This is an archive of the discontinued LLVM Phabricator instance.

Differential D40737

[clang-tidy] Resubmit hicpp-multiway-paths-covered without breaking test
ClosedPublic

Authored by JonasToth on Dec 1 2017, 10:15 AM.

Details

Reviewers
aaron.ballman
hokein
sbenza
klimek
Commits
rCTE328107: [clang-tidy] Resubmit hicpp-multiway-paths-covered without breaking test
Summary

The original check did break the green buildbot in the sanitizer build.
It took a while to redroduce and understand the issue.

There occured a stackoverflow while parsing the AST. The testcase with
256 case labels was the problem because each case label added another
stackframe. It seemed that the issue occured only in 'RelWithDebInfo' builds
and not in normal sanitizer builds.

To simplify the matchers the recognition for the different kinds of switch
statements has been moved into a seperate function and will not be done with
ASTMatchers. This is an attempt to reduce recursion and stacksize as well.

The new check removed this big testcase. Covering all possible values is still
implemented for bitfields and works there. The same logic on integer types
will lead to the issue.

Running it over LLVM gives the following results:

uncovered.txt45 KBDownload

mandatory_if.txt1 KBDownload

better_if.txt38 KBDownload

Diff Detail

Event Timeline

JonasToth created this revision.Dec 1 2017, 10:15 AM
Herald added subscribers: cfe-commits, xazax.hun, mgorny. · View Herald TranscriptDec 1 2017, 10:15 AM
aaron.ballman edited edge metadata.Dec 3 2017, 7:59 AM

I would like to see the large test case added back in -- it was demonstrating a real problem with the code and it would be good to ensure we don't regress that behavior again in the future.

JonasToth added a comment.Dec 4 2017, 3:55 AM

It does still regress! In a sense this is a WIP that i did not clarify.(which i do now)

While debugging the issue it seemed that parsing the AST did result in the stack overflow and not my check specific code.
Looping over all case Labels seems to be done in a recursive manner, which results in a massive stack (about 600 Frames or more while debugging). I am trying to better isolate the issue to be able to specify the problem more precise.

The odd thing to me was, that only the RelWithDebInfo build showed this behaviour. Building clang with MinSizeRel + Sanitizer did not show a stack overflow. I assume that the Debug Info increase the stack frame size. The release builds should overflow as well but with more case labels.

My goals for investigation:

  • Figure out exactly which part of the matcher is the problem
  • Rewrite the matchers and try to figure out a way to not use recursive functions to figure out the properties of the switch statement. Could information like CaseCount and hasDefault be interesting to have as member functions in the frontend? I think that can be added into Sema (i never touched anything there, so noo experience)
  • Figure out when the Release Build will stackoverflow.

Would it be acceptable to allow a Stackoverflow when there are thousands of case labels? If i understand correctly (and AST-dump suggests it as well) each case label is another layer in the tree. If that is true other parts of clang might suffer from a similar issue.

JonasToth retitled this revision from [clang-tidy] Resubmit hicpp-multiway-paths-covered without breaking test to [clang-tidy] WIP Resubmit hicpp-multiway-paths-covered without breaking test .Dec 4 2017, 3:56 AM
JonasToth added a comment.Dec 5 2017, 3:47 AM

@aaron.ballman I further investigated and the issue does not come directly from my code (at least thats what i believe) :)

If i change the matcher simply to

Finder->addMatcher(switchStmt().bind("switch"), this);

The overflow still occurs! I assume that the recursive natur of ASTVisitor causes that issue. How should we go further? Maybe ask klimek for some advice?

JonasToth added a reviewer: sbenza.Dec 5 2017, 9:31 AM
JonasToth updated this revision to Diff 125556.Dec 5 2017, 9:33 AM
JonasToth retitled this revision from [clang-tidy] WIP Resubmit hicpp-multiway-paths-covered without breaking test to [clang-tidy] WIP Resubmit hicpp-multiway-paths-covered without breaking test.
  • [Misc] comment out matcher, make compile and runnable
Herald added a subscriber: klimek. · View Herald TranscriptDec 5 2017, 9:33 AM
Harbormaster completed remote builds in B12757: Diff 125556.Dec 5 2017, 9:33 AM
JonasToth added a reviewer: klimek.Dec 5 2017, 9:39 AM
JonasToth added a comment.Dec 5 2017, 9:46 AM

@sbenza and @klimek the issue that occurs here is probably ASTMatchers related, thats why I added you.

The problem:

This patch introduces a stack overflow when building with RelWithDebInfo that is caught by the sanitizers. I isolated the issue in the big switch statements that has 256 case labels. On label 200 the overflow occurs, that is noted with a comment.
What I found while debugging is, that no matter which matcher I use the overflow occurs. The toplevel function is parseAST and then executing the frontend actions.

I think the problem is that every case label adds multiple recursive function calls coming from the nature of how case labels are stored in the AST. That produces the massive stack. Is there a way I could work around this Issue in the check?

JonasToth added a comment.Dec 29 2017, 10:46 AM

@sbenza and/or @klimek did you have time to address the stackoverflow caused from the ASTMatchers?

JonasToth retitled this revision from [clang-tidy] WIP Resubmit hicpp-multiway-paths-covered without breaking test to [clang-tidy] Resubmit hicpp-multiway-paths-covered without breaking test.Jan 7 2018, 4:31 AM
JonasToth added a comment.Jan 12 2018, 12:30 PM

@sbenza and/or @klimek did you have time to address the stackoverflow caused from the ASTMatchers?

