This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
include/clang/Analysis/Analyses/
-
clang/
-
Analysis/
-
Analyses/
-
UnsafeBufferUsage.h
-
lib/Analysis/
-
Analysis/
8/11
UnsafeBufferUsage.cpp
-
test/SemaCXX/
-
SemaCXX/
2/2
warn-unsafe-buffer-usage-fixits-multi-parm-span.cpp
-
warn-unsafe-buffer-usage-multi-decl-fixits-test.cpp
-
warn-unsafe-buffer-usage-multi-decl-ptr-init-fixits.cpp
1/1
warn-unsafe-buffer-usage-multi-decl-ptr-init.cpp
-
warn-unsafe-buffer-usage-multi-decl-uuc-fixits.cpp
-
warn-unsafe-buffer-usage-multi-decl-uuc.cpp
-
warn-unsafe-buffer-usage-multi-decl-warnings.cpp
-
warn-unsafe-buffer-usage-pragma-fixit.cpp

Differential D157441

[-Wunsafe-buffer-usage] Use `Strategy` to determine whether to fix a parameter
ClosedPublic

Authored by ziqingluo-90 on Aug 8 2023, 2:35 PM.

Download Raw Diff

Details

Reviewers

t-rasmud
NoQ
jkorous
malavikasamak

Commits

rG700baeb765cf: [-Wunsafe-buffer-usage] Use `Strategy` to determine whether to fix a parameter

Summary

Use Strategy to determine whether to fix a parameter.
Fix the Strategy construction so that only variables on the graph are assigned the std::span strategy
~~Extend PointerAssignmentGadget and PointerInitGadget to generate fix-its for cases where the left-hand side has won't fix strategy and the right-hand side has std::span strategy.~~

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

ziqingluo-90 created this revision.Aug 8 2023, 2:35 PM

Herald added a project: Restricted Project. · View Herald TranscriptAug 8 2023, 2:35 PM

ziqingluo-90 requested review of this revision.Aug 8 2023, 2:35 PM

Herald added a project: Restricted Project. · View Herald TranscriptAug 8 2023, 2:35 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Harbormaster completed remote builds in B251202: Diff 548333.Aug 8 2023, 2:36 PM

ziqingluo-90 added parent revisions: D153059: [-Wunsafe-buffer-usage] Group parameter fix-its, D156188: [-Wunsafe-buffer-usage] Refactor and improve for parameter fix-its.Aug 8 2023, 2:37 PM

ziqingluo-90 added inline comments.Aug 8 2023, 2:50 PM

clang/lib/Analysis/UnsafeBufferUsage.cpp
1637–1638	NFC. Just noticed that `getPastLoc` is the better function to call here.
2743	`VisitedVars` are the set of variables on the computed graph. The previous `UnsafeVars` is a superset of it, including safe variables that have `FixableGadget`s discovered. We do not want to assign strategies other than `Won't fix` to those safe variables.
clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-multi-parm-span.cpp
30	Both `b` and `a` will be changed to have `std::span` type. So this assignment needs no fix-it. Same reason applies to similar changes in the rest of this test file.
80	`y` does not have to be changed to a safe-type while `x` does. So we need to fix this assignment. Same reason applies to similar changes in the rest of this test file.
clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-ptr-init.cpp
29	We now support to fix `int *r = q`. So all the unsafe variables can be fixed.

Ooo nice!!

Extend PointerAssignmentGadget and PointerInitGadget to generate fix-its for cases where the left-hand side has won't fix strategy and the right-hand side has std::span strategy.

Hmm, is this intertwined with other changes, or is this completely separate? Also my head appears to be blank; did we reach any conclusion about the nature of "single" RHS-es and usefulness of annotating them as such? Which could be an approach that would encourage people to propagate more bounds in the backwards direction by default.

clang/lib/Analysis/UnsafeBufferUsage.cpp

1573

MatchFinder::MatchResult.Context is what you're probably looking for, so it's already kinda passed in. You can stash it in a member variable in the base class Gadget and have it readily available everywhere, i.e.

 class Gadget {
 public:
-  Gadget(Kind K) : K(K) {}
+  Gadget(Kind K, const MatchResult &Result) : K(K), Context(*Result.Context) {
+    assert(Context);
+  }

 private:
   Kind K;
+  const ASTContext &Context;
 };

 class FixableGadget : public Gadget {
 public:
-  FixableGadget(Kind K) : Gadget(K) {}
+  FixableGadget(Kind K, const MatchResult &Result) : Gadget(K, Result) {}
 };

 class PointerAssignmentGadget {
   PointerAssignmentGadget(const MatchResult &Result)
-      : FixableGadget(Kind::PointerAssignment),
+      : FixableGadget(Kind::PointerAssignment, Result),
     PtrLHS(Result.Nodes.getNodeAs<DeclRefExpr>(PointerAssignLHSTag)),
     PtrRHS(Result.Nodes.getNodeAs<DeclRefExpr>(PointerAssignRHSTag)) {}
 };

(the change in individual gadget classes is really tiny!)

2712–2738

This entire loop can probably go away as soon as we stop relying on FixablesForAllVars and treat groups separately.

Then we can probably even have different Strategy objects for different groups, so getNaiveStrategy() could also be invoked per-group?

2753

I guess the next step is to call this function separately for each group?

NoQ mentioned this in D156762: [-Wunsafe-buffer-usage][NFC] Refactor `getFixIts`---where fix-its are generated.Aug 8 2023, 5:08 PM

Extend PointerAssignmentGadget and PointerInitGadget to generate fix-its for cases where the left-hand side
has won't fix strategy and the right-hand side has std::span strategy.

Hmm, is this intertwined with other changes, or is this completely separate? Also my head appears to be blank;

The two FixableGadgets previously gave incorrect fix-its for the cases where only RHS need fix. After the change made to Strategy, they returned std::nullopt as the case was not implemented.
So to avoid regression, I made the extension to the two Gadgets.

did we reach any conclusion about the nature of "single" RHS-es and usefulness of annotating them as such?
Which could be an approach that would encourage people to propagate more bounds in the backwards direction by default.

Can you elaborate the question a bit more?

t-rasmud added inline comments.Aug 17 2023, 3:47 PM

clang/lib/Analysis/UnsafeBufferUsage.cpp
2743	Would it make more sense (make the code more readable) if we renamed `UnsafeVars` to say, `FixableVars`?

In D157441#4575220, @ziqingluo-90 wrote:

Extend PointerAssignmentGadget and PointerInitGadget to generate fix-its for cases where the left-hand side
has won't fix strategy and the right-hand side has std::span strategy.

Hmm, is this intertwined with other changes, or is this completely separate? Also my head appears to be blank;

The two FixableGadgets previously gave incorrect fix-its for the cases where only RHS need fix. After the change made to Strategy, they returned std::nullopt as the case was not implemented.
So to avoid regression, I made the extension to the two Gadgets.

did we reach any conclusion about the nature of "single" RHS-es and usefulness of annotating them as such?
Which could be an approach that would encourage people to propagate more bounds in the backwards direction by default.

Can you elaborate the question a bit more?

If previously we were emitting an incorrect fixit and now we're not emitting any fixit, then I think it's a very good improvement, not a regression 🤔

Uhh, I meant LHSes, sorry 😅

Anyway, the point was that it's hard to tell whether .data() is the right fix, so I think we wanted to hold off implementing it, because we probably want to do something better instead in most cases. Like, implement a strategy discovery procedure that would give us a better idea of how exactly is the LHS pointer used safely. Then we might emit different fixes based on that. So I suspect that it should be a separate effort, so it probably makes sense to separate it into a different patch and think more about it.

In our offline discussion, we realized that p = q.data() is not always a correct fix to p = q for cases where only q is an unsafe pointer. It depends on whether p is being dereferenced later. So I removed my changes to PointerAssignmentGadget and PointerInitGadget.

Note there are many tests adjusted due to the fact that now p = q cannot be fixed if only q is unsafe (previously incorrect fix-it was provided, so it is not a regression).

Harbormaster completed remote builds in B254704: Diff 553226.Aug 24 2023, 1:14 PM

ziqingluo-90 added inline comments.Aug 24 2023, 1:31 PM

clang/lib/Analysis/UnsafeBufferUsage.cpp
2587	We cannot fix reference type variable declarations for now. Besides, it seems that reference type is invisible to `Expr`s. For example, void foo(int * &p) { p[5]; // the type of the DRE `p` is a pointer-to-int instead of a reference } So we ignore such variables explicitly here.
2743	Oh, I just realized that `UnsafeVars` is now an unused variable. So let's remove it. `FixableVars` would be a better name for sure, since it is in fact the key set of `FixablesForAllVars.byVar`.
2743	To correct myself, `VisitedVars` are the variables In the graph but it may not be a subset of "fixable variables". `VisitedVars` may contain variables that is not fixable, i.e., variables having no `FixableGadget` associated with. We should leave those unfixable variables being WON'T FIX.

