This is an archive of the discontinued LLVM Phabricator instance.

Differential D156192

[-Wunsafe-buffer-usage] Stop generating incorrect fix-its for variable declarations with unsupported specifiers
ClosedPublic

Authored by ziqingluo-90 on Jul 24 2023, 6:15 PM.

Details

Reviewers
NoQ
jkorous
t-rasmud
malavikasamak
Commits
rGb58e52889808: [-Wunsafe-buffer-usage] Stop generating incorrect fix-its for variable…
Summary

We have to give up on fixing a variable declaration if it has specifiers that are not supported yet. We cannot support them for now due to the combination of following challenges:

  • Sometimes we do not have accurate source range information for the type specifiers of a variable declaration, especially when cv-qualifiers are used (source location is not provided for type qualifiers). So it is hard to generate fix-its that only touch type specifiers for a declaration.
  • We do not have the source range information for most declaration specifiers, such as storage specifiers. So it is hard to tell whether a fix-it may quietly remove a specifier by accidentally overwriting it.
  • When the declarator is not a trivial identifier (e.g., int a[] as a parameter decl), we have to replace the whole declaration in order to fix it (e.g., to std::span<int> a). If there are other specifiers involved, they may be accidentally removed (e.g., fix int [[some_type_attribute]] a[] to std::span<int> a is incorrect).

We could support these specifiers incrementally using the same approach as how we deal with cv-qualifiers. If a fixing variable declaration has a storage specifier, instead of trying to find out the source location of the specifier or to avoid touching it, we add the keyword to a canonicalized place in the fix-it text that replaces the whole declaration.

For example, storage specifiers could be always placed at the beginning of a declaration. So both const static int * x and static const int * x will be fixed to static std::span<const int> x.

Diff Detail

Event Timeline

ziqingluo-90 created this revision.Jul 24 2023, 6:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 24 2023, 6:15 PM
ziqingluo-90 requested review of this revision.Jul 24 2023, 6:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 24 2023, 6:15 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
ziqingluo-90 added a parent revision: D156189: [-Wunsafe-buffer-usage] Refactor to let local variable fix-its and parameter fix-its share common code.Jul 24 2023, 6:15 PM
Harbormaster completed remote builds in B247842: Diff 543760.Jul 25 2023, 1:18 AM
jkorous added inline comments.Jul 25 2023, 7:23 AM
clang/lib/Analysis/UnsafeBufferUsage.cpp
1422

typo: "accurate"

NoQ accepted this revision.Jul 25 2023, 1:44 PM

LGTM!

Yeah I agree that we can eventually support a lot of these incrementally, but it's great to establish a safe baseline first.

If there are other specifiers involved, they may be accidentally removed (e.g., fix int [[some_type_attribute]] a[] to std::span<int> a is incorrect).

Note that your patch doesn't actually address type attributes, only declaration attributes.

I'd love to learn if we handle type attributes like int *_Nonnull and int *_Nonnull *_Nonnull correctly. How do we even handle that correctly? This is no longer about preserving the attribute, it's about the very ability to put the same attribute on a span itself or on its template parameter. And in case of _Nonnull it doesn't sound like we have anything like that: there is no standard container that acts like span but is never null (and even if there was, that's not what _Nonnull really means), and we probably also can't do span<int *_Nonnull> because that's actually the same type as span<int *> (https://godbolt.org/z/oehTMbvrz).

So it's likely that we have to give up on unsupported type attributes very early, even before the fixit stage. Maybe on hasPointerType() stage; in such cases we aren't even sure that's a pointer, what if it's like an int *__attribute__((vector_size(8)))? (This actually can't happen; you can't have vectors of pointers. But something similar totally could.)

So both const static int * x and static const int * x will be fixed to static std::span<const int> x.

Ugh, const static int sounds awful because constapplies to the pointee, static applies to the pointer, then int applies to the pointee again. I hope we'll never see such code, but it's great that it works correctly!

This revision is now accepted and ready to land.Jul 25 2023, 1:44 PM
ziqingluo-90 added a comment.Aug 1 2023, 12:43 PM

Note that your patch doesn't actually address type attributes, only declaration attributes.

It does not address type attribute. We can address it in a follow-up patch.

So it's likely that we have to give up on unsupported type attributes very early, even before the fixit stage. Maybe on hasPointerType() stage; in such cases we aren't even sure that's a pointer, what if it's like an int *__attribute__((vector_size(8)))? (This actually can't happen; you can't have vectors of pointers. But something similar totally could.)

This is a good idea!