I forgot to add the link to the original break: http://green.lab.llvm.org/green/job/clang-stage2-cmake-RgSan/5470/consoleFull#17462642768254eaf0-7326-4999-85b0-388101f2d404

JonasToth updated this revision to Diff 129686.Jan 12 2018, 12:35 PM
  • get up to date to 7.0
JonasToth added a comment.Mar 1 2018, 10:43 AM

After long inactivity (sorry!) i had a chance to look at it again:

switch(i) {
case 0:;
case 1:;
case 2:;
...
}

does *NOT* lead to the stack overflow. This is most likely an issue in the AST:
https://godbolt.org/g/vZw2BD

Empty case labels do nest, an empty statement prevents this. The nesting leads most likely to the deep recursion. I will file a bug for it.

lebedev.ri added a subscriber: lebedev.ri.Mar 2 2018, 11:21 AM
In D40737#1024120, @JonasToth wrote:

After long inactivity (sorry!) i had a chance to look at it again:

switch(i) {
case 0:;
case 1:;
case 2:;
...
}

does *NOT* lead to the stack overflow. This is most likely an issue in the AST:
https://godbolt.org/g/vZw2BD

Empty case labels do nest, an empty statement prevents this. The nesting leads most likely to the deep recursion. I will file a bug for it.

FWIW here are my 5 cent: this is a preexisting bug. Your testcase just happened to expose it.
I'd file the bug, and then simply adjust the testcases here not to trigger it and re-land this diff.

I'm not sure what is to be gained by not doing that.
Of course, the bug is a bug, and should be fixed, but it exists regardless of this differential...

aaron.ballman added a comment.Mar 2 2018, 11:34 AM
In D40737#1025777, @lebedev.ri wrote:
In D40737#1024120, @JonasToth wrote:

After long inactivity (sorry!) i had a chance to look at it again:

switch(i) {
case 0:;
case 1:;
case 2:;
...
}

does *NOT* lead to the stack overflow. This is most likely an issue in the AST:
https://godbolt.org/g/vZw2BD

Empty case labels do nest, an empty statement prevents this. The nesting leads most likely to the deep recursion. I will file a bug for it.

FWIW here are my 5 cent: this is a preexisting bug. Your testcase just happened to expose it.
I'd file the bug, and then simply adjust the testcases here not to trigger it and re-land this diff.

I'm not sure what is to be gained by not doing that.
Of course, the bug is a bug, and should be fixed, but it exists regardless of this differential...

Just because a particular check triggers an issue elsewhere doesn't mean we should gloss over the issue in the check. That just kicks the can farther down the road so that our users find the issue. In this case, the check is likely to push users *towards* discovering that AST bug rather than away from it which is why I'm giving the push-back.

alexfh removed a reviewer: alexfh.Mar 14 2018, 7:48 AM
JonasToth added a subscriber: rsmith.Mar 18 2018, 5:22 AM

Good news: The stack overflow seems to be fixed, by the patch r326624 from @rsmith (Thank you very much!).
Bad news: The check does not do its job anymore.... I try to fix the functionality problems.

JonasToth updated this revision to Diff 138849.Mar 18 2018, 7:23 AM
  • get the check working again
  • enable the big test
JonasToth updated this revision to Diff 138850.Mar 18 2018, 7:27 AM
  • reorder check in release notes to get it in alphabetical order
Harbormaster completed remote builds in B16187: Diff 138850.Mar 18 2018, 7:28 AM
JonasToth added a comment.Mar 18 2018, 7:32 AM

I think the check is ready to land. I did check run it over LLVM and found some interesting code parts that could benefit. I extracted all the warnings and sorted them into the categories missing default/covered codepath(uncovered.txt), better use if/else(better_if.txt) and use if(mandatory_if.txt). Some warnings come from generated files but some live in usercode. In total there are 540 warnings.

Please note, that i identified a common pattern to leave out the default label and add an ending llvm_unreachable that is outside the switch but ensures there is no unwanted fall_through. Most of the warnings for the first category are like this, but i could not check all of them!

uncovered.txt45 KBDownload

better_if.txt38 KBDownload

mandatory_if.txt1 KBDownload

JonasToth edited the summary of this revision. (Show Details)Mar 18 2018, 7:32 AM
JonasToth updated this revision to Diff 138851.Mar 18 2018, 7:35 AM
  • remove spurious debug iostream
Harbormaster completed remote builds in B16188: Diff 138851.Mar 18 2018, 7:36 AM
aaron.ballman added inline comments.Mar 20 2018, 9:25 AM
clang-tidy/hicpp/MultiwayPathsCoveredCheck.cpp
69

Add some vertical whitespace before the comments.

76

Same here.

80

s/then/than

120

I think a better way to phrase this one is: "switch statement without labels has no effect" and perhaps have a fix-it to replace the entire switch construct with its predicate?

docs/clang-tidy/checks/hicpp-multiway-paths-covered.rst
96

Missing whitespace after "missing". May want to clarify that that this is a Boolean option.

JonasToth updated this revision to Diff 139293.Mar 21 2018, 7:28 AM
JonasToth marked 4 inline comments as done.
  • adress review comments
clang-tidy/hicpp/MultiwayPathsCoveredCheck.cpp
120

The fixit would only aim for the sideeffects the predicate has, right? I would consider such a switch as a bug or are there reasonable things to accomplish? Given its most likely unintended code i dont think a fixit is good.