Looks amazing now. Thanks for splitting it up and fighting hard against complexity!

clang/lib/Analysis/UnsafeBufferUsage.cpp
2587	Ooo you're one of today's lucky 10,000! (More like today's 0.01, I doubt there are many C++ programmers who are aware of this quirk, it's a very niche compiler gotcha.) That's right, expressions in C++ can't have reference types. They have "value kinds" instead (lvalue, rvalue, etc) which are more fundamental (not even necessarily C++-specific). As far as I understand, from language formalism point of view, references aren't values per se; they're just names given to other values (glvalues, to be exact). There's no separate operation of "reference dereference" in C++ formalism; "undereferenced reference" expressions don't exist in the first place. So in this example: int x = 5; int &y = x; int a = x + y; not only the type of DeclRefExpr `y` is `int`, but also the value of the DeclRefExpr `y` is the glvalue named `x`. And the value of DeclRefExpr `x` is also the glvalue named `x`. From the point of view of C++ formalism, there's no separate location in memory named `y`. The declaration `y` simply declares a different way to refer to `x`. This formalism is very different from pointers, where in int x = 5; int y = &x; int a = x + y; you're allowed to assume that there's a separate memory location named `y` where the address of memory location named `x` is written. You can further take the address of that location and put it into a third location named `w` by writing `int *z = &y;`. You can do that indefinitely, and then roll it all back with sufficient amount of ``s. You can also reassign your pointers, eg. `y = &a` would overwrite the data at location `y`. You cannot do any of that with references. You cannot reassign a reference. You cannot take a reference to a reference; that's the same as a reference to the original lvalue, both simply become names given to that actual value. Similarly, the language doesn't let you take an address of the location in which the reference is stored; it doesn't even allow you to assume that such location exists. Sure you can "convert a reference to a pointer" with the help of the operator `&`, but that's just taking address of an lvalue it refers to. This doesn't mean that the reference itself "is" an address, it just means that the lvalue itself is technically still just an address. References can often be implemented as pointers by the codegen, eg. reference-type fields in classes or reference-type return values are probably just pointers "under the hood". Conversely, in case of pointers the actual location for `y` and for `z` could have also been optimized away by the optimizer, causing the pointers to "act like references" "under the hood": from CodeGen perspective they're just a different way to refer to `x`. But the purpose of this formalism isn't to describe what happens under the hood; it's just to define what operations are allowed on which expressions. And for that very simple and limited purpose, references don't act like values, and expressions of reference type don't really make sense, which is what we observe in the AST. (None of this has anything to do with the patch, I just hope this helps you approach this problem in the future.)

This revision is now accepted and ready to land.Sep 20 2023, 2:33 PM

clang/lib/Analysis/UnsafeBufferUsage.cpp
2587	Thank you for explaining this! You just provided me a brand new view on C++ references . "expressions of reference type don't really make sense" could have confused me but now it makes perfect sense with your explanation.

This revision was landed with ongoing or failed builds.Sep 21 2023, 3:07 PM

Closed by commit rG700baeb765cf: [-Wunsafe-buffer-usage] Use `Strategy` to determine whether to fix a parameter (authored by ziqingluo-90). · Explain Why

This revision was automatically updated to reflect the committed changes.

ziqingluo-90 marked an inline comment as done.

ziqingluo-90 added a commit: rG700baeb765cf: [-Wunsafe-buffer-usage] Use `Strategy` to determine whether to fix a parameter.

Revision Contents

Path

Size

clang/

include/

clang/

Analysis/

Analyses/

UnsafeBufferUsage.h

4 lines

lib/

Analysis/

UnsafeBufferUsage.cpp

94 lines

test/

SemaCXX/

warn-unsafe-buffer-usage-fixits-multi-parm-span.cpp

36 lines

warn-unsafe-buffer-usage-multi-decl-fixits-test.cpp

46 lines

warn-unsafe-buffer-usage-multi-decl-ptr-init-fixits.cpp

6 lines

warn-unsafe-buffer-usage-multi-decl-ptr-init.cpp

6 lines

warn-unsafe-buffer-usage-multi-decl-uuc-fixits.cpp

10 lines

warn-unsafe-buffer-usage-multi-decl-uuc.cpp

4 lines

warn-unsafe-buffer-usage-multi-decl-warnings.cpp

44 lines

warn-unsafe-buffer-usage-pragma-fixit.cpp

3 lines

Diff 557209

clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h

Show All 29 Lines	public:
/// Returns the set of variables (including `Var`) that need to be fixed		/// Returns the set of variables (including `Var`) that need to be fixed
/// together in one step.		/// together in one step.
///		///
/// `Var` must be a variable that needs fix (so it must be in a group).		/// `Var` must be a variable that needs fix (so it must be in a group).
/// `HasParm` is an optional argument that will be set to true if the set of		/// `HasParm` is an optional argument that will be set to true if the set of
/// variables, where `Var` is in, contains parameters.		/// variables, where `Var` is in, contains parameters.
virtual VarGrpRef getGroupOfVar(const VarDecl *Var,		virtual VarGrpRef getGroupOfVar(const VarDecl *Var,
bool *HasParm = nullptr) const =0;		bool *HasParm = nullptr) const =0;

		/// Returns the non-empty group of variables that include parameters of the
		/// analyzing function, if such a group exists. An empty group, otherwise.
		virtual VarGrpRef getGroupOfParms() const =0;
};		};

/// The interface that lets the caller handle unsafe buffer usage analysis		/// The interface that lets the caller handle unsafe buffer usage analysis
/// results by overriding this class's handle... methods.		/// results by overriding this class's handle... methods.
class UnsafeBufferUsageHandler {		class UnsafeBufferUsageHandler {
#ifndef NDEBUG		#ifndef NDEBUG
public:		public:
// A self-debugging facility that you can use to notify the user when		// A self-debugging facility that you can use to notify the user when
▲ Show 20 Lines • Show All 73 Lines • Show Last 20 Lines

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 Lines • Show All 1,564 Lines • ▼ Show 20 Lines	DerefSimplePtrArithFixableGadget::getFixits(const Strategy &s) const {

if (VD && s.lookup(VD) == Strategy::Kind::Span) {		if (VD && s.lookup(VD) == Strategy::Kind::Span) {
ASTContext &Ctx = VD->getASTContext();		ASTContext &Ctx = VD->getASTContext();
// std::span can't represent elements before its begin()		// std::span can't represent elements before its begin()
if (auto ConstVal = Offset->getIntegerConstantExpr(Ctx))		if (auto ConstVal = Offset->getIntegerConstantExpr(Ctx))
if (ConstVal->isNegative())		if (ConstVal->isNegative())
return std::nullopt;		return std::nullopt;

// note that the expr may (oddly) has multiple layers of parens		// note that the expr may (oddly) has multiple layers of parens
		NoQUnsubmitted Not Done Reply Inline Actions `MatchFinder::MatchResult.Context` is what you're probably looking for, so it's already kinda passed in. You can stash it in a member variable in the base class `Gadget` and have it readily available everywhere, i.e. class Gadget { public: - Gadget(Kind K) : K(K) {} + Gadget(Kind K, const MatchResult &Result) : K(K), Context(Result.Context) { + assert(Context); + } private: Kind K; + const ASTContext &Context; }; class FixableGadget : public Gadget { public: - FixableGadget(Kind K) : Gadget(K) {} + FixableGadget(Kind K, const MatchResult &Result) : Gadget(K, Result) {} }; class PointerAssignmentGadget { PointerAssignmentGadget(const MatchResult &Result) - : FixableGadget(Kind::PointerAssignment), + : FixableGadget(Kind::PointerAssignment, Result), PtrLHS(Result.Nodes.getNodeAs<DeclRefExpr>(PointerAssignLHSTag)), PtrRHS(Result.Nodes.getNodeAs<DeclRefExpr>(PointerAssignRHSTag)) {} }; (the change in individual gadget classes is really tiny!) NoQ:* `MatchFinder::MatchResult.Context` is what you're probably looking for, so it's already kinda…
// example:		// example:
// *((..(pointer + 123)..))		// *((..(pointer + 123)..))
// goal:		// goal:
// pointer[123]		// pointer[123]
// Fix-It:		// Fix-It:
// remove '*('		// remove '*('
// replace ' + ' with '['		// replace ' + ' with '['
// replace ')' with ']'		// replace ')' with ']'
▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines	PointerDereferenceGadget::getFixits(const Strategy &S) const {
case Strategy::Kind::Span: {		case Strategy::Kind::Span: {
ASTContext &Ctx = VD->getASTContext();		ASTContext &Ctx = VD->getASTContext();
SourceManager &SM = Ctx.getSourceManager();		SourceManager &SM = Ctx.getSourceManager();
// Required changes: (ptr); => (ptr[0]); and ptr; => ptr[0]		// Required changes: (ptr); => (ptr[0]); and ptr; => ptr[0]
// Deletes the *operand		// Deletes the *operand
CharSourceRange derefRange = clang::CharSourceRange::getCharRange(		CharSourceRange derefRange = clang::CharSourceRange::getCharRange(
Op->getBeginLoc(), Op->getBeginLoc().getLocWithOffset(1));		Op->getBeginLoc(), Op->getBeginLoc().getLocWithOffset(1));
// Inserts the [0]		// Inserts the [0]
std::optional<SourceLocation> EndOfOperand =		if (auto LocPastOperand =
getEndCharLoc(BaseDeclRefExpr, SM, Ctx.getLangOpts());		getPastLoc(BaseDeclRefExpr, SM, Ctx.getLangOpts())) {
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions NFC. Just noticed that `getPastLoc` is the better function to call here. ziqingluo-90: NFC. Just noticed that `getPastLoc` is the better function to call here.
if (EndOfOperand) {
return FixItList{{FixItHint::CreateRemoval(derefRange),		return FixItList{{FixItHint::CreateRemoval(derefRange),
FixItHint::CreateInsertion(		FixItHint::CreateInsertion(*LocPastOperand, "[0]")}};
(*EndOfOperand).getLocWithOffset(1), "[0]")}};
}		}
break;		break;
}		}
case Strategy::Kind::Iterator:		case Strategy::Kind::Iterator:
case Strategy::Kind::Array:		case Strategy::Kind::Array:
case Strategy::Kind::Vector:		case Strategy::Kind::Vector:
llvm_unreachable("Strategy not implemented yet!");		llvm_unreachable("Strategy not implemented yet!");
case Strategy::Kind::Wontfix:		case Strategy::Kind::Wontfix:
▲ Show 20 Lines • Show All 322 Lines • ▼ Show 20 Lines
// void f(std::span<int> p); // added overload decl		// void f(std::span<int> p); // added overload decl
// void f(std::span<int> p) { // original def where param is changed		// void f(std::span<int> p) { // original def where param is changed
// p[5];		// p[5];
// }		// }
// [[clang::unsafe_buffer_usage]] void f(int *p) { // added def		// [[clang::unsafe_buffer_usage]] void f(int *p) { // added def
// return f(std::span(p, <# size #>));		// return f(std::span(p, <# size #>));
// }		// }
//		//
// The actual fix-its may contain more details, e.g., the attribute may be guard
// by a macro
// #if __has_cpp_attribute(clang::unsafe_buffer_usage)
// [[clang::unsafe_buffer_usage]]
// #endif
//
// `ParmsMask` is an array of size of `FD->getNumParams()` such
// that `ParmsMask[i]` is true iff the `i`-th parameter will be fixed with some
// strategy.
static std::optional<FixItList>		static std::optional<FixItList>
createOverloadsForFixedParams(const std::vector<bool> &ParmsMask, const Strategy &S,		createOverloadsForFixedParams(const Strategy &S, const FunctionDecl *FD,
const FunctionDecl *FD, const ASTContext &Ctx,		const ASTContext &Ctx,
UnsafeBufferUsageHandler &Handler) {		UnsafeBufferUsageHandler &Handler) {
// FIXME: need to make this conflict checking better:		// FIXME: need to make this conflict checking better:
if (hasConflictingOverload(FD))		if (hasConflictingOverload(FD))
return std::nullopt;		return std::nullopt;

