This is an archive of the discontinued LLVM Phabricator instance.

Differential D146669

[-Wunsafe-buffer-usage] Hide fixits/suggestions behind an extra flag, -fsafe-buffer-usage-suggestions.
ClosedPublic

Authored by NoQ on Mar 22 2023, 4:30 PM.

Details

Reviewers
jkorous
t-rasmud
ziqingluo-90
malavikasamak
aaron.ballman
gribozavr
ymandel
sgatev
Commits
rGb7bdf1996fd1: [-Wunsafe-buffer-usage] Hide fixits/suggestions behind an extra flag.
Summary

This patch implements a new clang driver flag -fsafe-buffer-usage-suggestions which allows turning the smart suggestion machine on and off (defaults to off). This is valuable for stability reasons, as the machine is being rapidly improved and we don't want accidental breakages to ruin the build for innocent users. It is also arguably useful in general because it enables separation of concerns between project contributors: some users will actively update the code to conform to the programming model, while others simply want to make sure that they aren't regressing it. Finally, there could be other valid reasons to opt out of suggestions entirely on some codebases (while continuing to enforce -Wunsafe-buffer-usage warnings), such as lack of access to hardened libc++ (or even to the C++ standard library in general) on the target platform.

When the flag is disabled, the unsafe buffer usage analysis is reduced to an extremely minimal mode of operation that contains virtually no smarts: not only it doesn't offer automatic fixits, but also textual suggestions such as "change the type of this variable to std::span to preserve bounds information" are not displayed*, and in fact the machine doesn't even try to blame specific variables in the first place, it simply warns on the operations and leaves everything else to the user. So this flag turns off a lot more of our complex machinery than what we already turn off in presence of say -fno-diagnostic-fixit-info.

The flag is discoverable: when it's off, the warnings are accompanied by a note: telling the user that there's a flag they can use. (Do we really need that? Maybe we should somehow throttle it to reduce noise?)

Diff Detail

Event Timeline

NoQ created this revision.Mar 22 2023, 4:30 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 22 2023, 4:30 PM
Herald added subscribers: steakhal, martong. · View Herald Transcript
NoQ requested review of this revision.Mar 22 2023, 4:30 PM
Herald added a subscriber: MaskRay. · View Herald TranscriptMar 22 2023, 4:30 PM
NoQ updated this revision to Diff 507549.Mar 22 2023, 4:43 PM

Add some nice assertions.

jkorous accepted this revision.Mar 22 2023, 6:59 PM

LGTM.

clang/include/clang/Basic/DiagnosticSemaKinds.td
11792

I like this idea!

Thinking about the questions you raised:

Do we really need that? Maybe we should somehow throttle it to reduce noise?

The only case I can see value in not emitting this note is when the user passes -fno-safe-buffer-usage-suggestions. In that case it can be argued that the user is well aware of the flag since they explicitly turned it off.

That being said I am fine with the current behavior and in either case expect we will tweak this once we get feedback from the users.

This revision is now accepted and ready to land.Mar 22 2023, 6:59 PM
Harbormaster completed remote builds in B221171: Diff 507549.Mar 22 2023, 10:35 PM
ziqingluo-90 added inline comments.Mar 23 2023, 11:50 AM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1139

nitpick: I'm afraid that we will forgot the difference between EmitSuggestions and EmitFixits later if there is no document about it.

ziqingluo-90 added inline comments.Mar 23 2023, 11:58 AM
clang/lib/Sema/AnalysisBasedWarnings.cpp
2205

nitpick:
I was a bit confused by the name of the variable. My understand of
!SuggestSuggestions here means "we are suggesting suggestions now".
Then what does SuggestSuggestions mean?

t-rasmud requested changes to this revision.Mar 23 2023, 12:42 PM
This revision now requires changes to proceed.Mar 23 2023, 12:42 PM
t-rasmud accepted this revision.Mar 23 2023, 12:42 PM
This revision is now accepted and ready to land.Mar 23 2023, 12:42 PM
t-rasmud added inline comments.Mar 23 2023, 12:43 PM
clang/lib/Sema/AnalysisBasedWarnings.cpp
2159

Was there a reason for naming this variable SuggestSuggestions? Can this be called EmitSuggestions? I think that would make it uniform and easy to follow the code.

NoQ updated this revision to Diff 507903.Mar 23 2023, 3:39 PM

Explain the weird variable name.

Confirm that even though warn_unsafe_buffer_operation and note_unsafe_buffer_operation have a different number of modes, the mismatch doesn't cause problems yet. Add an assert to catch the problem when it starts happening. Add tests to confirm that messages make sense.

clang/include/clang/Basic/DiagnosticSemaKinds.td
11792

The only case I can see value in not emitting this note is when the user passes -fno-safe-buffer-usage-suggestions. In that case it can be argued that the user is well aware of the flag since they explicitly turned it off.

Yeah fair enough. This will need some rework though, because right now -fno-... is purely a Driver flag, so -cc1 invocations aren't even aware of it being passed this way. So it turns from a normal flag to a somewhat quirky flag.

clang/lib/Sema/AnalysisBasedWarnings.cpp
2159

It means "Should I emit a note reminding the user to enable -fsafe-buffer-usage-suggestions if they want suggestions?", so it's quite different from EmitSuggestions (in fact it's the opposite). Added a comment.

2205

Yeah it means "Should I emit a note reminding the user to enable -fsafe-buffer-usage-suggestions if they want suggestions?". Added a comment to the variable.

NoQ updated this revision to Diff 507912.Mar 23 2023, 4:05 PM

Don't recommend enabling suggestions when suggestions are impossible (eg. due to lack of C++20).