This revision was landed with ongoing or failed builds.Aug 21 2023, 4:39 PM
Closed by commit rGb58e52889808: [-Wunsafe-buffer-usage] Stop generating incorrect fix-its for variable… (authored by ziqingluo-90). · Explain Why
This revision was automatically updated to reflect the committed changes.
ziqingluo-90 marked an inline comment as done.
ziqingluo-90 added a commit: rGb58e52889808: [-Wunsafe-buffer-usage] Stop generating incorrect fix-its for variable….

Revision Contents

PathSize
clang/
lib/
Analysis/
32 lines
test/
SemaCXX/
34 lines

Diff 552162

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 LinesShow All 1,410 Lines▼ Show 20 Lines SourceLocation ParmIdentEndLoc =
Lexer::getLocForEndOfToken(ParmIdentBeginLoc, 0, SM, LangOpts); Lexer::getLocForEndOfToken(ParmIdentBeginLoc, 0, SM, LangOpts);
if (ParmIdentEndLoc.isMacroID() && if (ParmIdentEndLoc.isMacroID() &&
!Lexer::isAtEndOfMacroExpansion(ParmIdentEndLoc, SM, LangOpts)) !Lexer::isAtEndOfMacroExpansion(ParmIdentEndLoc, SM, LangOpts))
return std::nullopt; return std::nullopt;
return getRangeText({ParmIdentBeginLoc, ParmIdentEndLoc}, SM, LangOpts); return getRangeText({ParmIdentBeginLoc, ParmIdentEndLoc}, SM, LangOpts);
} }
// We cannot fix a variable declaration if it has some other specifiers than the
// type specifier. Because the source ranges of those specifiers could overlap
// with the source range that is being replaced using fix-its. Especially when
// we often cannot obtain accurate source ranges of cv-qualified type
jkorousUnsubmitted
Done
ReplyInline Actions

typo: "accurate"

jkorous: typo: "accurate"
// specifiers.
// FIXME: also deal with type attributes
static bool hasUnsupportedSpecifiers(const VarDecl *VD,
const SourceManager &SM) {
// AttrRangeOverlapping: true if at least one attribute of `VD` overlaps the
// source range of `VD`:
bool AttrRangeOverlapping = llvm::any_of(VD->attrs(), [&](Attr *At) -> bool {
return !(SM.isBeforeInTranslationUnit(At->getRange().getEnd(),
VD->getBeginLoc())) &&
!(SM.isBeforeInTranslationUnit(VD->getEndLoc(),
At->getRange().getBegin()));
});
return VD->isInlineSpecified() || VD->isConstexpr() ||
VD->hasConstantInitialization() || !VD->hasLocalStorage() ||
AttrRangeOverlapping;
}
// Returns the text of the pointee type of `T` from a `VarDecl` of a pointer // Returns the text of the pointee type of `T` from a `VarDecl` of a pointer
// type. The text is obtained through from `TypeLoc`s. Since `TypeLoc` does not // type. The text is obtained through from `TypeLoc`s. Since `TypeLoc` does not
// have source ranges of qualifiers ( The `QualifiedTypeLoc` looks hacky too me // have source ranges of qualifiers ( The `QualifiedTypeLoc` looks hacky too me
// :( ), `Qualifiers` of the pointee type is returned separately through the // :( ), `Qualifiers` of the pointee type is returned separately through the
// output parameter `QualifiersToAppend`. // output parameter `QualifiersToAppend`.
static std::optional<std::string> static std::optional<std::string>
getPointeeTypeText(const VarDecl *VD, const SourceManager &SM, getPointeeTypeText(const VarDecl *VD, const SourceManager &SM,
const LangOptions &LangOpts, const LangOptions &LangOpts,
▲ Show 20 LinesShow All 409 Lines▼ Show 20 Lines
// Parameters: // Parameters:
// `D` a pointer the variable declaration node // `D` a pointer the variable declaration node
// `Ctx` a reference to the ASTContext // `Ctx` a reference to the ASTContext
// `UserFillPlaceHolder` the user-input placeholder text // `UserFillPlaceHolder` the user-input placeholder text
// Returns: // Returns:
// the non-empty fix-it list, if fix-its are successfuly generated; empty // the non-empty fix-it list, if fix-its are successfuly generated; empty
// list otherwise. // list otherwise.
static FixItList fixLocalVarDeclWithSpan(const VarDecl *D, ASTContext &Ctx, static FixItList fixLocalVarDeclWithSpan(const VarDecl *D, ASTContext &Ctx,
const StringRef UserFillPlaceHolder, const StringRef UserFillPlaceHolder,
UnsafeBufferUsageHandler &Handler) { UnsafeBufferUsageHandler &Handler) {
if (hasUnsupportedSpecifiers(D, Ctx.getSourceManager()))
return {};
FixItList FixIts{}; FixItList FixIts{};
std::optional<std::string> SpanTyText = createSpanTypeForVarDecl(D, Ctx); std::optional<std::string> SpanTyText = createSpanTypeForVarDecl(D, Ctx);
if (!SpanTyText) { if (!SpanTyText) {
DEBUG_NOTE_DECL_FAIL(D, " : failed to generate 'std::span' type"); DEBUG_NOTE_DECL_FAIL(D, " : failed to generate 'std::span' type");
return {}; return {};
} }
▲ Show 20 LinesShow All 217 Lines▼ Show 20 LinescreateOverloadsForFixedParams(unsigned ParmIdx, StringRef NewTyText,
return FixIts; return FixIts;
} }
// To fix a `ParmVarDecl` to be of `std::span` type. In addition, creating a // To fix a `ParmVarDecl` to be of `std::span` type. In addition, creating a
// new overload of the function so that the change is self-contained (see // new overload of the function so that the change is self-contained (see
// `createOverloadsForFixedParams`). // `createOverloadsForFixedParams`).
static FixItList fixParamWithSpan(const ParmVarDecl *PVD, const ASTContext &Ctx, static FixItList fixParamWithSpan(const ParmVarDecl *PVD, const ASTContext &Ctx,
UnsafeBufferUsageHandler &Handler) { UnsafeBufferUsageHandler &Handler) {
if (hasUnsupportedSpecifiers(PVD, Ctx.getSourceManager())) {
DEBUG_NOTE_DECL_FAIL(PVD, " : has unsupport specifier(s)");
return {};
}
if (PVD->hasDefaultArg()) { if (PVD->hasDefaultArg()) {
// FIXME: generate fix-its for default values: // FIXME: generate fix-its for default values:
DEBUG_NOTE_DECL_FAIL(PVD, " : has default arg"); DEBUG_NOTE_DECL_FAIL(PVD, " : has default arg");
return {}; return {};
} }
assert(PVD->getType()->isPointerType()); assert(PVD->getType()->isPointerType());
auto *FD = dyn_cast<FunctionDecl>(PVD->getDeclContext()); auto *FD = dyn_cast<FunctionDecl>(PVD->getDeclContext());
▲ Show 20 LinesShow All 534 LinesShow Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-local-var-span.cpp