const SourceManager &SM = Ctx.getSourceManager();		const SourceManager &SM = Ctx.getSourceManager();
const LangOptions &LangOpts = Ctx.getLangOpts();		const LangOptions &LangOpts = Ctx.getLangOpts();
const unsigned NumParms = FD->getNumParams();		const unsigned NumParms = FD->getNumParams();
std::vector<std::string> NewTysTexts(NumParms);		std::vector<std::string> NewTysTexts(NumParms);
		std::vector<bool> ParmsMask(NumParms, false);
		bool AtLeastOneParmToFix = false;

for (unsigned i = 0; i < NumParms; i++) {		for (unsigned i = 0; i < NumParms; i++) {
if (!ParmsMask[i])		const ParmVarDecl *PVD = FD->getParamDecl(i);

		if (S.lookup(PVD) == Strategy::Kind::Wontfix)
continue;		continue;
		if (S.lookup(PVD) != Strategy::Kind::Span)
		// Not supported, not suppose to happen:
		return std::nullopt;

std::optional<Qualifiers> PteTyQuals = std::nullopt;		std::optional<Qualifiers> PteTyQuals = std::nullopt;
std::optional<std::string> PteTyText =		std::optional<std::string> PteTyText =
getPointeeTypeText(FD->getParamDecl(i), SM, LangOpts, &PteTyQuals);		getPointeeTypeText(PVD, SM, LangOpts, &PteTyQuals);

if (!PteTyText)		if (!PteTyText)
// something wrong in obtaining the text of the pointee type, give up		// something wrong in obtaining the text of the pointee type, give up
return std::nullopt;		return std::nullopt;
// FIXME: whether we should create std::span type depends on the Strategy.		// FIXME: whether we should create std::span type depends on the Strategy.
NewTysTexts[i] = getSpanTypeText(*PteTyText, PteTyQuals);		NewTysTexts[i] = getSpanTypeText(*PteTyText, PteTyQuals);
		ParmsMask[i] = true;
		AtLeastOneParmToFix = true;
}		}
		if (!AtLeastOneParmToFix)
		// No need to create function overloads:
		return {};
// FIXME Respect indentation of the original code.		// FIXME Respect indentation of the original code.

// A lambda that creates the text representation of a function declaration		// A lambda that creates the text representation of a function declaration
// with the new type signatures:		// with the new type signatures:
const auto NewOverloadSignatureCreator =		const auto NewOverloadSignatureCreator =
[&SM, &LangOpts, &NewTysTexts,		[&SM, &LangOpts, &NewTysTexts,
&ParmsMask](const FunctionDecl *FD) -> std::optional<std::string> {		&ParmsMask](const FunctionDecl *FD) -> std::optional<std::string> {
std::stringstream SS;		std::stringstream SS;
▲ Show 20 Lines • Show All 292 Lines • ▼ Show 20 Lines
// NOTE: In case `D`'s parameters will be changed but bounds-safe function		// NOTE: In case `D`'s parameters will be changed but bounds-safe function
// overloads cannot created, the whole group that contains the parameters will		// overloads cannot created, the whole group that contains the parameters will
// be erased from `FixItsForVariable`.		// be erased from `FixItsForVariable`.
static FixItList createFunctionOverloadsForParms(		static FixItList createFunctionOverloadsForParms(
std::map<const VarDecl , FixItList> &FixItsForVariable / mutable */,		std::map<const VarDecl , FixItList> &FixItsForVariable / mutable */,
const VariableGroupsManager &VarGrpMgr, const FunctionDecl *FD,		const VariableGroupsManager &VarGrpMgr, const FunctionDecl *FD,
const Strategy &S, ASTContext &Ctx, UnsafeBufferUsageHandler &Handler) {		const Strategy &S, ASTContext &Ctx, UnsafeBufferUsageHandler &Handler) {
FixItList FixItsSharedByParms{};		FixItList FixItsSharedByParms{};
std::vector<bool> ParmsNeedFixMask(FD->getNumParams(), false);
const VarDecl *FirstParmNeedsFix = nullptr;

for (unsigned i = 0; i < FD->getNumParams(); i++)
if (FixItsForVariable.count(FD->getParamDecl(i))) {
ParmsNeedFixMask[i] = true;
FirstParmNeedsFix = FD->getParamDecl(i);
}
if (FirstParmNeedsFix) {
// In case at least one parameter needs to be fixed:
std::optional<FixItList> OverloadFixes =		std::optional<FixItList> OverloadFixes =
createOverloadsForFixedParams(ParmsNeedFixMask, S, FD, Ctx, Handler);		createOverloadsForFixedParams(S, FD, Ctx, Handler);

if (OverloadFixes) {		if (OverloadFixes) {
FixItsSharedByParms.append(*OverloadFixes);		FixItsSharedByParms.append(*OverloadFixes);
} else {		} else {
// Something wrong in generating `OverloadFixes`, need to remove the		// Something wrong in generating `OverloadFixes`, need to remove the
// whole group, where parameters are in, from `FixItsForVariable` (Note		// whole group, where parameters are in, from `FixItsForVariable` (Note
// that all parameters should be in the same group):		// that all parameters should be in the same group):
for (auto *Member : VarGrpMgr.getGroupOfVar(FirstParmNeedsFix))		for (auto *Member : VarGrpMgr.getGroupOfParms())
FixItsForVariable.erase(Member);		FixItsForVariable.erase(Member);
}		}
}
return FixItsSharedByParms;		return FixItsSharedByParms;
}		}

// Constructs self-contained fix-its for each variable in `FixablesForAllVars`.		// Constructs self-contained fix-its for each variable in `FixablesForAllVars`.
static std::map<const VarDecl *, FixItList>		static std::map<const VarDecl *, FixItList>
getFixIts(FixableGadgetSets &FixablesForAllVars, const Strategy &S,		getFixIts(FixableGadgetSets &FixablesForAllVars, const Strategy &S,
ASTContext &Ctx,		ASTContext &Ctx,
/* The function decl under analysis / const Decl D,		/* The function decl under analysis / const Decl D,
▲ Show 20 Lines • Show All 87 Lines • ▼ Show 20 Lines	for (auto Iter = FinalFixItsForVariable.begin();
if (overlapWithMacro(Iter->second) \|\|		if (overlapWithMacro(Iter->second) \|\|
clang::internal::anyConflict(Iter->second, Ctx.getSourceManager())) {		clang::internal::anyConflict(Iter->second, Ctx.getSourceManager())) {
Iter = FinalFixItsForVariable.erase(Iter);		Iter = FinalFixItsForVariable.erase(Iter);
} else		} else
Iter++;		Iter++;
return FinalFixItsForVariable;		return FinalFixItsForVariable;
}		}

		template <typename VarDeclIterTy>
static Strategy		static Strategy
getNaiveStrategy(const llvm::SmallVectorImpl<const VarDecl *> &UnsafeVars) {		getNaiveStrategy(llvm::iterator_range<VarDeclIterTy> UnsafeVars) {
Strategy S;		Strategy S;
for (const VarDecl *VD : UnsafeVars) {		for (const VarDecl *VD : UnsafeVars) {
S.set(VD, Strategy::Kind::Span);		S.set(VD, Strategy::Kind::Span);
}		}
return S;		return S;
}		}