NoQ mentioned this in D146773: [-Wunsafe-buffer-usage] Make raw (ungrouped) warnings a bit more verbose..Mar 23 2023, 5:11 PM
NoQ added a child revision: D146773: [-Wunsafe-buffer-usage] Make raw (ungrouped) warnings a bit more verbose..
NoQ added a comment.EditedMar 28 2023, 3:17 PM

So in a nutshell, this is the intended behavior:

codediagnosticEmitFixits && EmitSuggestions!EmitFixits && EmitSuggestions!EmitFixits && !EmitSuggestions
void foo(int *p) {note: 'p' declared hereyesyesno
int *q;warning: 'q' is unsafe pointer to raw bufferyesyesno
note with fixit: change type of 'q' and 'p' to span to propagate bounds informationyesyes (no fixit)no
q = p;note: bounds information propagates from 'p' to 'q' hereyesyesno
q[5] = 10;note: unsafe raw buffer operation hereyesyesyes (warning)
note: pass -fsafe-buffer-usage-suggestions to receive code hardening suggestionsnonoyes
}

The first mode, "EmitFixits && EmitSuggestions", is the default behavior before this patch, and the behavior under -fsafe-buffer-usage-suggestions after this patch. The third mode, "!EmitFixits && !EmitSuggestions", is the default behavior after the patch.

The second mode, "!EmitFixits && EmitSuggestions" (the special behavior under -fno-diagnostics-fixit-info) was implemented for two purposes:

  • Recover some performance when -fno-diagnostics-fixit-info is passed (don't run the sophisticated fixit machinery if fixits are going to be discarded);
  • As a possible workaround for potential crashes in the fixit machinery.

We initially hoped that this mode will make "!EmitSuggestions" unnecessary, but as the table above demonstrates, a very large portion of the fixit machine's logic is still being invoked for the purposes of building notes, even when fixits aren't attached. And we cannot really disable this logic under that compiler flag, given that -fno-diagnostics-fixit-info already has a well-defined meaning which doesn't allow us to change the shape of the diagnostics in response. So we needed a new, more powerful flag, so here we are. I suspect that explicit support for !EmitFixits is no longer necessary. It is now useful for performance purposes only, and we don't any concrete data to support the claim that it's a valuable optimization, nor do we believe that this flag is ever intentionally passed in practice, so I guess I'll go ahead and remove it.

NoQ updated this revision to Diff 510933.EditedApr 4 2023, 2:47 PM
  • Rebase! (I'll update related revisions soon but not immediately, need to make sense out of them first.)
  • Eliminate the EmitFixits flag as discussed above (so the middle mode is now gone).
Harbormaster completed remote builds in B223677: Diff 510933.Apr 4 2023, 2:48 PM
NoQ added a parent revision: D146342: [-Wunsafe-buffer-usage] Move the whole analysis to the end of a translation unit.Apr 7 2023, 2:48 PM
NoQ updated this revision to Diff 515110.Apr 19 2023, 3:41 PM

Before I forget: Update tests that didn't fail due to my patch because they were testing absence of things (warnings or fixits) and my patch only made them more absent. They need to keep testing absence of these things even when the flag is passed.

Harbormaster completed remote builds in B226713: Diff 515110.Apr 19 2023, 3:42 PM
NoQ updated this revision to Diff 523595.May 18 2023, 4:09 PM

Rebase!

NoQ updated this revision to Diff 523601.May 18 2023, 4:43 PM

Rebase *correctly*!

This revision was landed with ongoing or failed builds.May 18 2023, 5:20 PM
Closed by commit rGb7bdf1996fd1: [-Wunsafe-buffer-usage] Hide fixits/suggestions behind an extra flag. (authored by Artem Dergachev <adergachev@apple.com>). · Explain Why
This revision was automatically updated to reflect the committed changes.
Artem Dergachev <adergachev@apple.com> added a commit: rGb7bdf1996fd1: [-Wunsafe-buffer-usage] Hide fixits/suggestions behind an extra flag..
Herald added a project: Restricted Project. · View Herald TranscriptMay 18 2023, 5:20 PM
Harbormaster completed remote builds in B233042: Diff 523601.May 18 2023, 10:55 PM
NoQ removed a child revision: D146773: [-Wunsafe-buffer-usage] Make raw (ungrouped) warnings a bit more verbose..Aug 23 2023, 5:31 PM

Revision Contents

Diff 507912

clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines getUserFillPlaceHolder(StringRef HintTextToUser = "placeholder") {
s += " #>"; s += " #>";
return s; return s;
} }
}; };
// This function invokes the analysis and allows the caller to react to it // This function invokes the analysis and allows the caller to react to it
// through the handler class. // through the handler class.
void checkUnsafeBufferUsage(const Decl *D, UnsafeBufferUsageHandler &Handler, void checkUnsafeBufferUsage(const Decl *D, UnsafeBufferUsageHandler &Handler,
bool EmitFixits); bool EmitSuggestions, bool EmitFixits);
namespace internal { namespace internal {
// Tests if any two `FixItHint`s in `FixIts` conflict. Two `FixItHint`s // Tests if any two `FixItHint`s in `FixIts` conflict. Two `FixItHint`s
// conflict if they have overlapping source ranges. // conflict if they have overlapping source ranges.
bool anyConflict(const llvm::SmallVectorImpl<FixItHint> &FixIts, bool anyConflict(const llvm::SmallVectorImpl<FixItHint> &FixIts,
const SourceManager &SM); const SourceManager &SM);
} // namespace internal } // namespace internal
} // end namespace clang } // end namespace clang
#endif /* LLVM_CLANG_ANALYSIS_ANALYSES_UNSAFEBUFFERUSAGE_H */ #endif /* LLVM_CLANG_ANALYSIS_ANALYSES_UNSAFEBUFFERUSAGE_H */

