This is an archive of the discontinued LLVM Phabricator instance.

Differential D156188

[-Wunsafe-buffer-usage] Refactor and improve for parameter fix-its
ClosedPublic

Authored by ziqingluo-90 on Jul 24 2023, 5:06 PM.

Details

Reviewers
NoQ
jkorous
t-rasmud
malavikasamak
Commits
rG41279e870fa5: [-Wunsafe-buffer-usage] Refactor and improve for parameter fix-its
Summary
  • Factor out the code that will be shared by both parameter and local variable fix-its
  • Add a check to ensure that a TypeLoc::isNull is false before using the TypeLoc
  • Remove the special check for whether a fixing variable involves unnamed types. This check is unnecessary now. Because we will give up on fixing a pointer type variable v, if we cannot obtain the source range of the pointee type of v. Using unnamed types is just one of the many causes of such scenarios. Besides, in some cases, we have no problem in referring to unnamed types. Therefore, we remove the special handling since we have a more general solution already.

For example,

typedef struct {int x;} UNNAMED_T;

UNNAMED_T * x; //  we can refer to the unnamed struct using `UNNAMED_T`

typedef struct {int x;} * UNNAMED_PTR;

UNNAMED_PTR y; // we cannot obtain the source range of the pointee type of `y`,	so we will give up
  • Move tests for cv-qualified parameters and unnamed types out of the "...-unsupported.cpp" test file.

Diff Detail

Event Timeline

ziqingluo-90 created this revision.Jul 24 2023, 5:06 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 24 2023, 5:06 PM
ziqingluo-90 requested review of this revision.Jul 24 2023, 5:06 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 24 2023, 5:06 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
ziqingluo-90 retitled this revision from Refactor and improve for parameter fix-its to [-Wunsafe-buffer-usage] Refactor and improve for parameter fix-its.Jul 24 2023, 5:09 PM
ziqingluo-90 added a child revision: D156189: [-Wunsafe-buffer-usage] Refactor to let local variable fix-its and parameter fix-its share common code.Jul 24 2023, 5:21 PM
Harbormaster completed remote builds in B247832: Diff 543739.Jul 25 2023, 1:41 AM
ziqingluo-90 updated this revision to Diff 544104.Jul 25 2023, 2:37 PM
Harbormaster completed remote builds in B248085: Diff 544104.Jul 25 2023, 11:32 PM
ziqingluo-90 mentioned this in D153059: [-Wunsafe-buffer-usage] Group parameter fix-its.Jul 31 2023, 5:25 PM
ziqingluo-90 added a child revision: D157441: [-Wunsafe-buffer-usage] Use `Strategy` to determine whether to fix a parameter.Aug 8 2023, 2:37 PM
NoQ accepted this revision.Aug 9 2023, 1:36 PM

Very nice, everything looks great!

clang/lib/Analysis/UnsafeBufferUsage.cpp
1796–1797

I'd rather just use literals in expressions. Saves a couple mallocs, a couple memcpys, and a couple lines of code.

(They'll probably turn into variables later anyway, when we transcend beyond span, so arguably not worth fixing.)

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-parm-unsupported.cpp
141–143

(a bit narrower and less fancy)

This revision is now accepted and ready to land.Aug 9 2023, 1:36 PM
NoQ added a comment.Aug 9 2023, 2:08 PM

Btw, how does this work with int **? Given that the pointee type int * isn't a simple identifier.

ziqingluo-90 added a comment.Aug 9 2023, 3:57 PM

Btw, how does this work with int **? Given that the pointee type int * isn't a simple identifier.

It does not require the pointee type to be a simple identifier. The (source range of) pointee type is obtained by analyzing the TypeLoc of a variable declaration.

The limitation involving "identifiers" is that we require the pointee type to be completely on the left of the variable identifier in a variable declaration. As the analysis is based on source locations,
finding the pointee type source range in cases like int a[][10] or int (*a)[10] is non-trivial.