Fixing the code removes the warning and might introduce a bug.

aaron.ballman accepted this revision.Mar 21 2018, 8:18 AM

LGTM!

clang-tidy/hicpp/MultiwayPathsCoveredCheck.cpp
120

This code pattern comes up with machine-generated code with some frequency, so I was thinking it would be nice to automatically fix that code. However, I think you're right that "fixing" the code may introduce bugs because you don't want to keep around non-side effecting operations and that's complicated. e.g.,

switch (i) { // Don't replace this with i;
}

switch (some_function_call()) { // Maybe replace this with some_function_call()?
}

switch (i = 12) { // Should definitely be replaced with i = 12;
}

Perhaps only diagnosing is the best option.

This revision is now accepted and ready to land.Mar 21 2018, 8:18 AM
JonasToth updated this revision to Diff 139304.Mar 21 2018, 8:32 AM
JonasToth marked 3 inline comments as done.
  • add fixme for degenerated switch
Harbormaster completed remote builds in B16311: Diff 139304.Mar 21 2018, 8:32 AM
JonasToth added inline comments.Mar 21 2018, 8:33 AM
clang-tidy/hicpp/MultiwayPathsCoveredCheck.cpp
120

I will add another FIXME. The if-is-better pattern might be reasonable transformable and doing this allows addressing the issue again later.

JonasToth marked an inline comment as done.Mar 21 2018, 8:33 AM
JonasToth added a commit: rCTE328107: [clang-tidy] Resubmit hicpp-multiway-paths-covered without breaking test.Mar 21 2018, 8:40 AM
JonasToth closed this revision.Mar 21 2018, 8:43 AM

Revision Contents

Diff 139304

clang-tidy/hicpp/CMakeLists.txt

set(LLVM_LINK_COMPONENTS support) set(LLVM_LINK_COMPONENTS support)
add_clang_library(clangTidyHICPPModule add_clang_library(clangTidyHICPPModule
ExceptionBaseclassCheck.cpp ExceptionBaseclassCheck.cpp
MultiwayPathsCoveredCheck.cpp
NoAssemblerCheck.cpp NoAssemblerCheck.cpp
HICPPTidyModule.cpp HICPPTidyModule.cpp
SignedBitwiseCheck.cpp SignedBitwiseCheck.cpp
LINK_LIBS LINK_LIBS
clangAST clangAST
clangASTMatchers clangASTMatchers
clangBasic clangBasic
Show All 11 Lines

clang-tidy/hicpp/HICPPTidyModule.cpp

Show All 30 Lines
#include "../modernize/UseNullptrCheck.h" #include "../modernize/UseNullptrCheck.h"
#include "../modernize/UseOverrideCheck.h" #include "../modernize/UseOverrideCheck.h"
#include "../performance/MoveConstArgCheck.h" #include "../performance/MoveConstArgCheck.h"
#include "../performance/NoexceptMoveConstructorCheck.h" #include "../performance/NoexceptMoveConstructorCheck.h"
#include "../readability/BracesAroundStatementsCheck.h" #include "../readability/BracesAroundStatementsCheck.h"
#include "../readability/FunctionSizeCheck.h" #include "../readability/FunctionSizeCheck.h"
#include "../readability/IdentifierNamingCheck.h" #include "../readability/IdentifierNamingCheck.h"
#include "ExceptionBaseclassCheck.h" #include "ExceptionBaseclassCheck.h"
#include "MultiwayPathsCoveredCheck.h"
#include "NoAssemblerCheck.h" #include "NoAssemblerCheck.h"
#include "SignedBitwiseCheck.h" #include "SignedBitwiseCheck.h"
namespace clang { namespace clang {
namespace tidy { namespace tidy {
namespace hicpp { namespace hicpp {
class HICPPModule : public ClangTidyModule { class HICPPModule : public ClangTidyModule {
public: public:
void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override { void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
CheckFactories.registerCheck<cppcoreguidelines::AvoidGotoCheck>( CheckFactories.registerCheck<cppcoreguidelines::AvoidGotoCheck>(
"hicpp-avoid-goto"); "hicpp-avoid-goto");
CheckFactories.registerCheck<readability::BracesAroundStatementsCheck>( CheckFactories.registerCheck<readability::BracesAroundStatementsCheck>(
"hicpp-braces-around-statements"); "hicpp-braces-around-statements");
CheckFactories.registerCheck<modernize::DeprecatedHeadersCheck>( CheckFactories.registerCheck<modernize::DeprecatedHeadersCheck>(
"hicpp-deprecated-headers"); "hicpp-deprecated-headers");
CheckFactories.registerCheck<ExceptionBaseclassCheck>( CheckFactories.registerCheck<ExceptionBaseclassCheck>(
"hicpp-exception-baseclass"); "hicpp-exception-baseclass");
CheckFactories.registerCheck<MultiwayPathsCoveredCheck>(
"hicpp-multiway-paths-covered");
CheckFactories.registerCheck<SignedBitwiseCheck>("hicpp-signed-bitwise"); CheckFactories.registerCheck<SignedBitwiseCheck>("hicpp-signed-bitwise");
CheckFactories.registerCheck<google::ExplicitConstructorCheck>( CheckFactories.registerCheck<google::ExplicitConstructorCheck>(
"hicpp-explicit-conversions"); "hicpp-explicit-conversions");
CheckFactories.registerCheck<readability::FunctionSizeCheck>( CheckFactories.registerCheck<readability::FunctionSizeCheck>(
"hicpp-function-size"); "hicpp-function-size");
CheckFactories.registerCheck<readability::IdentifierNamingCheck>( CheckFactories.registerCheck<readability::IdentifierNamingCheck>(
"hicpp-named-parameter"); "hicpp-named-parameter");
CheckFactories.registerCheck<bugprone::UseAfterMoveCheck>( CheckFactories.registerCheck<bugprone::UseAfterMoveCheck>(
▲ Show 20 LinesShow All 52 LinesShow Last 20 Lines