clang/include/clang/Basic/DiagnosticOptions.def

Show First 20 LinesShow All 89 Lines▼ Show 20 Lines
VALUE_DIAGOPT(SpellCheckingLimit, 32, DefaultSpellCheckingLimit) VALUE_DIAGOPT(SpellCheckingLimit, 32, DefaultSpellCheckingLimit)
/// Limit number of lines shown in a snippet. /// Limit number of lines shown in a snippet.
VALUE_DIAGOPT(SnippetLineLimit, 32, DefaultSnippetLineLimit) VALUE_DIAGOPT(SnippetLineLimit, 32, DefaultSnippetLineLimit)
VALUE_DIAGOPT(TabStop, 32, DefaultTabStop) /// The distance between tab stops. VALUE_DIAGOPT(TabStop, 32, DefaultTabStop) /// The distance between tab stops.
/// Column limit for formatting message diagnostics, or 0 if unused. /// Column limit for formatting message diagnostics, or 0 if unused.
VALUE_DIAGOPT(MessageLength, 32, 0) VALUE_DIAGOPT(MessageLength, 32, 0)
DIAGOPT(ShowSafeBufferUsageSuggestions, 1, 0)
#undef DIAGOPT #undef DIAGOPT
#undef ENUM_DIAGOPT #undef ENUM_DIAGOPT
#undef VALUE_DIAGOPT #undef VALUE_DIAGOPT
#undef SEMANTIC_DIAGOPT #undef SEMANTIC_DIAGOPT
#undef SEMANTIC_ENUM_DIAGOPT #undef SEMANTIC_ENUM_DIAGOPT
#undef SEMANTIC_VALUE_DIAGOPT #undef SEMANTIC_VALUE_DIAGOPT

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 11,783 Lines▼ Show 20 Lines
def warn_unsafe_buffer_operation : Warning< def warn_unsafe_buffer_operation : Warning<
"%select{unsafe pointer operation|unsafe pointer arithmetic|" "%select{unsafe pointer operation|unsafe pointer arithmetic|"
"unsafe buffer access|function introduces unsafe buffer manipulation}0">, "unsafe buffer access|function introduces unsafe buffer manipulation}0">,
InGroup<UnsafeBufferUsage>, DefaultIgnore; InGroup<UnsafeBufferUsage>, DefaultIgnore;
def note_unsafe_buffer_operation : Note< def note_unsafe_buffer_operation : Note<
"used%select{| in pointer arithmetic| in buffer access}0 here">; "used%select{| in pointer arithmetic| in buffer access}0 here">;
def note_unsafe_buffer_variable_fixit : Note< def note_unsafe_buffer_variable_fixit : Note<
"change type of '%0' to '%select{std::span|std::array|std::span::iterator}1' to preserve bounds information">; "change type of '%0' to '%select{std::span|std::array|std::span::iterator}1' to preserve bounds information">;
def note_safe_buffer_usage_suggestions_disabled : Note<
jkorousUnsubmitted
Not Done
ReplyInline Actions

I like this idea!

Thinking about the questions you raised:

Do we really need that? Maybe we should somehow throttle it to reduce noise?

The only case I can see value in not emitting this note is when the user passes -fno-safe-buffer-usage-suggestions. In that case it can be argued that the user is well aware of the flag since they explicitly turned it off.

That being said I am fine with the current behavior and in either case expect we will tweak this once we get feedback from the users.

jkorous: I like this idea! Thinking about the questions you raised: > Do we really need that? Maybe we…
NoQAuthorUnsubmitted
Done
ReplyInline Actions

The only case I can see value in not emitting this note is when the user passes -fno-safe-buffer-usage-suggestions. In that case it can be argued that the user is well aware of the flag since they explicitly turned it off.

Yeah fair enough. This will need some rework though, because right now -fno-... is purely a Driver flag, so -cc1 invocations aren't even aware of it being passed this way. So it turns from a normal flag to a somewhat quirky flag.

NoQ: > The only case I can see value in not emitting this note is when the user passes -fno-safe…
"pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions">;
def err_loongarch_builtin_requires_la32 : Error< def err_loongarch_builtin_requires_la32 : Error<
"this builtin requires target: loongarch32">; "this builtin requires target: loongarch32">;
def err_builtin_pass_in_regs_non_class : Error< def err_builtin_pass_in_regs_non_class : Error<
"argument %0 is not an unqualified class type">; "argument %0 is not an unqualified class type">;
// WebAssembly reference type and table diagnostics. // WebAssembly reference type and table diagnostics.
def err_wasm_reference_pr : Error< def err_wasm_reference_pr : Error<
"%select{pointer|reference}0 to WebAssembly reference type is not allowed">; "%select{pointer|reference}0 to WebAssembly reference type is not allowed">;
def err_wasm_ca_reference : Error< def err_wasm_ca_reference : Error<
"cannot %select{capture|take address of}0 WebAssembly reference">; "cannot %select{capture|take address of}0 WebAssembly reference">;
def err_wasm_funcref_not_wasm : Error< def err_wasm_funcref_not_wasm : Error<
"invalid use of '__funcref' keyword outside the WebAssembly triple">; "invalid use of '__funcref' keyword outside the WebAssembly triple">;
} // end of sema component. } // end of sema component.