// Manages variable groups:		// Manages variable groups:
Show All 20 Lines	if (HasParm)
*HasParm = false;		*HasParm = false;

auto It = VarGrpMap.find(Var);		auto It = VarGrpMap.find(Var);

if (It == VarGrpMap.end())		if (It == VarGrpMap.end())
return std::nullopt;		return std::nullopt;
return Groups[It->second];		return Groups[It->second];
}		}

		VarGrpRef getGroupOfParms() const override {
		return GrpsUnionForParms.getArrayRef();
		}
};		};

void clang::checkUnsafeBufferUsage(const Decl *D,		void clang::checkUnsafeBufferUsage(const Decl *D,
UnsafeBufferUsageHandler &Handler,		UnsafeBufferUsageHandler &Handler,
bool EmitSuggestions) {		bool EmitSuggestions) {
#ifndef NDEBUG		#ifndef NDEBUG
Handler.clearDebugNotes();		Handler.clearDebugNotes();
#endif		#endif
▲ Show 20 Lines • Show All 79 Lines • ▼ Show 20 Lines	for (auto it = FixablesForAllVars.byVar.cbegin();
if ((!it->first->isLocalVarDecl() && !isa<ParmVarDecl>(it->first))) {		if ((!it->first->isLocalVarDecl() && !isa<ParmVarDecl>(it->first))) {
#ifndef NDEBUG		#ifndef NDEBUG
Handler.addDebugNoteForVar(		Handler.addDebugNoteForVar(
it->first, it->first->getBeginLoc(),		it->first, it->first->getBeginLoc(),
("failed to produce fixit for '" + it->first->getNameAsString() +		("failed to produce fixit for '" + it->first->getNameAsString() +
"' : neither local nor a parameter"));		"' : neither local nor a parameter"));
#endif		#endif
it = FixablesForAllVars.byVar.erase(it);		it = FixablesForAllVars.byVar.erase(it);
		} else if (it->first->getType().getCanonicalType()->isReferenceType()) {
		#ifndef NDEBUG
		Handler.addDebugNoteForVar(it->first, it->first->getBeginLoc(),
		("failed to produce fixit for '" +
		it->first->getNameAsString() +
		"' : has a reference type"));
		#endif
		it = FixablesForAllVars.byVar.erase(it);
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions We cannot fix reference type variable declarations for now. Besides, it seems that reference type is invisible to `Expr`s. For example, void foo(int * &p) { p[5]; // the type of the DRE `p` is a pointer-to-int instead of a reference } So we ignore such variables explicitly here. ziqingluo-90: We cannot fix reference type variable declarations for now. Besides, it seems that reference…
		NoQUnsubmitted Done Reply Inline Actions Ooo you're one of today's lucky 10,000! (More like today's 0.01, I doubt there are many C++ programmers who are aware of this quirk, it's a very niche compiler gotcha.) That's right, expressions in C++ can't have reference types. They have "value kinds" instead (lvalue, rvalue, etc) which are more fundamental (not even necessarily C++-specific). As far as I understand, from language formalism point of view, references aren't values per se; they're just names given to other values (glvalues, to be exact). There's no separate operation of "reference dereference" in C++ formalism; "undereferenced reference" expressions don't exist in the first place. So in this example: int x = 5; int &y = x; int a = x + y; not only the type of DeclRefExpr `y` is `int`, but also the value of the DeclRefExpr `y` is the glvalue named `x`. And the value of DeclRefExpr `x` is also the glvalue named `x`. From the point of view of C++ formalism, there's no separate location in memory named `y`. The declaration `y` simply declares a different way to refer to `x`. This formalism is very different from pointers, where in int x = 5; int y = &x; int a = x + y; you're allowed to assume that there's a separate memory location named `y` where the address of memory location named `x` is written. You can further take the address of that location and put it into a third location named `w` by writing `int *z = &y;`. You can do that indefinitely, and then roll it all back with sufficient amount of ``s. You can also reassign your pointers, eg. `y = &a` would overwrite the data at location `y`. You cannot do any of that with references. You cannot reassign a reference. You cannot take a reference to a reference; that's the same as a reference to the original lvalue, both simply become names given to that actual value. Similarly, the language doesn't let you take an address of the location in which the reference is stored; it doesn't even allow you to assume that such location exists. Sure you can "convert a reference to a pointer" with the help of the operator `&`, but that's just taking address of an lvalue it refers to. This doesn't mean that the reference itself "is" an address, it just means that the lvalue itself is technically still just an address. References can often be implemented as pointers by the codegen, eg. reference-type fields in classes or reference-type return values are probably just pointers "under the hood". Conversely, in case of pointers the actual location for `y` and for `z` could have also been optimized away by the optimizer, causing the pointers to "act like references" "under the hood": from CodeGen perspective they're just a different way to refer to `x`. But the purpose of this formalism isn't to describe what happens under the hood; it's just to define what operations are allowed on which expressions. And for that very simple and limited purpose, references don't act like values, and expressions of reference type don't really make sense, which is what we observe in the AST. (None of this has anything to do with the patch, I just hope this helps you approach this problem in the future.) NoQ: Ooo [[ https://xkcd.com/1053/ \| you're one of today's lucky 10,000 ]]! (More like today's 0.01…
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions Thank you for explaining this! You just provided me a brand new view on C++ references . "expressions of reference type don't really make sense" could have confused me but now it makes perfect sense with your explanation. ziqingluo-90: Thank you for explaining this! You just provided me a brand new view on C++ references .
} else if (Tracker.hasUnclaimedUses(it->first)) {		} else if (Tracker.hasUnclaimedUses(it->first)) {
#ifndef NDEBUG		#ifndef NDEBUG
auto AllUnclaimed = Tracker.getUnclaimedUses(it->first);		auto AllUnclaimed = Tracker.getUnclaimedUses(it->first);
for (auto UnclaimedDRE : AllUnclaimed) {		for (auto UnclaimedDRE : AllUnclaimed) {
Handler.addDebugNoteForVar(		Handler.addDebugNoteForVar(
it->first, UnclaimedDRE->getBeginLoc(),		it->first, UnclaimedDRE->getBeginLoc(),
("failed to produce fixit for '" + it->first->getNameAsString() +		("failed to produce fixit for '" + it->first->getNameAsString() +
"' : has an unclaimed use"));		"' : has an unclaimed use"));
}		}
#endif		#endif
it = FixablesForAllVars.byVar.erase(it);		it = FixablesForAllVars.byVar.erase(it);
} else if (it->first->isInitCapture()) {		} else if (it->first->isInitCapture()) {
#ifndef NDEBUG		#ifndef NDEBUG
Handler.addDebugNoteForVar(		Handler.addDebugNoteForVar(
it->first, it->first->getBeginLoc(),		it->first, it->first->getBeginLoc(),
("failed to produce fixit for '" + it->first->getNameAsString() +		("failed to produce fixit for '" + it->first->getNameAsString() +
"' : init capture"));		"' : init capture"));
#endif		#endif
it = FixablesForAllVars.byVar.erase(it);		it = FixablesForAllVars.byVar.erase(it);
}else {		}else {
++it;		++it;
}		}
}		}

llvm::SmallVector<const VarDecl *, 16> UnsafeVars;
for (const auto &[VD, ignore] : FixablesForAllVars.byVar)
UnsafeVars.push_back(VD);

// Fixpoint iteration for pointer assignments		// Fixpoint iteration for pointer assignments
using DepMapTy = DenseMap<const VarDecl , llvm::SetVector<const VarDecl >>;		using DepMapTy = DenseMap<const VarDecl , llvm::SetVector<const VarDecl >>;
DepMapTy DependenciesMap{};		DepMapTy DependenciesMap{};
DepMapTy PtrAssignmentGraph{};		DepMapTy PtrAssignmentGraph{};

for (auto it : FixablesForAllVars.byVar) {		for (auto it : FixablesForAllVars.byVar) {
for (const FixableGadget *fixable : it.second) {		for (const FixableGadget *fixable : it.second) {
std::optional<std::pair<const VarDecl , const VarDecl >> ImplPair =		std::optional<std::pair<const VarDecl , const VarDecl >> ImplPair =
▲ Show 20 Lines • Show All 84 Lines • ▼ Show 20 Lines	if (VisitedVars.find(Var) == VisitedVars.end()) {
if (!HasParm && isParameterOf(V, D))		if (!HasParm && isParameterOf(V, D))
HasParm = true;		HasParm = true;
}		}
if (HasParm)		if (HasParm)
GrpsUnionForParms.insert(VarGroup.begin(), VarGroup.end());		GrpsUnionForParms.insert(VarGroup.begin(), VarGroup.end());
}		}
}		}