Show First 20 LinesShow All 52 Lines▼ Show 20 Linesvoid local_variable_qualifiers_specifiers() {
const int * p = a; const int * p = a;
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:18}:"std::span<int const> p" // CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:18}:"std::span<int const> p"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:19-[[@LINE-2]]:19}:"{" // CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:19-[[@LINE-2]]:19}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:20-[[@LINE-3]]:20}:", 10}" // CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:20-[[@LINE-3]]:20}:", 10}"
const int * const q = a; const int * const q = a;
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:24}:"std::span<int const> const q" // CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:24}:"std::span<int const> const q"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:25-[[@LINE-2]]:25}:"{" // CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:25-[[@LINE-2]]:25}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:26-[[@LINE-3]]:26}:", 10}" // CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:26-[[@LINE-3]]:26}:", 10}"
[[deprecated]] const int * x = a;
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:18-[[@LINE-1]]:33}:"std::span<int const> x"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:34-[[@LINE-2]]:34}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:35-[[@LINE-3]]:35}:", 10}"
const int * y [[deprecated]];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:16}:"std::span<int const> y"
int tmp; int tmp;
tmp = p[5]; tmp = p[5];
tmp = q[5]; tmp = q[5];
tmp = x[5];
tmp = y[5];
} }
void local_variable_unsupported_specifiers() {
int a[10];
const int * p [[deprecated]] = a; // not supported because the attribute overlaps the source range of the declaration
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
static const int * q = a; // storage specifier not supported yet
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
extern int * x; // storage specifier not supported yet
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
constexpr int * y = 0; // `constexpr` specifier not supported yet
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
int tmp;
tmp = p[5];
tmp = q[5];
tmp = x[5];
tmp = y[5];
}
void local_array_subscript_variable_extent() { void local_array_subscript_variable_extent() {
int n = 10; int n = 10;
int tmp; int tmp;
int *p = new int[n]; int *p = new int[n];
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", n}" // CHECK-DAG: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", n}"
// If the extent expression does not have a constant value, we cannot fill the extent for users... // If the extent expression does not have a constant value, we cannot fill the extent for users...
▲ Show 20 LinesShow All 221 LinesShow Last 20 Lines