This revision was landed with ongoing or failed builds.Aug 17 2023, 3:28 PM
Closed by commit rG41279e870fa5: [-Wunsafe-buffer-usage] Refactor and improve for parameter fix-its (authored by ziqingluo-90). · Explain Why
This revision was automatically updated to reflect the committed changes.
ziqingluo-90 marked 2 inline comments as done.
ziqingluo-90 added a commit: rG41279e870fa5: [-Wunsafe-buffer-usage] Refactor and improve for parameter fix-its.

Revision Contents

Diff 551297

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 LinesShow All 1,374 Lines▼ Show 20 Linesstatic std::optional<StringRef> getRangeText(SourceRange SR,
CharSourceRange CSR = CharSourceRange::getCharRange(SR.getBegin(), SR.getEnd()); CharSourceRange CSR = CharSourceRange::getCharRange(SR.getBegin(), SR.getEnd());
StringRef Text = Lexer::getSourceText(CSR, SM, LangOpts, &Invalid); StringRef Text = Lexer::getSourceText(CSR, SM, LangOpts, &Invalid);
if (!Invalid) if (!Invalid)
return Text; return Text;
return std::nullopt; return std::nullopt;
} }
// Returns the begin location of the identifier of the given variable
// declaration.
static SourceLocation getVarDeclIdentifierLoc(const VarDecl *VD) {
// According to the implementation of `VarDecl`, `VD->getLocation()` actually
// returns the begin location of the identifier of the declaration:
return VD->getLocation();
}
// Returns the literal text of the identifier of the given variable declaration.
static std::optional<StringRef>
getVarDeclIdentifierText(const VarDecl *VD, const SourceManager &SM,
const LangOptions &LangOpts) {
SourceLocation ParmIdentBeginLoc = getVarDeclIdentifierLoc(VD);
SourceLocation ParmIdentEndLoc =
Lexer::getLocForEndOfToken(ParmIdentBeginLoc, 0, SM, LangOpts);
if (ParmIdentEndLoc.isMacroID() &&
!Lexer::isAtEndOfMacroExpansion(ParmIdentEndLoc, SM, LangOpts))
return std::nullopt;
return getRangeText({ParmIdentBeginLoc, ParmIdentEndLoc}, SM, LangOpts);
}
// Returns the text of the pointee type of `T` from a `VarDecl` of a pointer // Returns the text of the pointee type of `T` from a `VarDecl` of a pointer
// type. The text is obtained through from `TypeLoc`s. Since `TypeLoc` does not // type. The text is obtained through from `TypeLoc`s. Since `TypeLoc` does not
// have source ranges of qualifiers ( The `QualifiedTypeLoc` looks hacky too me // have source ranges of qualifiers ( The `QualifiedTypeLoc` looks hacky too me
// :( ), `Qualifiers` of the pointee type is returned separately through the // :( ), `Qualifiers` of the pointee type is returned separately through the
// output parameter `QualifiersToAppend`. // output parameter `QualifiersToAppend`.
static std::optional<std::string> static std::optional<std::string>
getPointeeTypeText(const ParmVarDecl *VD, const SourceManager &SM, getPointeeTypeText(const VarDecl *VD, const SourceManager &SM,
const LangOptions &LangOpts, const LangOptions &LangOpts,
std::optional<Qualifiers> *QualifiersToAppend) { std::optional<Qualifiers> *QualifiersToAppend) {
QualType Ty = VD->getType(); QualType Ty = VD->getType();
QualType PteTy; QualType PteTy;
assert(Ty->isPointerType() && !Ty->isFunctionPointerType() && assert(Ty->isPointerType() && !Ty->isFunctionPointerType() &&
"Expecting a VarDecl of type of pointer to object type"); "Expecting a VarDecl of type of pointer to object type");
PteTy = Ty->getPointeeType(); PteTy = Ty->getPointeeType();
if (PteTy->hasUnnamedOrLocalType())
// If the pointee type is unnamed, we can't refer to it TypeLoc TyLoc = VD->getTypeSourceInfo()->getTypeLoc().getUnqualifiedLoc();
TypeLoc PteTyLoc;
// We only deal with the cases that we know `TypeLoc::getNextTypeLoc` returns
// the `TypeLoc` of the pointee type:
switch (TyLoc.getTypeLocClass()) {
case TypeLoc::ConstantArray:
case TypeLoc::IncompleteArray:
case TypeLoc::VariableArray:
case TypeLoc::DependentSizedArray:
case TypeLoc::Decayed:
assert(isa<ParmVarDecl>(VD) && "An array type shall not be treated as a "
"pointer type unless it decays.");
PteTyLoc = TyLoc.getNextTypeLoc();
break;
case TypeLoc::Pointer:
PteTyLoc = TyLoc.castAs<PointerTypeLoc>().getPointeeLoc();
break;
default:
return std::nullopt;
}
if (PteTyLoc.isNull())
// Sometimes we cannot get a useful `TypeLoc` for the pointee type, e.g.,
// when the pointer type is `auto`.
return std::nullopt; return std::nullopt;
TypeLoc TyLoc = VD->getTypeSourceInfo()->getTypeLoc(); SourceLocation IdentLoc = getVarDeclIdentifierLoc(VD);
TypeLoc PteTyLoc = TyLoc.getUnqualifiedLoc().getNextTypeLoc();
SourceLocation VDNameStartLoc = VD->getLocation();
if (!(VDNameStartLoc.isValid() && PteTyLoc.getSourceRange().isValid())) { if (!(IdentLoc.isValid() && PteTyLoc.getSourceRange().isValid())) {
// We are expecting these locations to be valid. But in some cases, they are // We are expecting these locations to be valid. But in some cases, they are
// not all valid. It is a Clang bug to me and we are not responsible for // not all valid. It is a Clang bug to me and we are not responsible for
// fixing it. So we will just give up for now when it happens. // fixing it. So we will just give up for now when it happens.
return std::nullopt; return std::nullopt;
} }
// Note that TypeLoc.getEndLoc() returns the begin location of the last token: // Note that TypeLoc.getEndLoc() returns the begin location of the last token:
SourceLocation PteEndOfTokenLoc = SourceLocation PteEndOfTokenLoc =
Lexer::getLocForEndOfToken(PteTyLoc.getEndLoc(), 0, SM, LangOpts); Lexer::getLocForEndOfToken(PteTyLoc.getEndLoc(), 0, SM, LangOpts);
if (!SM.isBeforeInTranslationUnit(PteEndOfTokenLoc, VDNameStartLoc)) { if (!PteEndOfTokenLoc.isValid())
// Sometimes we cannot get the end location of the pointee type, e.g., when
// there are macros involved.
return std::nullopt;
if (!SM.isBeforeInTranslationUnit(PteEndOfTokenLoc, IdentLoc)) {
// We only deal with the cases where the source text of the pointee type // We only deal with the cases where the source text of the pointee type
// appears on the left-hand side of the variable identifier completely, // appears on the left-hand side of the variable identifier completely,
// including the following forms: // including the following forms:
// `T ident`, // `T ident`,
// `T ident[]`, where `T` is any type. // `T ident[]`, where `T` is any type.
// Examples of excluded cases are `T (*ident)[]` or `T ident[][n]`. // Examples of excluded cases are `T (*ident)[]` or `T ident[][n]`.
return std::nullopt; return std::nullopt;
} }
▲ Show 20 LinesShow All 308 Lines▼ Show 20 Lines
#ifndef NDEBUG #ifndef NDEBUG
#define DEBUG_NOTE_DECL_FAIL(D, Msg) \ #define DEBUG_NOTE_DECL_FAIL(D, Msg) \
Handler.addDebugNoteForVar((D), (D)->getBeginLoc(), "failed to produce fixit for declaration '" + (D)->getNameAsString() + "'" + (Msg)) Handler.addDebugNoteForVar((D), (D)->getBeginLoc(), "failed to produce fixit for declaration '" + (D)->getNameAsString() + "'" + (Msg))
#else #else
#define DEBUG_NOTE_DECL_FAIL(D, Msg) #define DEBUG_NOTE_DECL_FAIL(D, Msg)
#endif #endif
// For the given variable declaration with a pointer-to-T type, returns the text
// `std::span<T>`. If it is unable to generate the text, returns
// `std::nullopt`.
static std::optional<std::string> createSpanTypeForVarDecl(const VarDecl *VD,
const ASTContext &Ctx) {
assert(VD->getType()->isPointerType());
std::optional<Qualifiers> PteTyQualifiers = std::nullopt;
std::optional<std::string> PteTyText = getPointeeTypeText(
NoQUnsubmitted
Done
ReplyInline Actions

I'd rather just use literals in expressions. Saves a couple mallocs, a couple memcpys, and a couple lines of code.