// Remove a `FixableGadget` if the associated variable is not in the graph		// Remove a `FixableGadget` if the associated variable is not in the graph
// computed above. We do not want to generate fix-its for such variables,		// computed above. We do not want to generate fix-its for such variables,
// since they are neither warned nor reachable from a warned one.		// since they are neither warned nor reachable from a warned one.
//		//
// Note a variable is not warned if it is not directly used in any unsafe		// Note a variable is not warned if it is not directly used in any unsafe
// operation. A variable `v` is NOT reachable from an unsafe variable, if it		// operation. A variable `v` is NOT reachable from an unsafe variable, if it
// does not exist another variable `u` such that `u` is warned and fixing `u`		// does not exist another variable `u` such that `u` is warned and fixing `u`
// (transitively) implicates fixing `v`.		// (transitively) implicates fixing `v`.
//		//
// For example,		// For example,
// ```		// ```
// void f(int * p) {		// void f(int * p) {
// int * a = p; *p = 0;		// int * a = p; *p = 0;
// }		// }
// ```		// ```
// `*p = 0` is a fixable gadget associated with a variable `p` that is neither		// `*p = 0` is a fixable gadget associated with a variable `p` that is neither
// warned nor reachable from a warned one. If we add `a[5] = 0` to the end of		// warned nor reachable from a warned one. If we add `a[5] = 0` to the end of
// the function above, `p` becomes reachable from a warned variable.		// the function above, `p` becomes reachable from a warned variable.
for (auto I = FixablesForAllVars.byVar.begin();		for (auto I = FixablesForAllVars.byVar.begin();
I != FixablesForAllVars.byVar.end();) {		I != FixablesForAllVars.byVar.end();) {
// Note `VisitedVars` contain all the variables in the graph:		// Note `VisitedVars` contain all the variables in the graph:
if (!VisitedVars.count((*I).first)) {		if (!VisitedVars.count((*I).first)) {
// no such var in graph:		// no such var in graph:
I = FixablesForAllVars.byVar.erase(I);		I = FixablesForAllVars.byVar.erase(I);
} else		} else
++I;		++I;
}		}
		NoQUnsubmitted Not Done Reply Inline Actions This entire loop can probably go away as soon as we stop relying on `FixablesForAllVars` and treat groups separately. Then we can probably even have different Strategy objects for different groups, so `getNaiveStrategy()` could also be invoked per-group? NoQ: This entire loop can probably go away as soon as we stop relying on `FixablesForAllVars` and…

Strategy NaiveStrategy = getNaiveStrategy(UnsafeVars);		// We assign strategies to variables that are 1) in the graph and 2) can be
		// fixed. Other variables have the default "Won't fix" strategy.
		Strategy NaiveStrategy = getNaiveStrategy(llvm::make_filter_range(
		VisitedVars, [&FixablesForAllVars](const VarDecl *V) {
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions `VisitedVars` are the set of variables on the computed graph. The previous `UnsafeVars` is a superset of it, including safe variables that have `FixableGadget`s discovered. We do not want to assign strategies other than `Won't fix` to those safe variables. ziqingluo-90: `VisitedVars` are the set of variables on the computed graph. The previous `UnsafeVars` is a…
		t-rasmudUnsubmitted Done Reply Inline Actions Would it make more sense (make the code more readable) if we renamed `UnsafeVars` to say, `FixableVars`? t-rasmud: Would it make more sense (make the code more readable) if we renamed `UnsafeVars` to say…
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions Oh, I just realized that `UnsafeVars` is now an unused variable. So let's remove it. `FixableVars` would be a better name for sure, since it is in fact the key set of `FixablesForAllVars.byVar`. ziqingluo-90: Oh, I just realized that `UnsafeVars` is now an unused variable. So let's remove it.
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions To correct myself, `VisitedVars` are the variables In the graph but it may not be a subset of "fixable variables". `VisitedVars` may contain variables that is not fixable, i.e., variables having no `FixableGadget` associated with. We should leave those unfixable variables being WON'T FIX. ziqingluo-90: To correct myself, `VisitedVars` are the variables In the graph but it may not be a subset of…
		// If a warned variable has no "Fixable", it is considered unfixable:
		return FixablesForAllVars.byVar.count(V);
		}));
VariableGroupsManagerImpl VarGrpMgr(Groups, VarGrpMap, GrpsUnionForParms);		VariableGroupsManagerImpl VarGrpMgr(Groups, VarGrpMap, GrpsUnionForParms);

if (isa<NamedDecl>(D))		if (isa<NamedDecl>(D))
// The only case where `D` is not a `NamedDecl` is when `D` is a		// The only case where `D` is not a `NamedDecl` is when `D` is a
// `BlockDecl`. Let's not fix variables in blocks for now		// `BlockDecl`. Let's not fix variables in blocks for now
FixItsForVariableGroup =		FixItsForVariableGroup =
getFixIts(FixablesForAllVars, NaiveStrategy, D->getASTContext(), D,		getFixIts(FixablesForAllVars, NaiveStrategy, D->getASTContext(), D,
		NoQUnsubmitted Not Done Reply Inline Actions I guess the next step is to call this function separately for each group? NoQ: I guess the next step is to call this function separately for each group?
Tracker, Handler, VarGrpMgr);		Tracker, Handler, VarGrpMgr);

for (const auto &G : UnsafeOps.noVar) {		for (const auto &G : UnsafeOps.noVar) {
Handler.handleUnsafeOperation(G->getBaseStmt(), /IsRelatedToDecl=/false);		Handler.handleUnsafeOperation(G->getBaseStmt(), /IsRelatedToDecl=/false);
}		}

for (const auto &[VD, WarningGadgets] : UnsafeOps.byVar) {		for (const auto &[VD, WarningGadgets] : UnsafeOps.byVar) {
auto FixItsIt = FixItsForVariableGroup.find(VD);		auto FixItsIt = FixItsForVariableGroup.find(VD);
Show All 10 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-multi-parm-span.cpp

Show All 21 Lines	void parmsSingleton(int *p) { //expected-warning{{'p' is an unsafe pointer used for buffer access}} \
// CHECK: fix-it:{{.*}}:{[[@LINE+3]]:3-[[@LINE+3]]:12}:"std::span<int> a"		// CHECK: fix-it:{{.*}}:{[[@LINE+3]]:3-[[@LINE+3]]:12}:"std::span<int> a"
// CHECK: fix-it:{{.*}}:{[[@LINE+2]]:13-[[@LINE+2]]:13}:"{"		// CHECK: fix-it:{{.*}}:{[[@LINE+2]]:13-[[@LINE+2]]:13}:"{"
// CHECK: fix-it:{{.*}}:{[[@LINE+1]]:24-[[@LINE+1]]:24}:", 10}"		// CHECK: fix-it:{{.*}}:{[[@LINE+1]]:24-[[@LINE+1]]:24}:", 10}"
int * a = new int[10];		int * a = new int[10];
// CHECK: fix-it:{{.*}}:{[[@LINE+1]]:3-[[@LINE+1]]:10}:"std::span<int> b"		// CHECK: fix-it:{{.*}}:{[[@LINE+1]]:3-[[@LINE+1]]:10}:"std::span<int> b"
int * b; //expected-warning{{'b' is an unsafe pointer used for buffer access}} \		int * b; //expected-warning{{'b' is an unsafe pointer used for buffer access}} \
expected-note{{change type of 'b' to 'std::span' to preserve bounds information, and change 'a' to 'std::span' to propagate bounds information between them}}		expected-note{{change type of 'b' to 'std::span' to preserve bounds information, and change 'a' to 'std::span' to propagate bounds information between them}}

b = a;		b = a;
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions Both `b` and `a` will be changed to have `std::span` type. So this assignment needs no fix-it. Same reason applies to similar changes in the rest of this test file. ziqingluo-90: Both `b` and `a` will be changed to have `std::span` type. So this assignment needs no fix-it.
b[5] = 5; // expected-note{{used in buffer access here}}		b[5] = 5; // expected-note{{used in buffer access here}}
p[5] = 5; // expected-note{{used in buffer access here}}		p[5] = 5; // expected-note{{used in buffer access here}}
}		}


// Parameters other than `r` all will be fixed		// Parameters other than `r` all will be fixed
// CHECK: fix-it:{{.*}}:{[[@LINE+15]]:24-[[@LINE+15]]:30}:"std::span<int> p"		// CHECK: fix-it:{{.*}}:{[[@LINE+15]]:24-[[@LINE+15]]:30}:"std::span<int> p"
// CHECK fix-it:{{.}}:{[[@LINE+14]]:32-[[@LINE+14]]:39}:"std::span<int > q"		// CHECK fix-it:{{.}}:{[[@LINE+14]]:32-[[@LINE+14]]:39}:"std::span<int > q"
Show All 24 Lines
}		}

void * multiParmAllFix(int p, int q, int a[], int r);		void * multiParmAllFix(int p, int q, int a[], int r);
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:1-[[@LINE-1]]:1}:"{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} "		// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:1-[[@LINE-1]]:1}:"{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} "
// CHECK: fix-it:{{.}}:{[[@LINE-2]]:58-[[@LINE-2]]:58}:";\nvoid multiParmAllFix(std::span<int> p, std::span<int > q, std::span<int> a, int r)"		// CHECK: fix-it:{{.}}:{[[@LINE-2]]:58-[[@LINE-2]]:58}:";\nvoid multiParmAllFix(std::span<int> p, std::span<int > q, std::span<int> a, int r)"