clang-tidy/hicpp/MultiwayPathsCoveredCheck.h

  • This file was added.
//===--- MultiwayPathsCoveredCheck.h - clang-tidy----------------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_HICPP_MULTIWAY_PATHS_COVERED_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_HICPP_MULTIWAY_PATHS_COVERED_H
#include "../ClangTidy.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include <iostream>
namespace clang {
namespace tidy {
namespace hicpp {
/// Find occasions where not all codepaths are explicitly covered in code.
/// This includes 'switch' without a 'default'-branch and 'if'-'else if'-chains
/// without a final 'else'-branch.
///
/// For the user-facing documentation see:
/// http://clang.llvm.org/extra/clang-tidy/checks/hicpp-multiway-paths-covered.html
class MultiwayPathsCoveredCheck : public ClangTidyCheck {
public:
MultiwayPathsCoveredCheck(StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context),
WarnOnMissingElse(Options.get("WarnOnMissingElse", 0)) {}
void storeOptions(ClangTidyOptions::OptionMap &Opts) override;
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
private:
void handleSwitchWithDefault(const SwitchStmt *Switch, std::size_t CaseCount);
void handleSwitchWithoutDefault(
const SwitchStmt *Switch, std::size_t CaseCount,
const ast_matchers::MatchFinder::MatchResult &Result);
/// This option can be configured to warn on missing 'else' branches in an
/// 'if-else if' chain. The default is false because this option might be
/// noisy on some code bases.
const bool WarnOnMissingElse;
};
} // namespace hicpp
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_HICPP_MULTIWAY_PATHS_COVERED_H

clang-tidy/hicpp/MultiwayPathsCoveredCheck.cpp

  • This file was added.
//===--- MultiwayPathsCoveredCheck.cpp - clang-tidy------------------------===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
#include "MultiwayPathsCoveredCheck.h"
#include "clang/AST/ASTContext.h"
#include <limits>
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
namespace hicpp {
void MultiwayPathsCoveredCheck::storeOptions(
ClangTidyOptions::OptionMap &Opts) {
Options.store(Opts, "WarnOnMissingElse", WarnOnMissingElse);
}
void MultiwayPathsCoveredCheck::registerMatchers(MatchFinder *Finder) {
Finder->addMatcher(
switchStmt(
hasCondition(allOf(
// Match on switch statements that have either a bit-field or
// an integer condition. The ordering in 'anyOf()' is
// important because the last condition is the most general.
anyOf(ignoringImpCasts(memberExpr(hasDeclaration(
fieldDecl(isBitField()).bind("bitfield")))),
ignoringImpCasts(declRefExpr().bind("non-enum-condition"))),
// 'unless()' must be the last match here and must be bound,
// otherwise the matcher does not work correctly, because it
// will not explicitly ignore enum conditions.
unless(ignoringImpCasts(
declRefExpr(hasType(enumType())).bind("enum-condition"))))))
.bind("switch"),
this);
// This option is noisy, therefore matching is configurable.
if (WarnOnMissingElse) {
Finder->addMatcher(
ifStmt(allOf(hasParent(ifStmt()), unless(hasElse(anything()))))
.bind("else-if"),
this);
}
}
static std::pair<std::size_t, bool> countCaseLabels(const SwitchStmt *Switch) {
std::size_t CaseCount = 0;
bool HasDefault = false;
const SwitchCase *CurrentCase = Switch->getSwitchCaseList();
while (CurrentCase) {
++CaseCount;
if (isa<DefaultStmt>(CurrentCase))
HasDefault = true;
CurrentCase = CurrentCase->getNextSwitchCase();
}
return std::make_pair(CaseCount, HasDefault);
}
/// This function calculate 2 ** Bits and returns
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Add some vertical whitespace before the comments.

aaron.ballman: Add some vertical whitespace before the comments.
/// numeric_limits<std::size_t>::max() if an overflow occured.
static std::size_t twoPow(std::size_t Bits) {
return Bits >= std::numeric_limits<std::size_t>::digits
? std::numeric_limits<std::size_t>::max()
: static_cast<size_t>(1) << Bits;
}
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Same here.