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,554 Lines▼ Show 20 Linesdefm diagnostics_show_note_include_stack : BoolFOption<"diagnostics-show-note-include-stack",
PosFlag<SetTrue, [], "Display include stacks for diagnostic notes">, PosFlag<SetTrue, [], "Display include stacks for diagnostic notes">,
NegFlag<SetFalse>, BothFlags<[CC1Option]>>; NegFlag<SetFalse>, BothFlags<[CC1Option]>>;
def fdiagnostics_format_EQ : Joined<["-"], "fdiagnostics-format=">, Group<f_clang_Group>; def fdiagnostics_format_EQ : Joined<["-"], "fdiagnostics-format=">, Group<f_clang_Group>;
def fdiagnostics_show_category_EQ : Joined<["-"], "fdiagnostics-show-category=">, Group<f_clang_Group>; def fdiagnostics_show_category_EQ : Joined<["-"], "fdiagnostics-show-category=">, Group<f_clang_Group>;
def fdiagnostics_show_template_tree : Flag<["-"], "fdiagnostics-show-template-tree">, def fdiagnostics_show_template_tree : Flag<["-"], "fdiagnostics-show-template-tree">,
Group<f_Group>, Flags<[CC1Option]>, Group<f_Group>, Flags<[CC1Option]>,
HelpText<"Print a template comparison tree for differing templates">, HelpText<"Print a template comparison tree for differing templates">,
MarshallingInfoFlag<DiagnosticOpts<"ShowTemplateTree">>; MarshallingInfoFlag<DiagnosticOpts<"ShowTemplateTree">>;
defm safe_buffer_usage_suggestions : BoolFOption<"safe-buffer-usage-suggestions",
DiagnosticOpts<"ShowSafeBufferUsageSuggestions">, DefaultFalse,
PosFlag<SetTrue, [CC1Option],
"Display suggestions to update code associated with -Wunsafe-buffer-usage warnings">,
NegFlag<SetFalse>>;
def fdiscard_value_names : Flag<["-"], "fdiscard-value-names">, Group<f_clang_Group>, def fdiscard_value_names : Flag<["-"], "fdiscard-value-names">, Group<f_clang_Group>,
HelpText<"Discard value names in LLVM IR">, Flags<[NoXarchOption]>; HelpText<"Discard value names in LLVM IR">, Flags<[NoXarchOption]>;
def fno_discard_value_names : Flag<["-"], "fno-discard-value-names">, Group<f_clang_Group>, def fno_discard_value_names : Flag<["-"], "fno-discard-value-names">, Group<f_clang_Group>,
HelpText<"Do not discard value names in LLVM IR">, Flags<[NoXarchOption]>; HelpText<"Do not discard value names in LLVM IR">, Flags<[NoXarchOption]>;
defm dollars_in_identifiers : BoolFOption<"dollars-in-identifiers", defm dollars_in_identifiers : BoolFOption<"dollars-in-identifiers",
LangOpts<"DollarIdents">, Default<!strconcat("!", asm_preprocessor.KeyPath)>, LangOpts<"DollarIdents">, Default<!strconcat("!", asm_preprocessor.KeyPath)>,
PosFlag<SetTrue, [], "Allow">, NegFlag<SetFalse, [], "Disallow">, PosFlag<SetTrue, [], "Allow">, NegFlag<SetFalse, [], "Disallow">,
BothFlags<[CC1Option], " '$' in identifiers">>; BothFlags<[CC1Option], " '$' in identifiers">>;
▲ Show 20 LinesShow All 5,645 LinesShow Last 20 Lines