(They'll probably turn into variables later anyway, when we transcend beyond span, so arguably not worth fixing.)

NoQ: I'd rather just use literals in expressions. Saves a couple mallocs, a couple memcpys, and a…
VD, Ctx.getSourceManager(), Ctx.getLangOpts(), &PteTyQualifiers);
if (!PteTyText)
return std::nullopt;
std::string SpanTyText = "std::span<";
SpanTyText.append(*PteTyText);
// Append qualifiers to span element type if any:
if (PteTyQualifiers) {
SpanTyText.append(" ");
SpanTyText.append(PteTyQualifiers->getAsString());
}
SpanTyText.append(">");
return SpanTyText;
}
// For a `VarDecl` of the form `T * var (= Init)?`, this // For a `VarDecl` of the form `T * var (= Init)?`, this
// function generates a fix-it for the declaration, which re-declares `var` to // function generates a fix-it for the declaration, which re-declares `var` to
// be of `span<T>` type and transforms the initializer, if present, to a span // be of `span<T>` type and transforms the initializer, if present, to a span
// constructor---`span<T> var {Init, Extent}`, where `Extent` may need the user // constructor---`span<T> var {Init, Extent}`, where `Extent` may need the user
// to fill in. // to fill in.
// //
// FIXME: support Multi-level pointers // FIXME: support Multi-level pointers
// //
▲ Show 20 LinesShow All 240 Lines▼ Show 20 Linesstatic FixItList fixParamWithSpan(const ParmVarDecl *PVD, const ASTContext &Ctx,
assert(PVD->getType()->isPointerType()); assert(PVD->getType()->isPointerType());
auto *FD = dyn_cast<FunctionDecl>(PVD->getDeclContext()); auto *FD = dyn_cast<FunctionDecl>(PVD->getDeclContext());
if (!FD) { if (!FD) {
DEBUG_NOTE_DECL_FAIL(PVD, " : invalid func decl"); DEBUG_NOTE_DECL_FAIL(PVD, " : invalid func decl");
return {}; return {};
} }
std::optional<Qualifiers> PteTyQualifiers = std::nullopt;
std::optional<std::string> PteTyText = getPointeeTypeText(
PVD, Ctx.getSourceManager(), Ctx.getLangOpts(), &PteTyQualifiers);
if (!PteTyText) {
DEBUG_NOTE_DECL_FAIL(PVD, " : invalid pointee type");
return {};
}
std::optional<StringRef> PVDNameText = PVD->getIdentifier()->getName();
if (!PVDNameText) {
DEBUG_NOTE_DECL_FAIL(PVD, " : invalid identifier name");
return {};
}
std::string SpanOpen = "std::span<";
std::string SpanClose = ">";
std::string SpanTyText;
std::stringstream SS; std::stringstream SS;
std::optional<std::string> SpanTyText = createSpanTypeForVarDecl(PVD, Ctx);
std::optional<StringRef> ParmIdentText;
SS << SpanOpen << *PteTyText; if (!SpanTyText)
// Append qualifiers to span element type: return {};
if (PteTyQualifiers) SS << *SpanTyText;
SS << " " << PteTyQualifiers->getAsString();
SS << SpanClose;
// Save the Span type text:
SpanTyText = SS.str();
// Append qualifiers to the type of the parameter: // Append qualifiers to the type of the parameter:
if (PVD->getType().hasQualifiers()) if (PVD->getType().hasQualifiers())
SS << " " << PVD->getType().getQualifiers().getAsString(); SS << " " << PVD->getType().getQualifiers().getAsString();
ParmIdentText =
getVarDeclIdentifierText(PVD, Ctx.getSourceManager(), Ctx.getLangOpts());
if (!ParmIdentText)
return {};
// Append parameter's name: // Append parameter's name:
SS << " " << PVDNameText->str(); SS << " " << ParmIdentText->str();
FixItList Fixes; FixItList Fixes;
unsigned ParmIdx = 0; unsigned ParmIdx = 0;
Fixes.push_back( Fixes.push_back(
FixItHint::CreateReplacement(PVD->getSourceRange(), SS.str())); FixItHint::CreateReplacement(PVD->getSourceRange(), SS.str()));
for (auto *ParmIter : FD->parameters()) { for (auto *ParmIter : FD->parameters()) {
if (PVD == ParmIter) if (PVD == ParmIter)
break; break;
ParmIdx++; ParmIdx++;
} }
if (ParmIdx < FD->getNumParams()) if (ParmIdx < FD->getNumParams())
if (auto OverloadFix = createOverloadsForFixedParams(ParmIdx, SpanTyText, if (auto OverloadFix = createOverloadsForFixedParams(ParmIdx, *SpanTyText,
FD, Ctx, Handler)) { FD, Ctx, Handler)) {
Fixes.append(*OverloadFix); Fixes.append(*OverloadFix);
return Fixes; return Fixes;
} }
DEBUG_NOTE_DECL_FAIL(PVD, " : invalid number of parameters"); DEBUG_NOTE_DECL_FAIL(PVD, " : invalid number of parameters");
return {}; return {};
} }
▲ Show 20 LinesShow All 470 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-parm-span.cpp

