This is an archive of the discontinued LLVM Phabricator instance.

[clang-tidy] [bugprone-implicit-widening-of-multiplication-result] Improved check to ignore false positives with integer literals.
AbandonedPublic

Authored by felix642 on Aug 19 2023, 10:10 AM.

Download Raw Diff

Details

Reviewers

njames93
lebedev.ri
aaron.ballman

Summary

The following code is safe and should not trigger the warning
constexpr std::size_t k1Mb = 1024 * 1024;

Fixes #64732

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

felix642 created this revision.Aug 19 2023, 10:10 AM

Herald added a reviewer: njames93. · View Herald TranscriptAug 19 2023, 10:10 AM

Herald added a project: Restricted Project. · View Herald Transcript

Herald added subscribers: PiotrZSL, carlosgalvezp, xazax.hun. · View Herald Transcript

felix642 requested review of this revision.Aug 19 2023, 10:10 AM

Herald added a project: Restricted Project. · View Herald TranscriptAug 19 2023, 10:10 AM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Fixed format

felix642 added a reviewer: lebedev.ri.Aug 19 2023, 10:18 AM

Herald added a subscriber: StephenFan. · View Herald TranscriptAug 19 2023, 10:18 AM

felix642 added a reviewer: aaron.ballman.Aug 19 2023, 10:19 AM

Harbormaster completed remote builds in B253670: Diff 551771.Aug 19 2023, 10:42 AM

I'm not sure if this is right fix, example:

const std::size_t k1Tb = 1024 * 1024 * 1024 * 1024;

This is detected by -Winteger-overflow, but this:

const  std::size_t k1Pb =  1024U * 1024U * 1024U * 1024U * 1024U;

is not detect by anything except this check, even that it overflow to 0.
Funny thing that if we change those unsigned to signed, then its detected by -Winteger-overflow

For me we shoudn't silent those issues, if someone want they they can always put nolint or explicit cast, we could consider adding some basic calculations just to verify if there will be no overflow, but still proper way would be to provide warning that would say, hey, write this as: "1024LU * 1024LU"

In short I'm against simply ignoring literal calculations because this check is only thing that currently detect this issue: https://github.com/llvm/llvm-project/issues/64828

Hi @PiotrZSL thank you for taking the time to look at this revision.

I agree with you we should not silence a warning if no other tool can diagnose the issue. I'm guessing that -Winteger-overflow does no trigger any warning on unsigned "overflow" since behavior is well defined in the standard :

This implies that unsigned arithmetic does not overflow because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting unsigned integer type.

But on the other hand I have to agree with DenisYaroshevskiy that it is tedious to add a cast to every multiplication of integer literals on a large codebase. Especially when we know that those values do not overflow.

Maybe we should add some basic calculations when the operation is composed of integer literals, like you previously mentioned, to check if the operation actually overflows and print this warning if it does?
In that case we could also improve the fix-it and suggest to add LU or U instead of static_cast.

Yes doing some basic calculations would be probably the best, but for that we would need to implement some "calculator" or find some exist implementation some're in clang.
Even if it would support only basic operations like *

felix642 abandoned this revision.Sep 18 2023, 3:20 PM

Revision Contents

Path

Size

clang-tools-extra/

clang-tidy/

bugprone/

ImplicitWideningOfMultiplicationResultCheck.cpp

10 lines

docs/

ReleaseNotes.rst

4 lines

test/

clang-tidy/

checkers/

bugprone/

implicit-widening-of-multiplication-result-int.cpp

18 lines

Diff 551771

clang-tools-extra/clang-tidy/bugprone/ImplicitWideningOfMultiplicationResultCheck.cpp

Show All 28 Lines	static const Expr getLHSOfMulBinOp(const Expr E) {
// FIXME: shall we skip brackets/casts/etc?		// FIXME: shall we skip brackets/casts/etc?
const auto *BO = dyn_cast<BinaryOperator>(E);		const auto *BO = dyn_cast<BinaryOperator>(E);
if (!BO \|\| BO->getOpcode() != BO_Mul)		if (!BO \|\| BO->getOpcode() != BO_Mul)
// FIXME: what about: long r = int(x) + (int(y) * int(z)); ?		// FIXME: what about: long r = int(x) + (int(y) * int(z)); ?
return nullptr;		return nullptr;
return BO->getLHS()->IgnoreParens();		return BO->getLHS()->IgnoreParens();
}		}

		static bool hasIntegerLiteralOperators(const Expr *E) {
		const auto *BO = dyn_cast<BinaryOperator>(E);
		return isa<IntegerLiteral>(BO->getLHS()->IgnoreParenImpCasts()) &&
		isa<IntegerLiteral>(BO->getRHS()->IgnoreParenImpCasts());
		}

