UnaryOperatorKind::UO_AddrOf &&
isa_and_present<DeclRefExpr>(AddrOfExpr->getSubExpr())) isa_and_present<DeclRefExpr>(AddrOfExpr->getSubExpr()))
ExtentText = One; ExtentText = One;
// TODO: we can handle more cases, e.g., `&a[0]`, `&a`, `std::addressof`, // TODO: we can handle more cases, e.g., `&a[0]`, `&a`, `std::addressof`,
// and explicit casting, etc. etc. // and explicit casting, etc. etc.
} }
SmallString<32> StrBuffer{}; SmallString<32> StrBuffer{};
SourceLocation LocPassInit = getPastLoc(Init, SM, LangOpts); std::optional<SourceLocation> LocPassInit = getPastLoc(Init, SM, LangOpts);
if (!LocPassInit)
return {};
StrBuffer.append(", "); StrBuffer.append(", ");
StrBuffer.append(ExtentText); StrBuffer.append(ExtentText);
StrBuffer.append("}"); StrBuffer.append("}");
FixIts.push_back(FixItHint::CreateInsertion(LocPassInit, StrBuffer.str())); FixIts.push_back(FixItHint::CreateInsertion(*LocPassInit, StrBuffer.str()));
return FixIts; return FixIts;
NoQUnsubmitted
Done
ReplyInline Actions

The FixIts list is never empty; at the very least it unconditionally contains insertion of "{". If LocPassInit turns out to be invalid, we will end up emitting a broken fixit. I think an early return is more appropriate.

I think it's safer to do a

if(!LocPassInit)
  return {};
NoQ: The `FixIts` list is never empty; at the very least it unconditionally contains insertion of…
} }
// For a `VarDecl` of the form `T * var (= Init)?`, this // For a `VarDecl` of the form `T * var (= Init)?`, this
// function generates a fix-it for the declaration, which re-declares `var` to // function generates a fix-it for the declaration, which re-declares `var` to
// be of `span<T>` type and transforms the initializer, if present, to a span // be of `span<T>` type and transforms the initializer, if present, to a span
// constructor---`span<T> var {Init, Extent}`, where `Extent` may need the user // constructor---`span<T> var {Init, Extent}`, where `Extent` may need the user
// to fill in. // to fill in.
// //
// FIXME: support Multi-level pointers // FIXME: support Multi-level pointers
// //
// Parameters: // Parameters:
// `D` a pointer the variable declaration node // `D` a pointer the variable declaration node
// `Ctx` a reference to the ASTContext // `Ctx` a reference to the ASTContext
// Returns: // Returns:
// the generated fix-it // the generated fix-it
static FixItList fixVarDeclWithSpan(const VarDecl *D, const ASTContext &Ctx, static FixItList fixVarDeclWithSpan(const VarDecl *D, const ASTContext &Ctx,
const StringRef UserFillPlaceHolder) { const StringRef UserFillPlaceHolder) {
const QualType &SpanEltT = D->getType()->getPointeeType(); const QualType &SpanEltT = D->getType()->getPointeeType();
assert(!SpanEltT.isNull() && "Trying to fix a non-pointer type variable!"); assert(!SpanEltT.isNull() && "Trying to fix a non-pointer type variable!");
FixItList FixIts{}; FixItList FixIts{};
SourceLocation std::optional<SourceLocation>
ReplacementLastLoc; // the inclusive end location of the replacement ReplacementLastLoc; // the inclusive end location of the replacement
const SourceManager &SM = Ctx.getSourceManager(); const SourceManager &SM = Ctx.getSourceManager();
if (const Expr *Init = D->getInit()) { if (const Expr *Init = D->getInit()) {
FixItList InitFixIts = FixItList InitFixIts =
populateInitializerFixItWithSpan(Init, Ctx, UserFillPlaceHolder); populateInitializerFixItWithSpan(Init, Ctx, UserFillPlaceHolder);
assert(!InitFixIts.empty() && if (InitFixIts.empty())
"Unable to fix initializer of unsafe variable declaration"); return {};
// The loc right before the initializer: // The loc right before the initializer:
ReplacementLastLoc = Init->getBeginLoc().getLocWithOffset(-1); ReplacementLastLoc = Init->getBeginLoc().getLocWithOffset(-1);
FixIts.insert(FixIts.end(), std::make_move_iterator(InitFixIts.begin()), FixIts.insert(FixIts.end(), std::make_move_iterator(InitFixIts.begin()),
std::make_move_iterator(InitFixIts.end())); std::make_move_iterator(InitFixIts.end()));
} else } else
ReplacementLastLoc = getEndCharLoc(D, SM, Ctx.getLangOpts()); ReplacementLastLoc = getEndCharLoc(D, SM, Ctx.getLangOpts());
// Producing fix-it for variable declaration---make `D` to be of span type: // Producing fix-it for variable declaration---make `D` to be of span type:
SmallString<32> Replacement; SmallString<32> Replacement;
raw_svector_ostream OS(Replacement); raw_svector_ostream OS(Replacement);
OS << "std::span<" << SpanEltT.getAsString() << "> " << D->getName(); OS << "std::span<" << SpanEltT.getAsString() << "> " << D->getName();
if (!ReplacementLastLoc)
return {};
FixIts.push_back(FixItHint::CreateReplacement( FixIts.push_back(FixItHint::CreateReplacement(
SourceRange{D->getBeginLoc(), ReplacementLastLoc}, OS.str())); SourceRange{D->getBeginLoc(), *ReplacementLastLoc}, OS.str()));
return FixIts; return FixIts;
} }
ziqingluo-90Unsubmitted
Done
ReplyInline Actions