// Fixing local variables implicates fixing parameters		// Fixing local variables implicates fixing parameters
void multiParmLocalAllFix(int p, int r) {		void multiParmLocalAllFix(int p, int r) {
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:28-[[@LINE-1]]:34}:"std::span<int> p"		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]]:
// CHECK: fix-it:{{.*}}:{[[@LINE-2]]:36-[[@LINE-2]]:43}:"std::span<int> r"		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]:
// CHECK: fix-it:{{.*}}:{[[@LINE+1]]:3-[[@LINE+1]]:10}:"std::span<int> x"		int * x; // expected-warning{{'x' is an unsafe pointer used for buffer access}}
int * x; // expected-warning{{'x' is an unsafe pointer used for buffer access}} \		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]:
expected-note{{change type of 'x' to 'std::span' to preserve bounds information, and change 'p', 'z', and 'r' to safe types to make function 'multiParmLocalAllFix' bounds-safe}}		int * z; // expected-warning{{'z' is an unsafe pointer used for buffer access}}
// CHECK: fix-it:{{.*}}:{[[@LINE+1]]:3-[[@LINE+1]]:10}:"std::span<int> z"
int * z; // expected-warning{{'z' is an unsafe pointer used for buffer access}} \
expected-note{{change type of 'z' to 'std::span' to preserve bounds information, and change 'x', 'p', and 'r' to safe types to make function 'multiParmLocalAllFix' bounds-safe}}
int * y;		int * y;

x = p;		x = p;
y = x;		y = x; // FIXME: we do not fix `y = x` here as the `.data()` fix-it is not generally correct
// `x` needs to be fixed so does the pointer assigned to `x`, i.e.,`p`		// `x` needs to be fixed so does the pointer assigned to `x`, i.e.,`p`
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions `y` does not have to be changed to a safe-type while `x` does. So we need to fix this assignment. Same reason applies to similar changes in the rest of this test file. ziqingluo-90: `y` does not have to be changed to a safe-type while `x` does. So we need to fix this…
x[5] = 5; // expected-note{{used in buffer access here}}		x[5] = 5; // expected-note{{used in buffer access here}}
z = r;		z = r;
// `z` needs to be fixed so does the pointer assigned to `z`, i.e.,`r`		// `z` needs to be fixed so does the pointer assigned to `z`, i.e.,`r`
z[5] = 5; // expected-note{{used in buffer access here}}		z[5] = 5; // expected-note{{used in buffer access here}}
// Since `p` and `r` are parameters need to be fixed together,		// Since `p` and `r` are parameters need to be fixed together,
// fixing `x` involves fixing all `p`, `r` and `z`. Similar for		// fixing `x` involves fixing all `p`, `r` and `z`. Similar for
// fixing `z`.		// fixing `z`.
}		}
// CHECK: fix-it:{{.}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void multiParmLocalAllFix(int p, int * r) {return multiParmLocalAllFix(std::span<int>(p, <# size #>), std::span<int>(r, <# size #>));}\n"		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]]:


// Fixing parameters implicates fixing local variables		// Fixing parameters implicates fixing local variables
// CHECK: fix-it:{{.*}}:{[[@LINE+2]]:29-[[@LINE+2]]:35}:"std::span<int> p"		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]:
// CHECK: fix-it:{{.*}}:{[[@LINE+1]]:37-[[@LINE+1]]:44}:"std::span<int> r"
void multiParmLocalAllFix2(int p, int r) { // expected-warning{{'p' is an unsafe pointer used for buffer access}} \		void multiParmLocalAllFix2(int p, int r) { // expected-warning{{'p' is an unsafe pointer used for buffer access}} \
expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'x', 'r', and 'z' to safe types to make function 'multiParmLocalAllFix2' bounds-safe}} \		expected-warning{{'r' is an unsafe pointer used for buffer access}}
expected-warning{{'r' is an unsafe pointer used for buffer access}} \
expected-note{{change type of 'r' to 'std::span' to preserve bounds information, and change 'p', 'x', and 'z' to safe types to make function 'multiParmLocalAllFix2' bounds-safe}}
int * x = new int[10];		int * x = new int[10];
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:3-[[@LINE-1]]:12}:"std::span<int> x"		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]]:
// CHECK: fix-it:{{.*}}:{[[@LINE-2]]:13-[[@LINE-2]]:13}:"{"
// CHECK: fix-it:{{.*}}:{[[@LINE-3]]:24-[[@LINE-3]]:24}:", 10}"
int * z = new int[10];		int * z = new int[10];
// CHECK: fix-it:{{.*}}:{[[@LINE-1]]:3-[[@LINE-1]]:12}:"std::span<int> z"		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]]:
// CHECK: fix-it:{{.*}}:{[[@LINE-2]]:13-[[@LINE-2]]:13}:"{"
// CHECK: fix-it:{{.*}}:{[[@LINE-3]]:24-[[@LINE-3]]:24}:", 10}"
int * y;		int * y;

p = x;		p = x;
y = x;		y = x; // FIXME: we do not fix `y = x` here as the `.data()` fix-it is not generally correct
p[5] = 5; // expected-note{{used in buffer access here}}		p[5] = 5; // expected-note{{used in buffer access here}}
r = z;		r = z;
r[5] = 5; // expected-note{{used in buffer access here}}		r[5] = 5; // expected-note{{used in buffer access here}}
}		}
// CHECK: fix-it:{{.}}:{[[@LINE-1]]:2-[[@LINE-1]]:2}:"\n{{\[}}{{\[}}clang::unsafe_buffer_usage{{\]}}{{\]}} void multiParmLocalAllFix2(int p, int * r) {return multiParmLocalAllFix2(std::span<int>(p, <# size #>), std::span<int>(r, <# size #>));}\n"		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE-1]]:


// No fix emitted for any of the parameter since parameter `r` cannot be fixed		// No fix emitted for any of the parameter since parameter `r` cannot be fixed
// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]		// CHECK-NOT: fix-it:{{.*}}:{[[@LINE+1]]
void noneParmFix(int * p, int * q, int * r) { // expected-warning{{'p' is an unsafe pointer used for buffer access}} \		void noneParmFix(int * p, int * q, int * r) { // expected-warning{{'p' is an unsafe pointer used for buffer access}} \
expected-warning{{'q' is an unsafe pointer used for buffer access}} \		expected-warning{{'q' is an unsafe pointer used for buffer access}} \
expected-warning{{'r' is an unsafe pointer used for buffer access}}		expected-warning{{'r' is an unsafe pointer used for buffer access}}
int tmp = p[5]; // expected-note{{used in buffer access here}}		int tmp = p[5]; // expected-note{{used in buffer access here}}
▲ Show 20 Lines • Show All 191 Lines • Show Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-fixits-test.cpp

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits -fsafe-buffer-usage-suggestions %s 2>&1 \| FileCheck %s		// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits -fsafe-buffer-usage-suggestions %s 2>&1 \| FileCheck %s

void foo1a() {		void foo1a() {
int *r = new int[7];		int *r = new int[7];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"
int *p = new int[4];		int *p = new int[4];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"
p = r;		p = r;
int tmp = p[9];		int tmp = p[9];
int *q;		int *q;
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
q = r;		q = r; // FIXME: we do not fix `q = r` here as the `.data()` fix-it is not generally correct
}		}

void foo1b() {		void foo1b() {
int *r = new int[7];		int *r = new int[7];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"		// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"
int *p = new int[4];		int *p = new int[4];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"		// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"
p = r;		p = r;
int tmp = p[9];		int tmp = p[9];
int *q = new int[4];		int *q = new int[4];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"		// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"
q = r;		q = r;
tmp = q[9];		tmp = q[9];
}		}

void foo1c() {		void foo1c() {
int *r = new int[7];		int *r = new int[7];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"
int *p = new int[4];		int *p = new int[4];
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
p = r;		p = r; // FIXME: we do not fix `p = r` here as the `.data()` fix-it is not generally correct
int tmp = r[9];		int tmp = r[9];
int *q;		int *q;
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
q = r;		q = r;
tmp = q[9];		tmp = q[9];
}		}

void foo2a() {		void foo2a() {
int *r = new int[7];		int *r = new int[7];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"		// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"
int *p = new int[5];		int *p = new int[5];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 5}"		// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 5}"
int *q = new int[4];		int *q = new int[4];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"		// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"
p = q;		p = q;
int tmp = p[8];		int tmp = p[8];
q = r;		q = r;
}		}

void foo2b() {		void foo2b() {
int *r = new int[7];		int *r = new int[7];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"
int *p = new int[5];		int *p = new int[5];
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 5}"
int *q = new int[4];		int *q = new int[4];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		p = q; // FIXME: we do not fix `p = q` here as the `.data()` fix-it is not generally correct
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"
p = q;
int tmp = q[8];		int tmp = q[8];
q = r;		q = r;
}		}

void foo2c() {		void foo2c() {
int *r = new int[7];		int *r = new int[7];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
Show All 9 Lines	void foo2c() {
p = q;		p = q;
int tmp = p[8];		int tmp = p[8];
q = r;		q = r;
tmp = q[8];		tmp = q[8];
}		}

void foo3a() {		void foo3a() {
int *r = new int[7];		int *r = new int[7];
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
int *p = new int[5];		int *p = new int[5];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 5}"
int *q = new int[4];		int *q = new int[4];
// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> q"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
q = p;		q = p; // FIXME: we do not fix `q = p` here as the `.data()` fix-it is not generally correct
int tmp = p[8];		int tmp = p[8];
q = r;		q = r;
}		}

void foo3b() {		void foo3b() {
int *r = new int[10];		int *r = new int[10];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
Show All 13 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-ptr-init-fixits.cpp