Show First 20 LinesShow All 141 Lines▼ Show 20 Linesvoid decayedArrayOfArray(int a[10][10]) {
if (++a){} if (++a){}
} }
void complexDeclarator(int * (*a[10])[10]) { void complexDeclarator(int * (*a[10])[10]) {
// CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]] // CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]]
if (++a){} if (++a){}
} }
// Make sure we do not generate fixes for the following cases: // Tests parameters with cv-qualifiers
#define MACRO_NAME MyName void const_ptr(int * const x) { // expected-warning{{'x' is an unsafe pointer used for buffer access}} expected-note{{change type of 'x' to 'std::span' to preserve bounds information}}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:16-[[@LINE-1]]:29}:"std::span<int> const x"
int tmp = x[5]; // expected-note{{used in buffer access here}}
}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void const_ptr(int * const x) {return const_ptr(std::span<int>(x, <# size #>));}\n"
void macroIdentifier(int *MACRO_NAME) { // The fix-it ends with a macro. It will be discarded due to overlap with macros. void const_ptr_to_const(const int * const x) {// expected-warning{{'x' is an unsafe pointer used for buffer access}} expected-note{{change type of 'x' to 'std::span' to preserve bounds information}}
// CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]] // CHECK: fix-it:{{.*}}:{[[@LINE-1]]:25-[[@LINE-1]]:44}:"std::span<int const> const x"
if (++MyName){} int tmp = x[5]; // expected-note{{used in buffer access here}}
}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void const_ptr_to_const(const int * const x) {return const_ptr_to_const(std::span<int const>(x, <# size #>));}\n"
void const_volatile_ptr(int * const volatile x) { // expected-warning{{'x' is an unsafe pointer used for buffer access}} expected-note{{change type of 'x' to 'std::span' to preserve bounds information}}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:25-[[@LINE-1]]:47}:"std::span<int> const volatile x"
int tmp = x[5]; // expected-note{{used in buffer access here}}
}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void const_volatile_ptr(int * const volatile x) {return const_volatile_ptr(std::span<int>(x, <# size #>));}\n"
void volatile_const_ptr(int * volatile const x) { // expected-warning{{'x' is an unsafe pointer used for buffer access}} expected-note{{change type of 'x' to 'std::span' to preserve bounds information}}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:25-[[@LINE-1]]:47}:"std::span<int> const volatile x"
int tmp = x[5]; // expected-note{{used in buffer access here}}
}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void volatile_const_ptr(int * volatile const x) {return volatile_const_ptr(std::span<int>(x, <# size #>));}\n"
void const_volatile_ptr_to_const_volatile(const volatile int * const volatile x) {// expected-warning{{'x' is an unsafe pointer used for buffer access}} expected-note{{change type of 'x' to 'std::span' to preserve bounds information}}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:43-[[@LINE-1]]:80}:"std::span<int const volatile> const volatile x"
int tmp = x[5]; // expected-note{{used in buffer access here}}
}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void const_volatile_ptr_to_const_volatile(const volatile int * const volatile x) {return const_volatile_ptr_to_const_volatile(std::span<int const volatile>(x, <# size #>));}\n"
// Test if function declaration specifiers are handled correctly:
static void static_f(int *p) {
p[5] = 5;
} }
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} static void static_f(int *p) {return static_f(std::span<int>(p, <# size #>));}\n"
// CHECK-NOT: fix-it:{{.*}}: static inline void static_inline_f(int *p) {
void parmHasNoName(int *p, int *) { // cannot fix the function because there is one parameter has no name.
p[5] = 5; p[5] = 5;
} }
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} static inline void static_inline_f(int *p) {return static_inline_f(std::span<int>(p, <# size #>));}\n"
inline void static static_inline_f2(int *p) {
p[5] = 5;
}
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} inline void static static_inline_f2(int *p) {return static_inline_f2(std::span<int>(p, <# size #>));}\n"
// Test when unnamed types are involved:
typedef struct {int x;} UNNAMED_STRUCT;
struct {int x;} VarOfUnnamedType;
void useUnnamedType(UNNAMED_STRUCT * p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}} \
expected-note{{change type of 'p' to 'std::span' to preserve bounds information}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:21-[[@LINE-2]]:39}:"std::span<UNNAMED_STRUCT> p"
if (++p) { // expected-note{{used in pointer arithmetic here}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:10}:"(p = p.subspan(1)).data()"
}
}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void useUnnamedType(UNNAMED_STRUCT * p) {return useUnnamedType(std::span<UNNAMED_STRUCT>(p, <# size #>));}\n"
void useUnnamedType2(decltype(VarOfUnnamedType) * p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}} \
expected-note{{change type of 'p' to 'std::span' to preserve bounds information}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:22-[[@LINE-2]]:52}:"std::span<decltype(VarOfUnnamedType)> p"
if (++p) { // expected-note{{used in pointer arithmetic here}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:10}:"(p = p.subspan(1)).data()"
}
}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void useUnnamedType2(decltype(VarOfUnnamedType) * p) {return useUnnamedType2(std::span<decltype(VarOfUnnamedType)>(p, <# size #>));}\n"
#endif #endif

