This is an archive of the discontinued LLVM Phabricator instance.

Differential D76229

[clang-tidy] Added PlacementNewStorageCheck
Needs ReviewPublic

Authored by f00kat on Mar 16 2020, 5:57 AM.

Details

Reviewers
aaron.ballman
alexfh
hokein
njames93
NoQ
martong
lebedev.ri
Summary

Added new checker 'cert-mem54-cpp' that checks for CERT rule MEM54-CPP.

I have troubles writing English descriptions for the release notes, so I need all the help I can get :)

Diff Detail

Unit TestsFailed

TimeTest
110 msClang Tools.clang-tidy/checkers::Unknown Unit Message ("")
220 msClang.Analysis::Unknown Unit Message ("")

Event Timeline

f00kat created this revision.Mar 16 2020, 5:57 AM
Herald added subscribers: cfe-commits, xazax.hun, mgorny. · View Herald TranscriptMar 16 2020, 5:57 AM
Harbormaster failed remote builds in B49301: Diff 250532!Mar 16 2020, 7:00 AM
Eugene.Zelenko added a subscriber: Eugene.Zelenko.Mar 16 2020, 7:01 AM
Eugene.Zelenko added inline comments.
clang-tools-extra/clang-tidy/cert/PlacementNewStorageCheck.cpp
20

Please use static instead of anonymous namespaces for functions. See LLVM Coding Guidelines.

22

const auto *. Same in other places.

48

Belongs to isLanguageVersionSupported() now.

70

const auto *. Same below.

clang-tools-extra/docs/ReleaseNotes.rst
95

Please highlight new with double back-ticks.

clang-tools-extra/docs/clang-tidy/checks/cert-mem54-cpp.rst
7

Please highlight new with double back-ticks.

Eugene.Zelenko added reviewers: hokein, njames93.Mar 16 2020, 7:01 AM
f00kat updated this revision to Diff 250555.Mar 16 2020, 7:14 AM
  1. Static functions instead of anonymous namespaces.
  2. const auto*.
  3. Added double back-ticks.
f00kat updated this revision to Diff 250556.Mar 16 2020, 7:16 AM

Fix 'const auto*' in function getDescendantValueDecl

Eugene.Zelenko added inline comments.Mar 16 2020, 7:47 AM
clang-tools-extra/clang-tidy/cert/PlacementNewStorageCheck.cpp
43

Unnecessary empty line.

Harbormaster failed remote builds in B49308: Diff 250556!Mar 16 2020, 8:08 AM
Harbormaster failed remote builds in B49307: Diff 250555!
njames93 added a comment.Mar 16 2020, 8:42 AM

Also fix the test case, premerge found a failure

clang-tools-extra/clang-tidy/cert/PlacementNewStorageCheck.cpp
23

For better or worse children can sometimes contain nullptr, best to check for that first

52

Not gonna say this is blocking anything, but this is quite a large function that could be made smaller (more readable) by moving some of those lambdas out of the function

aaron.ballman added a comment.Mar 16 2020, 1:09 PM

Have you considered making this a static analyzer check as opposed to a clang-tidy check? I think using dataflow analysis will really reduce the false positives because it will be able to track the allocation and alignment data across control flow.

lebedev.ri requested changes to this revision.Mar 16 2020, 2:18 PM
lebedev.ri added a subscriber: lebedev.ri.

This seems to be already handled by clang static analyzer? (clang-analyzer-cplusplus.PlacementNew)

<source>:19:5: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
    ::new (&s1) long;
    ^
<source>:19:5: note: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes
<source>:64:3: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
  ::new (buffer3) long;
  ^

https://godbolt.org/z/9VX5WW

This revision now requires changes to proceed.Mar 16 2020, 2:18 PM
f00kat added a comment.Mar 16 2020, 2:18 PM
In D76229#1925268, @aaron.ballman wrote:

Have you considered making this a static analyzer check as opposed to a clang-tidy check? I think using dataflow analysis will really reduce the false positives because it will be able to track the allocation and alignment data across control flow.