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 LinesShow All 605 Lines▼ Show 20 Linespublic:
virtual DeclUseList getClaimedVarUseSites() const final { virtual DeclUseList getClaimedVarUseSites() const final {
return {BaseDeclRefExpr}; return {BaseDeclRefExpr};
} }
}; };
/// Scan the function and return a list of gadgets found with provided kits. /// Scan the function and return a list of gadgets found with provided kits.
static std::tuple<FixableGadgetList, WarningGadgetList, DeclUseTracker> static std::tuple<FixableGadgetList, WarningGadgetList, DeclUseTracker>
findGadgets(const Decl *D, const UnsafeBufferUsageHandler &Handler) { findGadgets(const Decl *D, const UnsafeBufferUsageHandler &Handler,
bool EmitSuggestions) {
struct GadgetFinderCallback : MatchFinder::MatchCallback { struct GadgetFinderCallback : MatchFinder::MatchCallback {
FixableGadgetList FixableGadgets; FixableGadgetList FixableGadgets;
WarningGadgetList WarningGadgets; WarningGadgetList WarningGadgets;
DeclUseTracker Tracker; DeclUseTracker Tracker;
void run(const MatchFinder::MatchResult &Result) override { void run(const MatchFinder::MatchResult &Result) override {
// In debug mode, assert that we've found exactly one gadget. // In debug mode, assert that we've found exactly one gadget.
Show All 37 Lines#include "clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def"
}; };
MatchFinder M; MatchFinder M;
GadgetFinderCallback CB; GadgetFinderCallback CB;
// clang-format off // clang-format off
M.addMatcher( M.addMatcher(
stmt(forEveryDescendant( stmt(forEveryDescendant(
eachOf(
// A `FixableGadget` matcher and a `WarningGadget` matcher should not disable
// each other (they could if they were put in the same `anyOf` group).
// We also should make sure no two `FixableGadget` (resp. `WarningGadget`) matchers
// match for the same node, so that we can group them
// in one `anyOf` group (for better performance via short-circuiting).
stmt(anyOf( stmt(anyOf(
#define WARNING_GADGET(x) \
allOf(x ## Gadget::matcher().bind(#x), notInSafeBufferOptOut(&Handler)),
#include "clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def"
unless(stmt()) // Avoid a hanging comma.
))
)), &CB
);
if (EmitSuggestions) {
M.addMatcher(
stmt(forEveryDescendant(
stmt(anyOf(
// It's ok for a FixableGadget to match a node that was previously
// matched by a WarningGadget.
#define FIXABLE_GADGET(x) \ #define FIXABLE_GADGET(x) \
x ## Gadget::matcher().bind(#x), x ## Gadget::matcher().bind(#x),
#include "clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def" #include "clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def"
// Add Gadget::matcher() for every gadget in the registry.
// In parallel, match all DeclRefExprs so that to find out
// whether there are any uncovered by gadgets.
declRefExpr(anyOf(hasPointerType(), hasArrayType()),
to(varDecl())).bind("any_dre"),
// Also match DeclStmts because we'll need them when fixing // Also match DeclStmts because we'll need them when fixing
// their underlying VarDecls that otherwise don't have // their underlying VarDecls that otherwise don't have
// any backreferences to DeclStmts. // any backreferences to DeclStmts.
declStmt().bind("any_ds") declStmt().bind("any_ds")
)), ))
stmt(anyOf( )), &CB
// Add Gadget::matcher() for every gadget in the registry.
#define WARNING_GADGET(x) \
allOf(x ## Gadget::matcher().bind(#x), notInSafeBufferOptOut(&Handler)),
#include "clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def"
// In parallel, match all DeclRefExprs so that to find out
// whether there are any uncovered by gadgets.
declRefExpr(anyOf(hasPointerType(), hasArrayType()), to(varDecl())).bind("any_dre")
)))
)),
&CB
); );
}
// clang-format on // clang-format on
M.match(*D->getBody(), D->getASTContext()); M.match(*D->getBody(), D->getASTContext());
// Gadgets "claim" variables they're responsible for. Once this loop finishes, // Gadgets "claim" variables they're responsible for. Once this loop finishes,
// the tracker will only track DREs that weren't claimed by any gadgets, // the tracker will only track DREs that weren't claimed by any gadgets,
// i.e. not understood by the analysis. // i.e. not understood by the analysis.
for (const auto &G : CB.FixableGadgets) { for (const auto &G : CB.FixableGadgets) {
▲ Show 20 LinesShow All 423 Lines▼ Show 20 LinesgetNaiveStrategy(const llvm::SmallVectorImpl<const VarDecl *> &UnsafeVars) {
for (const VarDecl *VD : UnsafeVars) { for (const VarDecl *VD : UnsafeVars) {
S.set(VD, Strategy::Kind::Span); S.set(VD, Strategy::Kind::Span);
} }
return S; return S;
} }
void clang::checkUnsafeBufferUsage(const Decl *D, void clang::checkUnsafeBufferUsage(const Decl *D,
UnsafeBufferUsageHandler &Handler, UnsafeBufferUsageHandler &Handler,
bool EmitSuggestions,
ziqingluo-90Unsubmitted
Not Done
ReplyInline Actions

nitpick: I'm afraid that we will forgot the difference between EmitSuggestions and EmitFixits later if there is no document about it.

ziqingluo-90: nitpick: I'm afraid that we will forgot the difference between `EmitSuggestions` and…
bool EmitFixits) { bool EmitFixits) {
assert(D && D->getBody()); assert(D && D->getBody());
assert(!(EmitFixits && !EmitSuggestions) &&
"Unsafe buffer usage fixits requested without suggestions!");
WarningGadgetSets UnsafeOps; WarningGadgetSets UnsafeOps;
FixableGadgetSets FixablesForUnsafeVars; FixableGadgetSets FixablesForUnsafeVars;
DeclUseTracker Tracker; DeclUseTracker Tracker;
{ {
auto [FixableGadgets, WarningGadgets, TrackerRes] = findGadgets(D, Handler); auto [FixableGadgets, WarningGadgets, TrackerRes] =
findGadgets(D, Handler, EmitSuggestions);
if (EmitSuggestions) {
UnsafeOps = groupWarningGadgetsByVar(std::move(WarningGadgets)); UnsafeOps = groupWarningGadgetsByVar(std::move(WarningGadgets));
FixablesForUnsafeVars = groupFixablesByVar(std::move(FixableGadgets)); FixablesForUnsafeVars = groupFixablesByVar(std::move(FixableGadgets));
} else {
// Don't group anything by variable if we aren't suggesting fixes.
UnsafeOps.noVar.reserve(WarningGadgets.size());
for (std::unique_ptr<WarningGadget> &G : WarningGadgets) {
UnsafeOps.noVar.push_back(std::move(G));
}
WarningGadgets.clear();
}
Tracker = std::move(TrackerRes); Tracker = std::move(TrackerRes);
} }
std::map<const VarDecl *, FixItList> FixItsForVariable; std::map<const VarDecl *, FixItList> FixItsForVariable;
if (EmitFixits) { if (EmitFixits) {
// Filter out non-local vars and vars with unclaimed DeclRefExpr-s. // Filter out non-local vars and vars with unclaimed DeclRefExpr-s.
for (auto it = FixablesForUnsafeVars.byVar.cbegin(); for (auto it = FixablesForUnsafeVars.byVar.cbegin();
Show All 35 Lines