aaron.ballman: Same here.
/// Get the number of possible values that can be switched on for the type T.
///
/// \return - 0 if bitcount could not be determined
/// - numeric_limits<std::size_t>::max() when overflow appeared due to
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

s/then/than

aaron.ballman: s/then/than
/// more than 64 bits type size.
static std::size_t getNumberOfPossibleValues(QualType T,
const ASTContext &Context) {
// `isBooleanType` must come first because `bool` is an integral type as well
// and would not return 2 as result.
if (T->isBooleanType())
return 2;
else if (T->isIntegralType(Context))
return twoPow(Context.getTypeSize(T));
else
return 1;
}
void MultiwayPathsCoveredCheck::check(const MatchFinder::MatchResult &Result) {
if (const auto *ElseIfWithoutElse =
Result.Nodes.getNodeAs<IfStmt>("else-if")) {
diag(ElseIfWithoutElse->getLocStart(),
"potentially uncovered codepath; add an ending else statement");
return;
}
const auto *Switch = Result.Nodes.getNodeAs<SwitchStmt>("switch");
std::size_t SwitchCaseCount;
bool SwitchHasDefault;
std::tie(SwitchCaseCount, SwitchHasDefault) = countCaseLabels(Switch);
// Checks the sanity of 'switch' statements that actually do define
// a default branch but might be degenerated by having no or only one case.
if (SwitchHasDefault) {
handleSwitchWithDefault(Switch, SwitchCaseCount);
return;
}
// Checks all 'switch' statements that do not define a default label.
// Here the heavy lifting happens.
if (!SwitchHasDefault && SwitchCaseCount > 0) {
handleSwitchWithoutDefault(Switch, SwitchCaseCount, Result);
return;
}
// Warns for degenerated 'switch' statements that neither define a case nor
// a default label.
// FIXME: Evaluate, if emitting a fix-it to simplify that statement is
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

I think a better way to phrase this one is: "switch statement without labels has no effect" and perhaps have a fix-it to replace the entire switch construct with its predicate?

aaron.ballman: I think a better way to phrase this one is: "switch statement without labels has no effect" and…
JonasTothAuthorUnsubmitted
Done
ReplyInline Actions

The fixit would only aim for the sideeffects the predicate has, right? I would consider such a switch as a bug or are there reasonable things to accomplish? Given its most likely unintended code i dont think a fixit is good.

Fixing the code removes the warning and might introduce a bug.

JonasToth: The fixit would only aim for the sideeffects the predicate has, right? I would consider such a…
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

This code pattern comes up with machine-generated code with some frequency, so I was thinking it would be nice to automatically fix that code. However, I think you're right that "fixing" the code may introduce bugs because you don't want to keep around non-side effecting operations and that's complicated. e.g.,

switch (i) { // Don't replace this with i;
}

switch (some_function_call()) { // Maybe replace this with some_function_call()?
}

switch (i = 12) { // Should definitely be replaced with i = 12;
}

Perhaps only diagnosing is the best option.

aaron.ballman: This code pattern comes up with machine-generated code with some frequency, so I was thinking…
JonasTothAuthorUnsubmitted
Done
ReplyInline Actions

I will add another FIXME. The if-is-better pattern might be reasonable transformable and doing this allows addressing the issue again later.

JonasToth: I will add another FIXME. The if-is-better pattern might be reasonable transformable and doing…
// reasonable.
if (!SwitchHasDefault && SwitchCaseCount == 0) {
diag(Switch->getLocStart(),
"switch statement without labels has no effect");
return;
}
llvm_unreachable("matched a case, that was not explicitly handled");
}
void MultiwayPathsCoveredCheck::handleSwitchWithDefault(
const SwitchStmt *Switch, std::size_t CaseCount) {
assert(CaseCount > 0 && "Switch statement with supposedly one default "
"branch did not contain any case labels");
if (CaseCount == 1 || CaseCount == 2)
diag(Switch->getLocStart(),
CaseCount == 1
? "degenerated switch with default label only"
: "switch could be better written as an if/else statement");
}
void MultiwayPathsCoveredCheck::handleSwitchWithoutDefault(
const SwitchStmt *Switch, std::size_t CaseCount,
const MatchFinder::MatchResult &Result) {
// The matcher only works because some nodes are explicitly matched and
// bound but ignored. This is necessary to build the excluding logic for
// enums and 'switch' statements without a 'default' branch.
assert(!Result.Nodes.getNodeAs<DeclRefExpr>("enum-condition") &&
"switch over enum is handled by warnings already, explicitly ignoring "
"them");
// Determine the number of case labels. Because 'default' is not present
// and duplicating case labels is not allowed this number represents
// the number of codepaths. It can be directly compared to 'MaxPathsPossible'
// to see if some cases are missing.
// CaseCount == 0 is caught in DegenerateSwitch. Necessary because the
// matcher used for here does not match on degenerate 'switch'.
assert(CaseCount > 0 && "Switch statement without any case found. This case "
"should be excluded by the matcher and is handled "
"separatly.");
std::size_t MaxPathsPossible = [&]() {
if (const auto *GeneralCondition =
Result.Nodes.getNodeAs<DeclRefExpr>("non-enum-condition")) {
return getNumberOfPossibleValues(GeneralCondition->getType(),
*Result.Context);
}
if (const auto *BitfieldDecl =
Result.Nodes.getNodeAs<FieldDecl>("bitfield")) {
return twoPow(BitfieldDecl->getBitWidthValue(*Result.Context));
}
return 0ul;
}();
// FIXME: Transform the 'switch' into an 'if' for CaseCount == 1.
if (CaseCount < MaxPathsPossible)
diag(Switch->getLocStart(),
CaseCount == 1 ? "switch with only one case; use an if statement"
: "potential uncovered code path; add a default label");
}
} // namespace hicpp
} // namespace tidy
} // namespace clang