I have never try to write static analyzer before. Okay, I will look at examples of how to work with dataflow.

f00kat added a comment.Mar 16 2020, 2:23 PM
In D76229#1925360, @lebedev.ri wrote:

This seems to be already handled by clang static analyzer? (clang-analyzer-cplusplus.PlacementNew)

<source>:19:5: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
    ::new (&s1) long;
    ^
<source>:19:5: note: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes
<source>:64:3: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
  ::new (buffer3) long;
  ^

https://godbolt.org/z/9VX5WW

Oh no..It is sad :)

f00kat added a comment.Mar 16 2020, 2:28 PM
In D76229#1925360, @lebedev.ri wrote:

This seems to be already handled by clang static analyzer? (clang-analyzer-cplusplus.PlacementNew)

<source>:19:5: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
    ::new (&s1) long;
    ^
<source>:19:5: note: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes
<source>:64:3: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
  ::new (buffer3) long;
  ^

https://godbolt.org/z/9VX5WW

But it seems like not all of my tests pass on static analyzer?

lebedev.ri added a reviewer: NoQ.Mar 16 2020, 11:12 PM
In D76229#1925371, @f00kat wrote:
In D76229#1925360, @lebedev.ri wrote:

This seems to be already handled by clang static analyzer? (clang-analyzer-cplusplus.PlacementNew)

<source>:19:5: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
    ::new (&s1) long;
    ^
<source>:19:5: note: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes
<source>:64:3: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
  ::new (buffer3) long;
  ^

https://godbolt.org/z/9VX5WW

But it seems like not all of my tests pass on static analyzer?

I have not really worked with static analyzer code, but assuming that those cases
that are no longer diagnosed as compared to this clang-tidy checks *should* be diagnosed
(i.e. diagnosing them isn't false-positive), then i'd think that static analyzer check
simply needs some work?

Herald added a subscriber: Charusso. · View Herald TranscriptMar 16 2020, 11:12 PM
f00kat added a comment.Mar 16 2020, 11:39 PM
In D76229#1925948, @lebedev.ri wrote:
In D76229#1925371, @f00kat wrote:
In D76229#1925360, @lebedev.ri wrote:

This seems to be already handled by clang static analyzer? (clang-analyzer-cplusplus.PlacementNew)

<source>:19:5: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
    ::new (&s1) long;
    ^
<source>:19:5: note: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes
<source>:64:3: warning: Storage provided to placement new is only 2 bytes, whereas the allocated type requires 8 bytes [clang-analyzer-cplusplus.PlacementNew]
  ::new (buffer3) long;
  ^

https://godbolt.org/z/9VX5WW

But it seems like not all of my tests pass on static analyzer?

I have not really worked with static analyzer code, but assuming that those cases
that are no longer diagnosed as compared to this clang-tidy checks *should* be diagnosed
(i.e. diagnosing them isn't false-positive), then i'd think that static analyzer check
simply needs some work?

Yeah. You are right. I will try to improve exist checker.
What we gonna do with this patch? Remove it?

NoQ added a reviewer: martong.Mar 17 2020, 4:06 AM

First of all, the static analyzer doesn't warn on everything at once; it stops the analysis after a fatal error (such as UB) is found, so it doesn't explore the execution path further. This is the reason why some tests look like they don't warn, but they will if you comment out the previous tests in the same function.

// bad (short is aligned to 2).
short* s6 = nullptr;
::new (s6) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 's6' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]

Null pointer is obviously well-aligned, so this is a false positive / incorrect test (though for a syntactic check that focuses on a single statement it's a perfectly normal test).

// bad (just check for pointer to pointer).
short **s7;
::new (*s7) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 's7' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]

There's another checker that warns here: warning: Dereference of undefined pointer value. So the analysis is interrupted before new is reached.

// bad (buffer is aligned to 'short' instead of 'long').
alignas(short) unsigned char buffer2[sizeof(long)];
::new (buffer2) long;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 'buffer2' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]

Hmm, i think we don't have an insufficient alignment check yet, only an insufficient storage check. Same goes for all of the test3(). These shouldn't be too hard to add so that, at least, to pass the missing tests.

short* test4_f1()
{
    return nullptr;
}

void test4()
{
    ::new (test4_f1()) long;
    // CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 'test4_f1' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]

Again, the static analyzer is inter-procedural so it knows that it's a null pointer.

short* (*p1)();
p1 = test4_f1;
::new (p1()) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 'p1' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]

We can even see through your obfuscation via function pointer! It's still null.

struct S
{
    short a;
};

// bad (not enough space).
const unsigned N = 32;
alignas(S) unsigned char buffer1[sizeof(S) * N];
::new (buffer1) S[N];
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 64 bytes are not enough for array allocation which requires 64 bytes [cert-mem54-cpp]

// maybe ok but we need to warn.
alignas(S) unsigned char buffer2[sizeof(S) * N + sizeof(int)];
::new (buffer2) S[N];
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: possibly not enough 68 bytes for array allocation which requires 64 bytes. current overhead requires the size of 4 bytes [cert-mem54-cpp]

Ah yes, placement array-new, we're still missing it but it shouldn't be hard to add.