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-parm-unsupported.cpp

// RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage -fcxx-exceptions -fsafe-buffer-usage-suggestions -verify %s // RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage -fcxx-exceptions -fsafe-buffer-usage-suggestions -verify %s
// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fcxx-exceptions -fdiagnostics-parseable-fixits -fsafe-buffer-usage-suggestions %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fcxx-exceptions -fdiagnostics-parseable-fixits -fsafe-buffer-usage-suggestions %s 2>&1 | FileCheck %s
void const_ptr(int * const x) { // expected-warning{{'x' is an unsafe pointer used for buffer access}} expected-note{{change type of 'x' to 'std::span' to preserve bounds information}} typedef int * TYPEDEF_PTR;
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:16-[[@LINE-1]]:29}:"std::span<int> const x" #define MACRO_PTR int*
int tmp = x[5]; // expected-note{{used in buffer access here}}
}
// CHECK-DAG: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void const_ptr(int * const x) {return const_ptr(std::span<int>(x, <# size #>));}\n"
void const_ptr_to_const(const int * const x) {// expected-warning{{'x' is an unsafe pointer used for buffer access}} expected-note{{change type of 'x' to 'std::span' to preserve bounds information}}
// CHECK-DAG: fix-it:{{.*}}:{[[@LINE-1]]:25-[[@LINE-1]]:44}:"std::span<int const> const x"
int tmp = x[5]; // expected-note{{used in buffer access here}}
}
// CHECK-DAG: fix-it:{{.*}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void const_ptr_to_const(const int * const x) {return const_ptr_to_const(std::span<int const>(x, <# size #>));}\n"
typedef struct {int x;} NAMED_UNNAMED_STRUCT; // an unnamed struct type named by a typedef // We CANNOT fix a pointer whose type is defined in a typedef or a
typedef struct {int x;} * PTR_TO_ANON; // pointer to an unnamed struct // macro. Because if the typedef is changed after the fix, the fix
typedef NAMED_UNNAMED_STRUCT * PTR_TO_NAMED; // pointer to a named type // becomes incorrect and may not be noticed.
// We can fix a pointer to a named type // CHECK-NOT: fix-it:"{{.*}}":{[[@LINE+1]]
void namedPointeeType(NAMED_UNNAMED_STRUCT * p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}}\ expected-note{{change type of 'p' to 'std::span' to preserve bounds information}} void typedefPointer(TYPEDEF_PTR p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:23-[[@LINE-1]]:47}:"std::span<NAMED_UNNAMED_STRUCT> p"
if (++p) { // expected-note{{used in pointer arithmetic here}} if (++p) { // expected-note{{used in pointer arithmetic here}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:7-[[@LINE-1]]:10}:"(p = p.subspan(1)).data()"
} }
} }
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void namedPointeeType(NAMED_UNNAMED_STRUCT * p) {return namedPointeeType(std::span<NAMED_UNNAMED_STRUCT>(p, <# size #>));}\n"