docs/ReleaseNotes.rst

Show First 20 LinesShow All 101 Lines▼ Show 20 Lines
- New `fuchsia-trailing-return - New `fuchsia-trailing-return
<http://clang.llvm.org/extra/clang-tidy/checks/fuchsia-trailing-return.html>`_ check <http://clang.llvm.org/extra/clang-tidy/checks/fuchsia-trailing-return.html>`_ check
Functions that have trailing returns are disallowed, except for those Functions that have trailing returns are disallowed, except for those
using ``decltype`` specifiers and lambda with otherwise unutterable using ``decltype`` specifiers and lambda with otherwise unutterable
return types. return types.
- New `hicpp-multiway-paths-covered
<http://clang.llvm.org/extra/clang-tidy/checks/hicpp-multiway-paths-covered.html>`_ check
Checks on ``switch`` and ``if`` - ``else if`` constructs that do not cover all possible code paths.
- New `modernize-use-uncaught-exceptions - New `modernize-use-uncaught-exceptions
<http://clang.llvm.org/extra/clang-tidy/checks/modernize-use-uncaught-exceptions.html>`_ check <http://clang.llvm.org/extra/clang-tidy/checks/modernize-use-uncaught-exceptions.html>`_ check
Finds and replaces deprecated uses of ``std::uncaught_exception`` to Finds and replaces deprecated uses of ``std::uncaught_exception`` to
``std::uncaught_exceptions``. ``std::uncaught_exceptions``.
- New `portability-simd-intrinsics - New `portability-simd-intrinsics
<http://clang.llvm.org/extra/clang-tidy/checks/portability-simd-intrinsics.html>`_ check <http://clang.llvm.org/extra/clang-tidy/checks/portability-simd-intrinsics.html>`_ check
▲ Show 20 LinesShow All 77 LinesShow Last 20 Lines

docs/clang-tidy/checks/hicpp-multiway-paths-covered.rst

  • This file was added.
.. title:: clang-tidy - hicpp-multiway-paths-covered
hicpp-multiway-paths-covered
============================
This check discovers situations where code paths are not fully-covered.
It furthermore suggests using ``if`` instead of ``switch`` if the code will be more clear.
The `rule 6.1.2 <http://www.codingstandard.com/rule/6-1-2-explicitly-cover-all-paths-through-multi-way-selection-statements/>`_
and `rule 6.1.4 <http://www.codingstandard.com/rule/6-1-4-ensure-that-a-switch-statement-has-at-least-two-case-labels-distinct-from-the-default-label/>`_
of the High Integrity C++ Coding Standard are enforced.
``if-else if`` chains that miss a final ``else`` branch might lead to unexpected
program execution and be the result of a logical error.
If the missing ``else`` branch is intended you can leave it empty with a clarifying
comment.
This warning can be noisy on some code bases, so it is disabled by default.
.. code-block:: c++
void f1() {
int i = determineTheNumber();
if(i > 0) {
// Some Calculation
} else if (i < 0) {
// Precondition violated or something else.
}
// ...
}
Similar arguments hold for ``switch`` statements which do not cover all possible code paths.
.. code-block:: c++
// The missing default branch might be a logical error. It can be kept empty
// if there is nothing to do, making it explicit.
void f2(int i) {
switch (i) {
case 0: // something
break;
case 1: // something else
break;
}
// All other numbers?
}
// Violates this rule as well, but already emits a compiler warning (-Wswitch).
enum Color { Red, Green, Blue, Yellow };
void f3(enum Color c) {
switch (c) {
case Red: // We can't drive for now.
break;
case Green: // We are allowed to drive.
break;
}
// Other cases missing
}
The `rule 6.1.4 <http://www.codingstandard.com/rule/6-1-4-ensure-that-a-switch-statement-has-at-least-two-case-labels-distinct-from-the-default-label/>`_
requires every ``switch`` statement to have at least two ``case`` labels other than a `default` label.
Otherwise, the ``switch`` could be better expressed with an ``if`` statement.
Degenerated ``switch`` statements without any labels are caught as well.
.. code-block:: c++
// Degenerated switch that could be better written as `if`
int i = 42;
switch(i) {
case 1: // do something here
default: // do somethe else here
}
// Should rather be the following:
if (i == 1) {
// do something here
}
else {
// do something here
}
.. code-block:: c++
// A completly degenerated switch will be diagnosed.
int i = 42;
switch(i) {}
Options
-------
.. option:: WarnOnMissingElse
Boolean flag that activates a warning for missing ``else`` branches.
Default is `0`.
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Missing whitespace after "missing". May want to clarify that that this is a Boolean option.

aaron.ballman: Missing whitespace after "missing". May want to clarify that that this is a Boolean option.