Herald added a subscriber: rnkovacs. · View Herald TranscriptMar 17 2020, 4:06 AM
f00kat added a comment.Mar 17 2020, 6:28 AM

NoQ, I don`t want to say that existing static alalyzer is bad written or something. I just noticed that it does not yet support arrays and alignment.
Anyway thank you for your detailed feedback.

NoQ added a comment.Mar 17 2020, 7:59 AM

Sure np, was just curious^^

Charusso added a comment.Mar 17 2020, 9:12 AM
In D76229#1925363, @f00kat wrote:
In D76229#1925268, @aaron.ballman wrote:

Have you considered making this a static analyzer check as opposed to a clang-tidy check? I think using dataflow analysis will really reduce the false positives because it will be able to track the allocation and alignment data across control flow.

I have never try to write static analyzer before. Okay, I will look at examples of how to work with dataflow.

To getting started with the Analyzer please visit @NoQ's (tiny bit outdated) booklet: https://github.com/haoNoQ/clang-analyzer-guide

Advertisement:
If D69726 lands we will have an arsenal of APIs for helping dynamic size based checkers.
If D73521 lands it should be easier to getting started with the Analyzer, but now you could visit what is our current API.

f00kat added a comment.Mar 17 2020, 11:58 PM
In D76229#1926818, @Charusso wrote:
In D76229#1925363, @f00kat wrote:
In D76229#1925268, @aaron.ballman wrote:

Have you considered making this a static analyzer check as opposed to a clang-tidy check? I think using dataflow analysis will really reduce the false positives because it will be able to track the allocation and alignment data across control flow.

I have never try to write static analyzer before. Okay, I will look at examples of how to work with dataflow.

To getting started with the Analyzer please visit @NoQ's (tiny bit outdated) booklet: https://github.com/haoNoQ/clang-analyzer-guide

Advertisement:
If D69726 lands we will have an arsenal of APIs for helping dynamic size based checkers.
If D73521 lands it should be easier to getting started with the Analyzer, but now you could visit what is our current API.

Thank you!

martong added a comment.Mar 18 2020, 10:28 AM

Please note about the alignment requirements that they are not checked in the static analyzer for a reason. To track the alignment data across the data flow, probably we should modify the analyzer's core structure (e.g. MemRegion) and some modeling checkers like the MallocChecker. That is not an impossible task but also far from easy IMHO (would require several patches built on top of each other). Just as an example for the subtleties: think about the nuances of operator news default alignment and specific C++17 rules (https://reviews.llvm.org/D67545).

NoQ added a comment.Mar 23 2020, 8:35 PM
In D76229#1929453, @martong wrote:

Please note about the alignment requirements that they are not checked in the static analyzer for a reason. To track the alignment data across the data flow, probably we should modify the analyzer's core structure (e.g. MemRegion) and some modeling checkers like the MallocChecker. That is not an impossible task but also far from easy IMHO (would require several patches built on top of each other). Just as an example for the subtleties: think about the nuances of operator news default alignment and specific C++17 rules (https://reviews.llvm.org/D67545).

This checker's tests only cover VarRegion-based regions. It should be easy to pick up the alignment from the AST for the VarDecl it corresponds to.

lebedev.ri resigned from this revision.Jan 12 2023, 4:45 PM

This review seems to be stuck/dead, consider abandoning if no longer relevant.

This revision now requires review to proceed.Jan 12 2023, 4:45 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 12 2023, 4:45 PM
Herald added subscribers: carlosgalvezp, StephenFan. · View Herald Transcript

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
cert/
2 lines
1 line
35 lines
180 lines
docs/
6 lines
clang-tidy/
checks/
10 lines
1 line
test/
clang-tidy/
checkers/
185 lines

