Add misc-io-functions-misused checker to warns for cases when the return value of certain standard iostream C functions (fgetc(), getc(), getchar(), fgetwc(), getwc(), getwchar(), istream::get()) return int value which is then incorrectly stored in char typed values.
Details
Diff Detail
- Repository
- rCTE Clang Tools Extra
Event Timeline
Why only the wide versions?
Even narrow versions return an int so that you can check for EOF.
May be bugprone is better module then misc?
docs/ReleaseNotes.rst | ||
---|---|---|
63 | Please add () to function names and enclose each of them in ``. Same in documentation. |
clang-tidy/misc/IoFunctionsMisusedCheck.cpp | ||
---|---|---|
33 ↗ | (On Diff #131940) | matchesName can be pretty expensive and should generally be avoided. What set of types should be matched here? Can they all be listed here (using hasAnyName)? |
43–46 ↗ | (On Diff #131940) | It looks like the code doesn't need to distinguish between these two. They can be bound to the same ID then. |
clang-tidy/misc/IoFunctionsMisusedCheck.h | ||
19 ↗ | (On Diff #131940) | s/checker/check/ |
docs/clang-tidy/checks/misc-io-functions-misused.rst | ||
26–27 ↗ | (On Diff #131940) | The formatting is off. |
Sorry, I forgot about my pull request.
I fixed the issues what are identified by reviewers :
- Check moved to bugprone module
- () and `` added
- matchesName replaced with hasAnyName
-Unnecessary IDs depracated
- clang-tidy/misc/IoFunctionsMisusedCheck.h:19: "s/checker/check/" => Fixed all places
- Formatting fixed
Only thing left is to match all IO functions, not just the wide versions.
clang-tidy/bugprone/BugproneTidyModule.cpp | ||
---|---|---|
84 | This name reads a bit awkwardly because usually "misused" would come before "io functions". However, given that we've already said it's prone to bugs, I think "misuse" is somewhat implied. Perhaps bugprone-io-functions or `bugprone-misused-io-functions'? However, I think this is actually checking an existing CERT rule and perhaps should be added to the CERT module as cert-fio34-c and perhaps that's the only module it should live in? | |
clang-tidy/bugprone/IoFunctionsMisusedCheck.cpp | ||
25–31 | You can combine these hasAnyName() calls into one given that they are otherwise identical matchers. | |
26 | Why only the wide char versions and not the narrow char versions as well? For instance, those are problematic on systems where sizeof(int) == sizeof(char). See https://wiki.sei.cmu.edu/confluence/display/c/FIO34-C.+Distinguish+between+characters+read+from+a+file+and+EOF+or+WEOF for more details. |
I moved to bugprone module and renamed to bugprone-io-functions.
I added as a reference for cert-fio34-c.
docs/clang-tidy/checks/bugprone-io-functions.rst | ||
---|---|---|
4 ↗ | (On Diff #176732) | Please adjust length. |
clang-tidy/bugprone/IoFunctionsCheck.cpp | ||
---|---|---|
32 ↗ | (On Diff #176736) | ::std::istream |
47–49 ↗ | (On Diff #176736) | This diagnostic confuses me, so perhaps you can explain the situation you want to diagnose a bit further. FIO34-C is about situations where sizeof(char) == sizeof(int) and the call returns EOF/WEOF. In that case, there's no way to distinguish between an EOF/error and a valid character. Suggesting to explicitly cast to a character type doesn't add any safety to the code -- the user needs to insert calls to feof() or ferror() instead (to make it portable, anyway) and should store the character value in a sufficiently large integer type before doing the comparison against EOF. Are you trying to catch a different kind of bug? |
clang-tidy/bugprone/IoFunctionsCheck.cpp | ||
---|---|---|
47–49 ↗ | (On Diff #176736) | I think there are two different situations to think about:
Either way, I don't know that we'll be able to suggest fixes for the user in a diagnostic message of reasonable length. This might be a case where we want to tell the user about the danger and let the documentation tell them how to fix it. Maybe a diagnostic like: "the value for %select{EOF|WEOF}0 is indistinguishable from a valid character with the same bit pattern; consider explicit checks for error or end-of-file indicators" |
This name reads a bit awkwardly because usually "misused" would come before "io functions". However, given that we've already said it's prone to bugs, I think "misuse" is somewhat implied. Perhaps bugprone-io-functions or `bugprone-misused-io-functions'?
However, I think this is actually checking an existing CERT rule and perhaps should be added to the CERT module as cert-fio34-c and perhaps that's the only module it should live in?