Show First 20 Lines • Show All 56 Lines • ▼ Show 20 Lines	void rhs_span3() {
p[5] = 10;		p[5] = 10;
int *r = q;		int *r = q;
}		}

void test_grouping() {		void test_grouping() {
int *z = new int[8];		int *z = new int[8];
int tmp;		int tmp;
int *y = new int[10];		int *y = new int[10];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> y"		// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
tmp = y[5];		tmp = y[5];

int *x = new int[10];		int *x = new int[10];
x = y;		x = y; // FIXME: we do not fix `x = y` here as the `.data()` fix-it is not generally correct

int *w = z;		int *w = z;
}		}

void test_crash() {		void test_crash() {
int *r = new int[8];		int *r = new int[8];
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"
// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"		// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
Show All 10 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-ptr-init.cpp

Show All 20 Lines	void rhs_span2() {
int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' to 'std::span' to propagate bounds information between them}}		int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' to 'std::span' to propagate bounds information between them}}
p[5] = 10; // expected-note{{used in buffer access here}}		p[5] = 10; // expected-note{{used in buffer access here}}
}		}

// FIXME: Suggest fixits for p, q, and r since span a valid fixit for r.		// FIXME: Suggest fixits for p, q, and r since span a valid fixit for r.
void rhs_span3() {		void rhs_span3() {
int *q = new int[6];		int *q = new int[6];
int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}}		int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}}
p[5] = 10; // expected-note{{used in buffer access here}}		p[5] = 10; // expected-note{{used in buffer access here}}
		ziqingluo-90AuthorUnsubmitted Done Reply Inline Actions We now support to fix `int r = q`. So all the unsafe variables can be fixed. ziqingluo-90:* We now support to fix ` int *r = q`. So all the unsafe variables can be fixed.
int *r = q;		int r = q; // FIXME: we do not fix `int r = q` here as the `.data()` fix-it is not generally correct
}		}

void test_grouping() {		void test_grouping() {
int *z = new int[8];		int *z = new int[8];
int tmp;		int tmp;
int *y = new int[10]; // expected-warning{{'y' is an unsafe pointer used for buffer access}} expected-note{{change type of 'y' to 'std::span' to preserve bounds information}}		int *y = new int[10]; // expected-warning{{'y' is an unsafe pointer used for buffer access}}
tmp = y[5]; // expected-note{{used in buffer access here}}		tmp = y[5]; // expected-note{{used in buffer access here}}

int *x = new int[10];		int *x = new int[10];
x = y;		x = y; // FIXME: we do not fix `x = y` here as the `.data()` fix-it is not generally correct

int *w = z;		int *w = z;
}		}

void test_crash() {		void test_crash() {
int *r = new int[8];		int *r = new int[8];
int *q = r;		int *q = r;
int *p; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}		int *p; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}
p = q;		p = q;
int tmp = p[9]; // expected-note{{used in buffer access here}}		int tmp = p[9]; // expected-note{{used in buffer access here}}
}		}

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-uuc-fixits.cpp

	// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \			// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
	// RUN: -fsafe-buffer-usage-suggestions \			// RUN: -fsafe-buffer-usage-suggestions \
	// RUN: -fdiagnostics-parseable-fixits %s 2>&1 \| FileCheck %s			// RUN: -fdiagnostics-parseable-fixits %s 2>&1 \| FileCheck %s

	void bar(int * param) {}			void bar(int * param) {}

	void foo1a() {			void foo1a() {
	int *r = new int[7];			int *r = new int[7];
	// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"			// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
	// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
	// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"
	int *p = new int[4];			int *p = new int[4];
	// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"			// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
	// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
	// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 4}"
	p = r;			p = r;
	int tmp = p[9];			int tmp = p[9];
	int *q;			int *q;
	q = r;			q = r; // FIXME: we do not fix `q = r` here as the `.data()` fix-it is not generally correct
	}			}

	void uuc_if_body() {			void uuc_if_body() {
	int *r = new int[7];			int *r = new int[7];
	// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"			// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> r"
	// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"			// CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
	// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"			// CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:22-[[@LINE-3]]:22}:", 7}"
	int *p = new int[4];			int *p = new int[4];
	▲ Show 20 Lines • Show All 77 Lines • Show Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-uuc.cpp

	// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fsafe-buffer-usage-suggestions -verify %s			// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fsafe-buffer-usage-suggestions -verify %s
	void bar(int * param) {}			void bar(int * param) {}

	void foo1a() {			void foo1a() {
	int *r = new int[7];			int *r = new int[7];
	int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'r' to 'std::span' to propagate bounds information between them}}			int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}}
	p = r;			p = r;
	int tmp = p[9]; // expected-note{{used in buffer access here}}			int tmp = p[9]; // expected-note{{used in buffer access here}}
	int *q;			int *q;
	q = r;			q = r; // FIXME: we do not fix `q = r` here as the `.data()` fix-it is not generally correct
	}			}

	void uuc_if_body() {			void uuc_if_body() {
	int *r = new int[7];			int *r = new int[7];
	int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} // expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'r' to 'std::span' to propagate bounds information between them}}			int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} // expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'r' to 'std::span' to propagate bounds information between them}}
	if (true)			if (true)
	p = r;			p = r;
	p[5] = 4; // expected-note{{used in buffer access here}}			p[5] = 4; // expected-note{{used in buffer access here}}
	▲ Show 20 Lines • Show All 79 Lines • Show Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-warnings.cpp

Show All 12 Lines	void local_assign_both_span() {
tmp = q[4]; // expected-note{{used in buffer access here}}		tmp = q[4]; // expected-note{{used in buffer access here}}

q = p;		q = p;
}		}

void local_assign_rhs_span() {		void local_assign_rhs_span() {
int tmp;		int tmp;
int* p = new int[10];		int* p = new int[10];
int* q = new int[10]; // expected-warning{{'q' is an unsafe pointer used for buffer access}} expected-note{{change type of 'q' to 'std::span' to preserve bounds information}}		int* q = new int[10]; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
tmp = q[4]; // expected-note{{used in buffer access here}}		tmp = q[4]; // expected-note{{used in buffer access here}}
p = q;		p = q; // FIXME: we do not fix `p = q` here as the `.data()` fix-it is not generally correct
}		}

void local_assign_no_span() {		void local_assign_no_span() {
int tmp;		int tmp;
int* p = new int[10];		int* p = new int[10];
int* q = new int[10];		int* q = new int[10];
p = q;		p = q;
}		}
Show All 12 Lines	void lhs_span_multi_assign() {
int *b = a;		int *b = a;
int *c = b;		int *c = b;
int *d = c; // expected-warning{{'d' is an unsafe pointer used for buffer access}} expected-note{{change type of 'd' to 'std::span' to preserve bounds information, and change 'c', 'b', and 'a' to 'std::span' to propagate bounds information between them}}		int *d = c; // expected-warning{{'d' is an unsafe pointer used for buffer access}} expected-note{{change type of 'd' to 'std::span' to preserve bounds information, and change 'c', 'b', and 'a' to 'std::span' to propagate bounds information between them}}
int tmp = d[2]; // expected-note{{used in buffer access here}}		int tmp = d[2]; // expected-note{{used in buffer access here}}
}		}

void rhs_span() {		void rhs_span() {
int *x = new int[3];		int *x = new int[3];
int *y; // expected-warning{{'y' is an unsafe pointer used for buffer access}} expected-note{{change type of 'y' to 'std::span' to preserve bounds information}}		int *y; // expected-warning{{'y' is an unsafe pointer used for buffer access}}
y[5] = 10; // expected-note{{used in buffer access here}}		y[5] = 10; // expected-note{{used in buffer access here}}

x = y;		x = y; // FIXME: we do not fix `x = y` here as the `.data()` fix-it is not generally correct
}		}

void rhs_span1() {		void rhs_span1() {
int *q = new int[12];		int *q = new int[12];
int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}		int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}
p[5] = 10; // expected-note{{used in buffer access here}}		p[5] = 10; // expected-note{{used in buffer access here}}
int *r = q; // expected-warning{{'r' is an unsafe pointer used for buffer access}} expected-note{{change type of 'r' to 'std::span' to preserve bounds information, and change 'p' and 'q' to 'std::span' to propagate bounds information between them}}		int *r = q; // expected-warning{{'r' is an unsafe pointer used for buffer access}} expected-note{{change type of 'r' to 'std::span' to preserve bounds information, and change 'p' and 'q' to 'std::span' to propagate bounds information between them}}
r[10] = 5; // expected-note{{used in buffer access here}}		r[10] = 5; // expected-note{{used in buffer access here}}
}		}

void rhs_span2() {		void rhs_span2() {
int *q = new int[6];		int *q = new int[6];
int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}}		int *p = q; // expected-warning{{'p' is an unsafe pointer used for buffer access}}
p[5] = 10; // expected-note{{used in buffer access here}}		p[5] = 10; // expected-note{{used in buffer access here}}
int *r = q;		int r = q; // FIXME: we do not fix `int r = q` here as the `.data()` fix-it is not generally correct
}		}

void test_grouping() {		void test_grouping() {
int *z = new int[8];		int *z = new int[8];
int tmp;		int tmp;
int *y = new int[10]; // expected-warning{{'y' is an unsafe pointer used for buffer access}} expected-note{{change type of 'y' to 'std::span' to preserve bounds information}}		int *y = new int[10]; // expected-warning{{'y' is an unsafe pointer used for buffer access}}
tmp = y[5]; // expected-note{{used in buffer access here}}		tmp = y[5]; // expected-note{{used in buffer access here}}