// We CANNOT fix a pointer to an unnamed type // CHECK-NOT: fix-it:"{{.*}}":{[[@LINE+1]]
// CHECK-NOT: fix-it: void macroPointer(MACRO_PTR p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}}
void unnamedPointeeType(PTR_TO_ANON p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}}
if (++p) { // expected-note{{used in pointer arithmetic here}} if (++p) { // expected-note{{used in pointer arithmetic here}}
} }
} }
// The analysis requires accurate source location informations from // The analysis requires accurate source location informations from
// `TypeLoc`s of types of variable (parameter) declarations in order // `TypeLoc`s of types of variable (parameter) declarations in order
// to generate fix-its for them. But those information is not always // to generate fix-its for them. But those information is not always
// available (probably due to some bugs in clang but it is irrelevant // available (probably due to some bugs in clang but it is irrelevant
▲ Show 20 LinesShow All 103 Lines▼ Show 20 Lines
void parmWithDefaultValueDecl(int * x = 0); void parmWithDefaultValueDecl(int * x = 0);
void parmWithDefaultValueDecl(int * x) { void parmWithDefaultValueDecl(int * x) {
// expected-warning@-1{{'x' is an unsafe pointer used for buffer access}} // expected-warning@-1{{'x' is an unsafe pointer used for buffer access}}
int tmp; int tmp;
tmp = x[5]; // expected-note{{used in buffer access here}} tmp = x[5]; // expected-note{{used in buffer access here}}
} }
#define MACRO_NAME MyName
// The fix-it ends with a macro. It will be discarded due to overlap with macros.
// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]
void macroIdentifier(int * MACRO_NAME) { // expected-warning{{'MyName' is an unsafe pointer used for buffer access}}
NoQUnsubmitted
Done
ReplyInline Actions
#define MACRO_NAME MyName
+ // The fix-it ends with a macro. It will be discarded due to overlap with macros.
// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]
- void macroIdentifier(int * MACRO_NAME) { // The fix-it ends with a macro. It will be discarded due to overlap with macros. \
- expected-warning{{'MyName' is an unsafe pointer used for buffer access}}
+ void macroIdentifier(int * MACRO_NAME) { // expected-warning{{'MyName' is an unsafe pointer used for buffer access}}
if (++MyName){} // expected-note{{used in pointer arithmetic here}}

(a bit narrower and less fancy)

NoQ: (a bit narrower and less fancy)
if (++MyName){} // expected-note{{used in pointer arithmetic here}}
}
// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]
void parmHasNoName(int *p, int *) { // cannot fix the function because there is one parameter has no name. \
expected-warning{{'p' is an unsafe pointer used for buffer access}}
p[5] = 5; // expected-note{{used in buffer access here}}
}