clang/lib/Driver/ToolChains/Clang.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 7,015 Lines▼ Show 20 Lines
// Forward --vfsoverlay to -cc1. // Forward --vfsoverlay to -cc1.
for (const Arg *A : Args.filtered(options::OPT_vfsoverlay)) { for (const Arg *A : Args.filtered(options::OPT_vfsoverlay)) {
CmdArgs.push_back("--vfsoverlay"); CmdArgs.push_back("--vfsoverlay");
CmdArgs.push_back(A->getValue()); CmdArgs.push_back(A->getValue());
A->claim(); A->claim();
} }
Args.addOptInFlag(CmdArgs, options::OPT_fsafe_buffer_usage_suggestions,
options::OPT_fno_safe_buffer_usage_suggestions);
// Setup statistics file output. // Setup statistics file output.
SmallString<128> StatsFile = getStatsFileName(Args, Output, Input, D); SmallString<128> StatsFile = getStatsFileName(Args, Output, Input, D);
if (!StatsFile.empty()) { if (!StatsFile.empty()) {
CmdArgs.push_back(Args.MakeArgString(Twine("-stats-file=") + StatsFile)); CmdArgs.push_back(Args.MakeArgString(Twine("-stats-file=") + StatsFile));
if (D.CCPrintInternalStats) if (D.CCPrintInternalStats)
CmdArgs.push_back("-stats-file-append"); CmdArgs.push_back("-stats-file-append");
} }
▲ Show 20 LinesShow All 1,498 LinesShow Last 20 Lines

clang/lib/Sema/AnalysisBasedWarnings.cpp

Show First 20 LinesShow All 2,150 Lines▼ Show 20 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Unsafe buffer usage analysis. // Unsafe buffer usage analysis.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
namespace { namespace {
class UnsafeBufferUsageReporter : public UnsafeBufferUsageHandler { class UnsafeBufferUsageReporter : public UnsafeBufferUsageHandler {
Sema &S; Sema &S;
bool SuggestSuggestions; // Recommend -fsafe-buffer-usage-suggestions?
t-rasmudUnsubmitted
Done
ReplyInline Actions

Was there a reason for naming this variable SuggestSuggestions? Can this be called EmitSuggestions? I think that would make it uniform and easy to follow the code.

t-rasmud: Was there a reason for naming this variable SuggestSuggestions? Can this be called…
NoQAuthorUnsubmitted
Done
ReplyInline Actions

It means "Should I emit a note reminding the user to enable -fsafe-buffer-usage-suggestions if they want suggestions?", so it's quite different from EmitSuggestions (in fact it's the opposite). Added a comment.

NoQ: It means "Should I emit a note reminding the user to enable `-fsafe-buffer-usage-suggestions`…
public: public:
UnsafeBufferUsageReporter(Sema &S) : S(S) {} UnsafeBufferUsageReporter(Sema &S, bool SuggestSuggestions)
: S(S), SuggestSuggestions(SuggestSuggestions) {}
void handleUnsafeOperation(const Stmt *Operation, void handleUnsafeOperation(const Stmt *Operation,
bool IsRelatedToDecl) override { bool IsRelatedToDecl) override {
SourceLocation Loc; SourceLocation Loc;
SourceRange Range; SourceRange Range;
unsigned MsgParam = 0; unsigned MsgParam = 0;
if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) { if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) {
Loc = ASE->getBase()->getExprLoc(); Loc = ASE->getBase()->getExprLoc();
Show All 17 Lines if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) {
if (Op == UO_PreInc || Op == UO_PreDec || Op == UO_PostInc || if (Op == UO_PreInc || Op == UO_PreDec || Op == UO_PostInc ||
Op == UO_PostDec) { Op == UO_PostDec) {
Loc = UO->getSubExpr()->getExprLoc(); Loc = UO->getSubExpr()->getExprLoc();
Range = UO->getSubExpr()->getSourceRange(); Range = UO->getSubExpr()->getSourceRange();
MsgParam = 1; MsgParam = 1;
} }
} else { } else {
if (isa<CallExpr>(Operation)) { if (isa<CallExpr>(Operation)) {
// note_unsafe_buffer_operation doesn't have this mode yet.
assert(!IsRelatedToDecl && "Not implemented yet!");
MsgParam = 3; MsgParam = 3;
} }
Loc = Operation->getBeginLoc(); Loc = Operation->getBeginLoc();
Range = Operation->getSourceRange(); Range = Operation->getSourceRange();
} }
if (IsRelatedToDecl) if (IsRelatedToDecl) {
assert(!SuggestSuggestions &&
ziqingluo-90Unsubmitted
Not Done
ReplyInline Actions

nitpick:
I was a bit confused by the name of the variable. My understand of
!SuggestSuggestions here means "we are suggesting suggestions now".
Then what does SuggestSuggestions mean?

ziqingluo-90: nitpick: I was a bit confused by the name of the variable. My understand of `!
NoQAuthorUnsubmitted
Done
ReplyInline Actions

Yeah it means "Should I emit a note reminding the user to enable -fsafe-buffer-usage-suggestions if they want suggestions?". Added a comment to the variable.