docs/clang-tidy/checks/list.rst

Show First 20 LinesShow All 116 Lines▼ Show 20 Lines.. toctree::
hicpp-braces-around-statements (redirects to readability-braces-around-statements) <hicpp-braces-around-statements> hicpp-braces-around-statements (redirects to readability-braces-around-statements) <hicpp-braces-around-statements>
hicpp-deprecated-headers (redirects to modernize-deprecated-headers) <hicpp-deprecated-headers> hicpp-deprecated-headers (redirects to modernize-deprecated-headers) <hicpp-deprecated-headers>
hicpp-exception-baseclass hicpp-exception-baseclass
hicpp-explicit-conversions (redirects to google-explicit-constructor) <hicpp-explicit-conversions> hicpp-explicit-conversions (redirects to google-explicit-constructor) <hicpp-explicit-conversions>
hicpp-function-size (redirects to readability-function-size) <hicpp-function-size> hicpp-function-size (redirects to readability-function-size) <hicpp-function-size>
hicpp-invalid-access-moved (redirects to bugprone-use-after-move) <hicpp-invalid-access-moved> hicpp-invalid-access-moved (redirects to bugprone-use-after-move) <hicpp-invalid-access-moved>
hicpp-member-init (redirects to cppcoreguidelines-pro-type-member-init) <hicpp-member-init> hicpp-member-init (redirects to cppcoreguidelines-pro-type-member-init) <hicpp-member-init>
hicpp-move-const-arg (redirects to performance-move-const-arg) <hicpp-move-const-arg> hicpp-move-const-arg (redirects to performance-move-const-arg) <hicpp-move-const-arg>
hicpp-multiway-paths-covered
hicpp-named-parameter (redirects to readability-named-parameter) <hicpp-named-parameter> hicpp-named-parameter (redirects to readability-named-parameter) <hicpp-named-parameter>
hicpp-new-delete-operators (redirects to misc-new-delete-overloads) <hicpp-new-delete-operators> hicpp-new-delete-operators (redirects to misc-new-delete-overloads) <hicpp-new-delete-operators>
hicpp-no-array-decay (redirects to cppcoreguidelines-pro-bounds-array-to-pointer-decay) <hicpp-no-array-decay> hicpp-no-array-decay (redirects to cppcoreguidelines-pro-bounds-array-to-pointer-decay) <hicpp-no-array-decay>
hicpp-no-assembler hicpp-no-assembler
hicpp-no-malloc (redirects to cppcoreguidelines-no-malloc) <hicpp-no-malloc> hicpp-no-malloc (redirects to cppcoreguidelines-no-malloc) <hicpp-no-malloc>
hicpp-noexcept-move (redirects to misc-noexcept-moveconstructor) <hicpp-noexcept-move> hicpp-noexcept-move (redirects to misc-noexcept-moveconstructor) <hicpp-noexcept-move>
hicpp-signed-bitwise hicpp-signed-bitwise
hicpp-special-member-functions (redirects to cppcoreguidelines-special-member-functions) <hicpp-special-member-functions> hicpp-special-member-functions (redirects to cppcoreguidelines-special-member-functions) <hicpp-special-member-functions>
▲ Show 20 LinesShow All 97 LinesShow Last 20 Lines

test/clang-tidy/hicpp-multiway-paths-covered-else.cpp

  • This file was added.
// RUN: %check_clang_tidy %s hicpp-multiway-paths-covered %t \
// RUN: -config='{CheckOptions: \
// RUN: [{key: hicpp-multiway-paths-covered.WarnOnMissingElse, value: 1}]}'\
// RUN: --
enum OS { Mac,
Windows,
Linux };
void problematic_if(int i, enum OS os) {
if (i > 0) {
return;
} else if (i < 0) {
// CHECK-MESSAGES: [[@LINE-1]]:10: warning: potentially uncovered codepath; add an ending else statement
return;
}
// Could be considered as false positive because all paths are covered logically.
// I still think this is valid since the possibility of a final 'everything else'
// codepath is expected from if-else if.
if (i > 0) {
return;
} else if (i <= 0) {
// CHECK-MESSAGES: [[@LINE-1]]:10: warning: potentially uncovered codepath; add an ending else statement
return;
}
// Test if nesting of if-else chains does get caught as well.
if (os == Mac) {
return;
} else if (os == Linux) {
// These checks are kind of degenerated, but the check will not try to solve
// if logically all paths are covered, which is more the area of the static analyzer.
if (true) {
return;
} else if (false) {
// CHECK-MESSAGES: [[@LINE-1]]:12: warning: potentially uncovered codepath; add an ending else statement
return;
}
return;
} else {
/* unreachable */
if (true) // check if the parent would match here as well
return;
// No warning for simple if statements, since it is common to just test one condition
// and ignore the opposite.
}
// Ok, because all paths are covered
if (i > 0) {
return;
} else if (i < 0) {
return;
} else {
/* error, maybe precondition failed */
}
}