If ReplacementLastLoc has no value, we should return an empty FixItList meaning that no fix for the variable declaration.

yeah... we are being inconsistent in representing no fix using std::nullopt for Gadgets while using empty list for Decls. We can fix it later.

ziqingluo-90: If `ReplacementLastLoc` has no value, we should return an empty `FixItList` meaning that no fix…
NoQUnsubmitted
Done
ReplyInline Actions

I think it's safer to write code like

if(!ReplacementLastLoc)
  return {};

so that to make sure that we never emit an incomplete fixit (like we seem to be doing in the other function).

NoQ: I think it's safer to write code like ``` if(!ReplacementLastLoc) return {}; ``` so that to…
static FixItList fixVariableWithSpan(const VarDecl *VD, static FixItList fixVariableWithSpan(const VarDecl *VD,
const DeclUseTracker &Tracker, const DeclUseTracker &Tracker,
const ASTContext &Ctx, const ASTContext &Ctx,
UnsafeBufferUsageHandler &Handler) { UnsafeBufferUsageHandler &Handler) {
const DeclStmt *DS = Tracker.lookupDecl(VD); const DeclStmt *DS = Tracker.lookupDecl(VD);
assert(DS && "Fixing non-local variables not implemented yet!"); assert(DS && "Fixing non-local variables not implemented yet!");
if (!DS->isSingleDecl()) { if (!DS->isSingleDecl()) {
▲ Show 20 LinesShow All 155 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-local-var-span.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s
typedef int * Int_ptr_t; typedef int * Int_ptr_t;
typedef int Int_t; typedef int Int_t;
#define DEFINE_PTR(X) int* ptr = (X);
void local_array_subscript_simple() { void local_array_subscript_simple() {
int tmp; int tmp;
int *p = new int[10]; int *p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
const int *q = new int[10]; const int *q = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:17}:"std::span<const int> q" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:17}:"std::span<const int> q"
▲ Show 20 LinesShow All 204 Lines▼ Show 20 Linesvoid unsupported_subscript_negative(int i, unsigned j, unsigned long k) {
int * r = new int[10]; int * r = new int[10];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:12}:"std::span<int> r" // CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:12}:"std::span<int> r"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:13-[[@LINE-2]]:13}:"{" // CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:13-[[@LINE-2]]:13}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:24-[[@LINE-3]]:24}:", 10}" // CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:24-[[@LINE-3]]:24}:", 10}"
tmp = r[j] + r[k]; // both `j` and `k` are unsigned so they must be non-negative tmp = r[j] + r[k]; // both `j` and `k` are unsigned so they must be non-negative
tmp = r[(unsigned int)-1]; // a cast-to-unsigned-expression is also non-negative tmp = r[(unsigned int)-1]; // a cast-to-unsigned-expression is also non-negative
} }
void all_vars_in_macro() {
int* local;
DEFINE_PTR(local)
ptr[1] = 0;
}
void few_vars_in_macro() {
int* local;
DEFINE_PTR(local)
ptr[1] = 0;
int tmp;
ptr[2] = 30;
auto p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
tmp = p[5];
int val = *p;
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:13-[[@LINE-1]]:14}:""
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:15-[[@LINE-2]]:15}:"[0]"
val = *p + 30;
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:9-[[@LINE-1]]:10}:""
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:11-[[@LINE-2]]:11}:"[0]"
}