ImplicitWideningOfMultiplicationResultCheck::		ImplicitWideningOfMultiplicationResultCheck::
ImplicitWideningOfMultiplicationResultCheck(StringRef Name,		ImplicitWideningOfMultiplicationResultCheck(StringRef Name,
ClangTidyContext *Context)		ClangTidyContext *Context)
: ClangTidyCheck(Name, Context),		: ClangTidyCheck(Name, Context),
UseCXXStaticCastsInCppSources(		UseCXXStaticCastsInCppSources(
Options.get("UseCXXStaticCastsInCppSources", true)),		Options.get("UseCXXStaticCastsInCppSources", true)),
UseCXXHeadersInCppSources(Options.get("UseCXXHeadersInCppSources", true)),		UseCXXHeadersInCppSources(Options.get("UseCXXHeadersInCppSources", true)),
IncludeInserter(Options.getLocalOrGlobal("IncludeStyle",		IncludeInserter(Options.getLocalOrGlobal("IncludeStyle",
Show All 39 Lines	if (TgtWidth <= SrcWidth)
return;		return;

// Does the index expression look like it might be unintentionally computed		// Does the index expression look like it might be unintentionally computed
// in a narrower-than-wanted type?		// in a narrower-than-wanted type?
const Expr *LHS = getLHSOfMulBinOp(E);		const Expr *LHS = getLHSOfMulBinOp(E);
if (!LHS)		if (!LHS)
return;		return;

		// Widening multiplication on Integer Literals.
		if (hasIntegerLiteralOperators(E))
		return;

// Ok, looks like we should diagnose this.		// Ok, looks like we should diagnose this.
diag(E->getBeginLoc(), "performing an implicit widening conversion to type "		diag(E->getBeginLoc(), "performing an implicit widening conversion to type "
"%0 of a multiplication performed in type %1")		"%0 of a multiplication performed in type %1")
<< Ty << E->getType();		<< Ty << E->getType();

{		{
auto Diag = diag(E->getBeginLoc(),		auto Diag = diag(E->getBeginLoc(),
"make conversion explicit to silence this warning",		"make conversion explicit to silence this warning",
▲ Show 20 Lines • Show All 175 Lines • Show Last 20 Lines

clang-tools-extra/docs/ReleaseNotes.rst

	Show First 20 Lines • Show All 167 Lines • ▼ Show 20 Lines

	Changes in existing checks			Changes in existing checks
	^^^^^^^^^^^^^^^^^^^^^^^^^^			^^^^^^^^^^^^^^^^^^^^^^^^^^

	- Fixed bug in :doc:`bugprone-reserved-identifier			- Fixed bug in :doc:`bugprone-reserved-identifier
	<clang-tidy/checks/bugprone/reserved-identifier>`, so that it does not warn			<clang-tidy/checks/bugprone/reserved-identifier>`, so that it does not warn
	on macros starting with underscore and lowercase letter.			on macros starting with underscore and lowercase letter.

				- Improved :doc:`bugprone-implicit-widening-of-multiplication-result
				<clang-tidy/checks/bugprone/bugprone-implicit-widening-of-multiplication-result>`
				check to ignore false-positives with integer literals.

	- Improved :doc:`bugprone-lambda-function-name			- Improved :doc:`bugprone-lambda-function-name
	<clang-tidy/checks/bugprone/lambda-function-name>` check by adding option			<clang-tidy/checks/bugprone/lambda-function-name>` check by adding option
	`IgnoreMacros` to ignore warnings in macros.			`IgnoreMacros` to ignore warnings in macros.

	- Improved :doc:`cppcoreguidelines-avoid-non-const-global-variables			- Improved :doc:`cppcoreguidelines-avoid-non-const-global-variables
	<clang-tidy/checks/cppcoreguidelines/avoid-non-const-global-variables>` check			<clang-tidy/checks/cppcoreguidelines/avoid-non-const-global-variables>` check
	to ignore ``static`` variables declared within the scope of			to ignore ``static`` variables declared within the scope of
	``class``/``struct``.			``class``/``struct``.
	▲ Show 20 Lines • Show All 77 Lines • Show Last 20 Lines

clang-tools-extra/test/clang-tidy/checkers/bugprone/implicit-widening-of-multiplication-result-int.cpp

	Show First 20 Lines • Show All 101 Lines • ▼ Show 20 Lines
	}			}
	long n13(int a, long b) {			long n13(int a, long b) {
	return a * b;			return a * b;
	}			}

	long n14(int a, int b, int c) {			long n14(int a, int b, int c) {
	return a + b * c;			return a + b * c;
	}			}

	long n15(int a, int b, int c) {			long n15(int a, int b, int c) {
	return a * b + c;			return a * b + c;
	}			}

				unsigned long n16()
				{
				return (1024u) * 1024;
				}

				long n17(int a) {
				return a + 1024 * 1024;
				}

				long n18(int a)
				{
				return (a * 1024);
				// CHECK-NOTES-ALL: :[[@LINE-1]]:11: warning: performing an implicit widening conversion to type 'long' of a multiplication performed in type 'int'
				// CHECK-NOTES-ALL: :[[@LINE-2]]:11: note: make conversion explicit to silence this warning
				// CHECK-NOTES-ALL: :[[@LINE-3]]:11: note: perform multiplication in a wider type
				}

	#ifdef __cplusplus			#ifdef __cplusplus
	template <typename T1, typename T2>			template <typename T1, typename T2>
	T2 template_test(T1 a, T1 b) {			T2 template_test(T1 a, T1 b) {
	return a * b;			return a * b;
	}			}
	long template_test_instantiation(int a, int b) {			long template_test_instantiation(int a, int b) {
	return template_test<int, long>(a, b);			return template_test<int, long>(a, b);
	}			}
	#endif			#endif