test/clang-tidy/hicpp-multiway-paths-covered.cpp

  • This file was added.
// RUN: %check_clang_tidy %s hicpp-multiway-paths-covered %t
enum OS { Mac,
Windows,
Linux };
struct Bitfields {
unsigned UInt : 3;
int SInt : 1;
};
int return_integer() { return 42; }
void bad_switch(int i) {
switch (i) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: switch with only one case; use an if statement
case 0:
break;
}
// No default in this switch
switch (i) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: potential uncovered code path; add a default label
case 0:
break;
case 1:
break;
case 2:
break;
}
// degenerate, maybe even warning
switch (i) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: switch statement without labels has no effect
}
switch (int j = return_integer()) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: potential uncovered code path; add a default label
case 0:
case 1:
case 2:
break;
}
// Degenerated, only default case.
switch (i) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: degenerated switch with default label only
default:
break;
}
// Degenerated, only one case label and default case -> Better as if-stmt.
switch (i) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: switch could be better written as an if/else statement
case 0:
break;
default:
break;
}
unsigned long long BigNumber = 0;
switch (BigNumber) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: potential uncovered code path; add a default label
case 0:
case 1:
break;
}
const int &IntRef = i;
switch (IntRef) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: potential uncovered code path; add a default label
case 0:
case 1:
break;
}
char C = 'A';
switch (C) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: potential uncovered code path; add a default label
case 'A':
break;
case 'B':
break;
}
Bitfields Bf;
// UInt has 3 bits size.
switch (Bf.UInt) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: potential uncovered code path; add a default label
case 0:
case 1:
break;
}
// All paths explicitly covered.
switch (Bf.UInt) {
case 0:
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
break;
}
// SInt has 1 bit size, so this is somewhat degenerated.
switch (Bf.SInt) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: switch with only one case; use an if statement
case 0:
break;
}
// All paths explicitly covered.
switch (Bf.SInt) {
case 0:
case 1:
break;
}
bool Flag = false;
switch (Flag) {
// CHECK-MESSAGES:[[@LINE-1]]:3: warning: switch with only one case; use an if statement
case true:
break;
}
switch (Flag) {
// CHECK-MESSAGES: [[@LINE-1]]:3: warning: degenerated switch with default label only
default:
break;
}
// This `switch` will create a frontend warning from '-Wswitch-bool' but is
// ok for this check.
switch (Flag) {
case true:
break;
case false:
break;
}
}
void unproblematic_switch(unsigned char c) {
//
switch (c) {
case 0:
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
case 8:
case 9:
case 10:
case 11:
case 12:
case 13:
case 14:
case 15:
case 16:
case 17:
case 18:
case 19:
case 20:
case 21:
case 22:
case 23:
case 24:
case 25:
case 26:
case 27:
case 28:
case 29:
case 30:
case 31:
case 32:
case 33:
case 34:
case 35:
case 36:
case 37:
case 38:
case 39:
case 40:
case 41:
case 42:
case 43:
case 44:
case 45:
case 46:
case 47:
case 48:
case 49:
case 50:
case 51:
case 52:
case 53:
case 54:
case 55:
case 56:
case 57:
case 58:
case 59:
case 60:
case 61:
case 62:
case 63:
case 64:
case 65:
case 66:
case 67:
case 68:
case 69:
case 70:
case 71:
case 72:
case 73:
case 74:
case 75:
case 76:
case 77:
case 78:
case 79:
case 80:
case 81:
case 82:
case 83:
case 84:
case 85:
case 86:
case 87:
case 88:
case 89:
case 90:
case 91:
case 92:
case 93:
case 94:
case 95:
case 96:
case 97:
case 98:
case 99:
case 100:
case 101:
case 102:
case 103:
case 104:
case 105:
case 106:
case 107:
case 108:
case 109:
case 110:
case 111:
case 112:
case 113:
case 114:
case 115:
case 116:
case 117:
case 118:
case 119:
case 120:
case 121:
case 122:
case 123:
case 124:
case 125:
case 126:
case 127:
case 128:
case 129:
case 130:
case 131:
case 132:
case 133:
case 134:
case 135:
case 136:
case 137:
case 138:
case 139:
case 140:
case 141:
case 142:
case 143:
case 144:
case 145:
case 146:
case 147:
case 148:
case 149:
case 150:
case 151:
case 152:
case 153:
case 154:
case 155:
case 156:
case 157:
case 158:
case 159:
case 160:
case 161:
case 162:
case 163:
case 164:
case 165:
case 166:
case 167:
case 168:
case 169:
case 170:
case 171:
case 172:
case 173:
case 174:
case 175:
case 176:
case 177:
case 178:
case 179:
case 180:
case 181:
case 182:
case 183:
case 184:
case 185:
case 186:
case 187:
case 188:
case 189:
case 190:
case 191:
case 192:
case 193:
case 194:
case 195:
case 196:
case 197:
case 198:
case 199:
case 200:
case 201:
case 202:
case 203:
case 204:
case 205:
case 206:
case 207:
case 208:
case 209:
case 210:
case 211:
case 212:
case 213:
case 214:
case 215:
case 216:
case 217:
case 218:
case 219:
case 220:
case 221:
case 222:
case 223:
case 224:
case 225:
case 226:
case 227:
case 228:
case 229:
case 230:
case 231:
case 232:
case 233:
case 234:
case 235:
case 236:
case 237:
case 238:
case 239:
case 240:
case 241:
case 242:
case 243:
case 244:
case 245:
case 246:
case 247:
case 248:
case 249:
case 250:
case 251:
case 252:
case 253:
case 254:
case 255:
break;
}
// Some paths are covered by the switch and a default case is present.
switch (c) {
case 1:
case 2:
case 3:
default:
break;
}
}
OS return_enumerator() {
return Linux;
}
// Enumpaths are already covered by a warning, this is just to ensure, that there is
// no interference or false positives.
// -Wswitch warns about uncovered enum paths and each here described case is already
// covered.
void switch_enums(OS os) {
switch (os) {
case Linux:
break;
}
switch (OS another_os = return_enumerator()) {
case Linux:
break;
}
switch (os) {
}
}
/// All of these cases will not emit a warning per default, but with explicit activation.
/// Covered in extra test file.
void problematic_if(int i, enum OS os) {
if (i > 0) {
return;
} else if (i < 0) {
return;
}
if (os == Mac) {
return;
} else if (os == Linux) {
if (true) {
return;
} else if (false) {
return;
}
return;
} else {
/* unreachable */
if (true) // check if the parent would match here as well
return;
}
// Ok, because all paths are covered
if (i > 0) {
return;
} else if (i < 0) {
return;
} else {
/* error, maybe precondition failed */
}
}