NoQ: Yeah it means "Should I emit a note reminding the user to enable `-fsafe-buffer-usage…
"Variables blamed for unsafe buffer usage without suggestions!");
S.Diag(Loc, diag::note_unsafe_buffer_operation) << MsgParam << Range; S.Diag(Loc, diag::note_unsafe_buffer_operation) << MsgParam << Range;
else } else {
S.Diag(Loc, diag::warn_unsafe_buffer_operation) << MsgParam << Range; S.Diag(Loc, diag::warn_unsafe_buffer_operation) << MsgParam << Range;
if (SuggestSuggestions) {
S.Diag(Loc, diag::note_safe_buffer_usage_suggestions_disabled);
}
}
} }
// FIXME: rename to handleUnsafeVariable // FIXME: rename to handleUnsafeVariable
void handleFixableVariable(const VarDecl *Variable, void handleFixableVariable(const VarDecl *Variable,
FixItList &&Fixes) override { FixItList &&Fixes) override {
assert(!SuggestSuggestions &&
"Unsafe buffer usage fixits displayed without suggestions!");
S.Diag(Variable->getLocation(), diag::warn_unsafe_buffer_variable) S.Diag(Variable->getLocation(), diag::warn_unsafe_buffer_variable)
<< Variable << (Variable->getType()->isPointerType() ? 0 : 1) << Variable << (Variable->getType()->isPointerType() ? 0 : 1)
<< Variable->getSourceRange(); << Variable->getSourceRange();
if (!Fixes.empty()) { if (!Fixes.empty()) {
unsigned FixItStrategy = 0; // For now we only has 'std::span' strategy unsigned FixItStrategy = 0; // For now we only has 'std::span' strategy
const auto &FD = S.Diag(Variable->getLocation(), const auto &FD = S.Diag(Variable->getLocation(),
diag::note_unsafe_buffer_variable_fixit); diag::note_unsafe_buffer_variable_fixit);
▲ Show 20 LinesShow All 299 Lines▼ Show 20 Linesvoid clang::sema::AnalysisBasedWarnings::IssueWarnings(
if (!Diags.isIgnored(diag::warn_throw_in_noexcept_func, D->getBeginLoc())) if (!Diags.isIgnored(diag::warn_throw_in_noexcept_func, D->getBeginLoc()))
if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D))
if (S.getLangOpts().CPlusPlus && !fscope->isCoroutine() && isNoexcept(FD)) if (S.getLangOpts().CPlusPlus && !fscope->isCoroutine() && isNoexcept(FD))
checkThrowInNonThrowingFunc(S, FD, AC); checkThrowInNonThrowingFunc(S, FD, AC);
// Emit unsafe buffer usage warnings and fixits. // Emit unsafe buffer usage warnings and fixits.
if (!Diags.isIgnored(diag::warn_unsafe_buffer_operation, D->getBeginLoc()) || if (!Diags.isIgnored(diag::warn_unsafe_buffer_operation, D->getBeginLoc()) ||
!Diags.isIgnored(diag::warn_unsafe_buffer_variable, D->getBeginLoc())) { !Diags.isIgnored(diag::warn_unsafe_buffer_variable, D->getBeginLoc())) {
UnsafeBufferUsageReporter R(S); DiagnosticOptions &DiagOpts = S.getDiagnostics().getDiagnosticOptions();
checkUnsafeBufferUsage(
D, R, bool CanEmitSuggestions = S.getLangOpts().CPlusPlus20;
/*EmitFixits=*/S.getDiagnostics().getDiagnosticOptions().ShowFixits && // Doesn't mean you should, just because you can?
S.getLangOpts().CPlusPlus20); bool ShouldEmitSuggestions = CanEmitSuggestions &&
DiagOpts.ShowSafeBufferUsageSuggestions;
bool ShouldEmitFixits = ShouldEmitSuggestions && DiagOpts.ShowFixits;
// If suggestions are off, recommend enabling them when applicable.
bool ShouldSuggestSuggestions = CanEmitSuggestions &&
!DiagOpts.ShowSafeBufferUsageSuggestions;
UnsafeBufferUsageReporter R(S, ShouldSuggestSuggestions);
checkUnsafeBufferUsage(D, R, ShouldEmitSuggestions, ShouldEmitFixits);
} }
// If none of the previous checks caused a CFG build, trigger one here // If none of the previous checks caused a CFG build, trigger one here
// for the logical error handler. // for the logical error handler.
if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) { if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) {
AC.getCFG(); AC.getCFG();
} }
▲ Show 20 LinesShow All 46 LinesShow Last 20 Lines

clang/test/SemaCXX/unsafe-buffer-usage-diag-type.cpp

// RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage -verify %s // RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions -verify %s
namespace localVar { namespace localVar {
void testRefersPtrLocalVarDecl(int i) { void testRefersPtrLocalVarDecl(int i) {
int * ptr; // expected-warning{{'ptr' is an unsafe pointer used for buffer access}} int * ptr; // expected-warning{{'ptr' is an unsafe pointer used for buffer access}}
ptr + i; // expected-note{{used in pointer arithmetic here}} ptr + i; // expected-note{{used in pointer arithmetic here}}
ptr[i]; // expected-note{{used in buffer access here}} ptr[i]; // expected-note{{used in buffer access here}}
} }
▲ Show 20 LinesShow All 99 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-assign-to-array-subscr-on-ptr.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s
// TODO cases where we don't want fixits // TODO cases where we don't want fixits
// The Fix-It for unsafe operation is trivially empty. // The Fix-It for unsafe operation is trivially empty.
// In order to test that our machinery recognizes that we can test if the variable declaration gets a Fix-It. // In order to test that our machinery recognizes that we can test if the variable declaration gets a Fix-It.
// If the operation wasn't handled propertly the declaration won't get Fix-It. // If the operation wasn't handled propertly the declaration won't get Fix-It.
// By testing presence of the declaration Fix-It we indirectly test presence of the trivial Fix-It for its operations. // By testing presence of the declaration Fix-It we indirectly test presence of the trivial Fix-It for its operations.
void test() { void test() {
int *p = new int[10]; int *p = new int[10];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p" // CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{" // CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}" // CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
p[5] = 1; p[5] = 1;
// CHECK-NOT: fix-it: // CHECK-NOT: fix-it:
} }