int *x = new int[10];		int *x = new int[10];
x = y;		x = y; // FIXME: we do not fix `x = y` here as the `.data()` fix-it is not generally correct

int *w = z;		int *w = z;
}		}

void test_grouping1() {		void test_grouping1() {
int tmp;		int tmp;
int *y = new int[10]; // expected-warning{{'y' is an unsafe pointer used for buffer access}} expected-note{{change type of 'y' to 'std::span' to preserve bounds information}}		int *y = new int[10]; // expected-warning{{'y' is an unsafe pointer used for buffer access}}
tmp = y[5]; // expected-note{{used in buffer access here}}		tmp = y[5]; // expected-note{{used in buffer access here}}
int *x = new int[10];		int *x = new int[10];
x = y;		x = y; // FIXME: we do not fix `x = y` here as the `.data()` fix-it is not generally correct

int *w = new int[10]; // expected-warning{{'w' is an unsafe pointer used for buffer access}} expected-note{{change type of 'w' to 'std::span' to preserve bounds information}}		int *w = new int[10]; // expected-warning{{'w' is an unsafe pointer used for buffer access}}
tmp = w[5]; // expected-note{{used in buffer access here}}		tmp = w[5]; // expected-note{{used in buffer access here}}
int *z = new int[10];		int *z = new int[10];
z = w;		z = w; // FIXME: we do not fix `z = w` here as the `.data()` fix-it is not generally correct
}		}

void foo1a() {		void foo1a() {
int *r = new int[7];		int *r = new int[7];
int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'r' to 'std::span' to propagate bounds information between them}}		int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}}
p = r;		p = r;
int tmp = p[9]; // expected-note{{used in buffer access here}}		int tmp = p[9]; // expected-note{{used in buffer access here}}
int *q;		int *q;
q = r;		q = r; // FIXME: we do not fix `q = r` here as the `.data()` fix-it is not generally correct
}		}

void foo1b() {		void foo1b() {
int *r = new int[7];		int *r = new int[7];
int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'r' and 'q' to 'std::span' to propagate bounds information between them}}		int *p = new int[4]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'r' and 'q' to 'std::span' to propagate bounds information between them}}
p = r;		p = r;
int tmp = p[9]; // expected-note{{used in buffer access here}}		int tmp = p[9]; // expected-note{{used in buffer access here}}
int *q; // expected-warning{{'q' is an unsafe pointer used for buffer access}} expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'p' and 'r' to 'std::span' to propagate bounds information between them}}		int *q; // expected-warning{{'q' is an unsafe pointer used for buffer access}} expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'p' and 'r' to 'std::span' to propagate bounds information between them}}
q = r;		q = r;
tmp = q[9]; // expected-note{{used in buffer access here}}		tmp = q[9]; // expected-note{{used in buffer access here}}
}		}

void foo1c() {		void foo1c() {
int *r = new int[7]; // expected-warning{{'r' is an unsafe pointer used for buffer access}} expected-note{{change type of 'r' to 'std::span' to preserve bounds information, and change 'q' to 'std::span' to propagate bounds information between them}}		int *r = new int[7]; // expected-warning{{'r' is an unsafe pointer used for buffer access}}
int *p = new int[4];		int *p = new int[4];
p = r;		p = r; // FIXME: we do not fix `p = r` here as the `.data()` fix-it is not generally correct
int tmp = r[9]; // expected-note{{used in buffer access here}}		int tmp = r[9]; // expected-note{{used in buffer access here}}
int *q; // expected-warning{{'q' is an unsafe pointer used for buffer access}} expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'r' to 'std::span' to propagate bounds information between them}}		int *q; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
q = r;		q = r; // FIXME: we do not fix `q = r` here as the `.data()` fix-it is not generally correct
tmp = q[9]; // expected-note{{used in buffer access here}}		tmp = q[9]; // expected-note{{used in buffer access here}}
}		}

void foo2a() {		void foo2a() {
int *r = new int[7];		int *r = new int[7];
int *p = new int[5]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}		int *p = new int[5]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}
int *q = new int[4];		int *q = new int[4];
p = q;		p = q;
int tmp = p[8]; // expected-note{{used in buffer access here}}		int tmp = p[8]; // expected-note{{used in buffer access here}}
q = r;		q = r;
}		}

void foo2b() {		void foo2b() {
int *r = new int[7];		int *r = new int[7];
int *p = new int[5];		int *p = new int[5];
int *q = new int[4]; // expected-warning{{'q' is an unsafe pointer used for buffer access}} expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'r' to 'std::span' to propagate bounds information between them}}		int *q = new int[4]; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
p = q;		p = q; // FIXME: we do not fix `p = q` here as the `.data()` fix-it is not generally correct
int tmp = q[8]; // expected-note{{used in buffer access here}}		int tmp = q[8]; // expected-note{{used in buffer access here}}
q = r;		q = r;
}		}

void foo2c() {		void foo2c() {
int *r = new int[7];		int *r = new int[7];
int *p = new int[5]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}		int *p = new int[5]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information, and change 'q' and 'r' to 'std::span' to propagate bounds information between them}}
int *q = new int[4]; // expected-warning{{'q' is an unsafe pointer used for buffer access}} expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'p' and 'r' to 'std::span' to propagate bounds information between them}}		int *q = new int[4]; // expected-warning{{'q' is an unsafe pointer used for buffer access}} expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'p' and 'r' to 'std::span' to propagate bounds information between them}}
p = q;		p = q;
int tmp = p[8]; // expected-note{{used in buffer access here}}		int tmp = p[8]; // expected-note{{used in buffer access here}}
q = r;		q = r;
tmp = q[8]; // expected-note{{used in buffer access here}}		tmp = q[8]; // expected-note{{used in buffer access here}}
}		}

void foo3a() {		void foo3a() {
int *r = new int[7];		int *r = new int[7];
int *p = new int[5]; // expected-warning{{'p' is an unsafe pointer used for buffer access}} expected-note{{change type of 'p' to 'std::span' to preserve bounds information}}		int *p = new int[5]; // expected-warning{{'p' is an unsafe pointer used for buffer access}}
int *q = new int[4];		int *q = new int[4];
q = p;		q = p; // FIXME: we do not fix `q = p` here as the `.data()` fix-it is not generally correct
int tmp = p[8]; // expected-note{{used in buffer access here}}		int tmp = p[8]; // expected-note{{used in buffer access here}}
q = r;		q = r;
}		}

void foo3b() {		void foo3b() {
int *r = new int[7];		int *r = new int[7];
int *p = new int[5];		int *p = new int[5];
int *q = new int[4]; // expected-warning{{'q' is an unsafe pointer used for buffer access}} //expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'r' and 'p' to 'std::span' to propagate bounds information between them}}		int *q = new int[4]; // expected-warning{{'q' is an unsafe pointer used for buffer access}} //expected-note{{change type of 'q' to 'std::span' to preserve bounds information, and change 'r' and 'p' to 'std::span' to propagate bounds information between them}}
▲ Show 20 Lines • Show All 178 Lines • Show Last 20 Lines

clang/test/SemaCXX/warn-unsafe-buffer-usage-pragma-fixit.cpp

	Show First 20 Lines • Show All 168 Lines • ▼ Show 20 Lines
	// operation on `c` is not suppressed. Only variable `c` will be fixed			// operation on `c` is not suppressed. Only variable `c` will be fixed
	// then.			// then.
	void suppressedVarInGroup3() {			void suppressedVarInGroup3() {
	int * a;			int * a;
	// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:			// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
	int * b;			int * b;
	// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:			// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:
	int * c;			int * c;
	// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:10}:"std::span<int> c"			// CHECK-NOT: fix-it:"{{.*}}":{[[@LINE-1]]:

	c[5] = 5;			c[5] = 5;
	#pragma clang unsafe_buffer_usage begin			#pragma clang unsafe_buffer_usage begin
	b[5] = 5;			b[5] = 5;
	#pragma clang unsafe_buffer_usage end			#pragma clang unsafe_buffer_usage end
	a = b;			a = b;
	b = c;			b = c;
				// FIXME: we do not fix `a = b` and `b = c` because the `.data()` fix-it is not generally correct.
	}			}

	// The implication edges are: `a` -> `b` -> `c` -> `a`.			// The implication edges are: `a` -> `b` -> `c` -> `a`.
	// The unsafe operation on `b` is supressed, while the unsafe			// The unsafe operation on `b` is supressed, while the unsafe
	// operation on `c` is not suppressed. Since the implication graph			// operation on `c` is not suppressed. Since the implication graph
	// forms a cycle, all variables will be fixed.			// forms a cycle, all variables will be fixed.
	void suppressedVarInGroup4() {			void suppressedVarInGroup4() {
	int * a;			int * a;
	▲ Show 20 Lines • Show All 42 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[-Wunsafe-buffer-usage] Use `Strategy` to determine whether to fix a parameterClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 557209

clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h

clang/lib/Analysis/UnsafeBufferUsage.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-multi-parm-span.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-fixits-test.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-ptr-init-fixits.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-ptr-init.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-uuc-fixits.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-uuc.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-multi-decl-warnings.cpp

clang/test/SemaCXX/warn-unsafe-buffer-usage-pragma-fixit.cpp

[-Wunsafe-buffer-usage] Use `Strategy` to determine whether to fix a parameter
ClosedPublic