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-deref-simple-ptr-arith.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits -fsyntax-only %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -fdiagnostics-parseable-fixits -fsyntax-only \
// RUN: %s 2>&1 | FileCheck %s
// TODO test we don't mess up vertical whitespace // TODO test we don't mess up vertical whitespace
// TODO test different whitespaces // TODO test different whitespaces
// TODO test different contexts // TODO test different contexts
// when it's on the right side // when it's on the right side
void basic() { void basic() {
int *ptr; int *ptr;
▲ Show 20 LinesShow All 190 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-local-var-span.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s
typedef int * Int_ptr_t; typedef int * Int_ptr_t;
typedef int Int_t; typedef int Int_t;
void local_array_subscript_simple() { void local_array_subscript_simple() {
int tmp; int tmp;
int *p = new int[10]; int *p = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
▲ Show 20 LinesShow All 183 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-function-attr.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -verify %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions -verify %s
[[clang::unsafe_buffer_usage]] [[clang::unsafe_buffer_usage]]
void deprecatedFunction3(); void deprecatedFunction3();
void deprecatedFunction4(int z); void deprecatedFunction4(int z);
void someFunction(); void someFunction();
▲ Show 20 LinesShow All 77 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-pragma-fixit.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s
void basic(int * x) { void basic(int * x) {
int tmp; int tmp;
int *p1 = new int[10]; // no fix int *p1 = new int[10]; // no fix
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]: // CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
int *p2 = new int[10]; int *p2 = new int[10];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:12}:"std::span<int> p2" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:12}:"std::span<int> p2"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:13-[[@LINE-2]]:13}:"{" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:13-[[@LINE-2]]:13}:"{"
▲ Show 20 LinesShow All 98 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-pragma.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -Wno-unused-value -verify %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -Wno-unused-value -verify %s
void basic(int * x) { // expected-warning{{'x' is an unsafe pointer used for buffer access}} void basic(int * x) { // expected-warning{{'x' is an unsafe pointer used for buffer access}}
int *p1 = new int[10]; // not to warn int *p1 = new int[10]; // not to warn
int *p2 = new int[10]; // expected-warning{{'p2' is an unsafe pointer used for buffer access}} int *p2 = new int[10]; // expected-warning{{'p2' is an unsafe pointer used for buffer access}}
#pragma clang unsafe_buffer_usage begin #pragma clang unsafe_buffer_usage begin
p1[5]; // not to warn p1[5]; // not to warn
▲ Show 20 LinesShow All 91 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-suggestions-flag.cpp

  • This file was added.
// Test the -cc1 flag. There's no -fno-... option in -cc1 invocations,
// just the positive option.
// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -verify=OFF %s
// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -verify=ON %s \
// RUN: -fsafe-buffer-usage-suggestions
// Test driver flags. Now there's both -f... and -fno-... to worry about.
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -Xclang -verify=OFF %s
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -Xclang -verify=ON %s
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fno-safe-buffer-usage-suggestions \
// RUN: -Xclang -verify=OFF %s
// In case of driver flags, last flag takes precedence.
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -fno-safe-buffer-usage-suggestions \
// RUN: -Xclang -verify=OFF %s
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fno-safe-buffer-usage-suggestions \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -Xclang -verify=ON %s
// Passing through -Xclang.
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -Xclang -fsafe-buffer-usage-suggestions \
// RUN: -Xclang -verify=ON %s
// -Xclang flags take precedence over driver flags.
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -Xclang -fsafe-buffer-usage-suggestions \
// RUN: -fno-safe-buffer-usage-suggestions \
// RUN: -Xclang -verify=ON %s
// RUN: %clang -fsyntax-only -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fno-safe-buffer-usage-suggestions \
// RUN: -Xclang -fsafe-buffer-usage-suggestions \
// RUN: -Xclang -verify=ON %s
[[clang::unsafe_buffer_usage]] void bar(int *);
void foo(int *x) { // \
// ON-warning{{'x' is an unsafe pointer used for buffer access}}
// FIXME: Better "OFF" warning?
x[5] = 10; // \
// ON-note {{used in buffer access here}} \
// OFF-warning{{unsafe buffer access}} \
// OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}}
x += 5; // \
// ON-note {{used in pointer arithmetic here}} \
// OFF-warning{{unsafe pointer arithmetic}} \
// OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}}
bar(x); // \
// ON-warning{{function introduces unsafe buffer manipulation}} \
// OFF-warning{{function introduces unsafe buffer manipulation}} \
// OFF-note {{pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions}}
}

clang/test/SemaCXX/warn-unsafe-buffer-usage.cpp

// RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage -fblocks -include %s -verify %s // RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions \
// RUN: -fblocks -include %s -verify %s
// RUN: %clang -x c++ -fsyntax-only -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s // RUN: %clang -x c++ -fsyntax-only -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s
// RUN: %clang_cc1 -std=c++11 -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s // RUN: %clang_cc1 -std=c++11 -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s
// RUN: %clang_cc1 -std=c++20 -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s // RUN: %clang_cc1 -std=c++20 -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s
// CHECK-NOT: [-Wunsafe-buffer-usage] // CHECK-NOT: [-Wunsafe-buffer-usage]
#ifndef INCLUDED #ifndef INCLUDED
#define INCLUDED #define INCLUDED
▲ Show 20 LinesShow All 359 LinesShow Last 20 Lines