Diff 250556

clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp

Show All 20 Lines
#include "../readability/UppercaseLiteralSuffixCheck.h" #include "../readability/UppercaseLiteralSuffixCheck.h"
#include "CommandProcessorCheck.h" #include "CommandProcessorCheck.h"
#include "DefaultOperatorNewAlignmentCheck.h" #include "DefaultOperatorNewAlignmentCheck.h"
#include "DontModifyStdNamespaceCheck.h" #include "DontModifyStdNamespaceCheck.h"
#include "FloatLoopCounter.h" #include "FloatLoopCounter.h"
#include "LimitedRandomnessCheck.h" #include "LimitedRandomnessCheck.h"
#include "MutatingCopyCheck.h" #include "MutatingCopyCheck.h"
#include "NonTrivialTypesLibcMemoryCallsCheck.h" #include "NonTrivialTypesLibcMemoryCallsCheck.h"
#include "PlacementNewStorageCheck.h"
#include "PostfixOperatorCheck.h" #include "PostfixOperatorCheck.h"
#include "ProperlySeededRandomGeneratorCheck.h" #include "ProperlySeededRandomGeneratorCheck.h"
#include "SetLongJmpCheck.h" #include "SetLongJmpCheck.h"
#include "StaticObjectExceptionCheck.h" #include "StaticObjectExceptionCheck.h"
#include "StrToNumCheck.h" #include "StrToNumCheck.h"
#include "ThrownExceptionTypeCheck.h" #include "ThrownExceptionTypeCheck.h"
#include "VariadicFunctionDefCheck.h" #include "VariadicFunctionDefCheck.h"
Show All 21 Lines void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>( CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
"cert-err09-cpp"); "cert-err09-cpp");
CheckFactories.registerCheck<SetLongJmpCheck>("cert-err52-cpp"); CheckFactories.registerCheck<SetLongJmpCheck>("cert-err52-cpp");
CheckFactories.registerCheck<StaticObjectExceptionCheck>("cert-err58-cpp"); CheckFactories.registerCheck<StaticObjectExceptionCheck>("cert-err58-cpp");
CheckFactories.registerCheck<ThrownExceptionTypeCheck>("cert-err60-cpp"); CheckFactories.registerCheck<ThrownExceptionTypeCheck>("cert-err60-cpp");
CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>( CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
"cert-err61-cpp"); "cert-err61-cpp");
// MEM // MEM
CheckFactories.registerCheck<PlacementNewStorageCheck>("cert-mem54-cpp");
CheckFactories.registerCheck<DefaultOperatorNewAlignmentCheck>( CheckFactories.registerCheck<DefaultOperatorNewAlignmentCheck>(
"cert-mem57-cpp"); "cert-mem57-cpp");
// MSC // MSC
CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc50-cpp"); CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc50-cpp");
CheckFactories.registerCheck<ProperlySeededRandomGeneratorCheck>( CheckFactories.registerCheck<ProperlySeededRandomGeneratorCheck>(
"cert-msc51-cpp"); "cert-msc51-cpp");
// OOP // OOP
CheckFactories.registerCheck<performance::MoveConstructorInitCheck>( CheckFactories.registerCheck<performance::MoveConstructorInitCheck>(
▲ Show 20 LinesShow All 54 LinesShow Last 20 Lines

clang-tools-extra/clang-tidy/cert/CMakeLists.txt

set(LLVM_LINK_COMPONENTS support) set(LLVM_LINK_COMPONENTS support)
add_clang_library(clangTidyCERTModule add_clang_library(clangTidyCERTModule
CERTTidyModule.cpp CERTTidyModule.cpp
CommandProcessorCheck.cpp CommandProcessorCheck.cpp
DefaultOperatorNewAlignmentCheck.cpp DefaultOperatorNewAlignmentCheck.cpp
DontModifyStdNamespaceCheck.cpp DontModifyStdNamespaceCheck.cpp
FloatLoopCounter.cpp FloatLoopCounter.cpp
LimitedRandomnessCheck.cpp LimitedRandomnessCheck.cpp
MutatingCopyCheck.cpp MutatingCopyCheck.cpp
NonTrivialTypesLibcMemoryCallsCheck.cpp NonTrivialTypesLibcMemoryCallsCheck.cpp
PlacementNewStorageCheck.cpp
PostfixOperatorCheck.cpp PostfixOperatorCheck.cpp
ProperlySeededRandomGeneratorCheck.cpp ProperlySeededRandomGeneratorCheck.cpp
SetLongJmpCheck.cpp SetLongJmpCheck.cpp
StaticObjectExceptionCheck.cpp StaticObjectExceptionCheck.cpp
StrToNumCheck.cpp StrToNumCheck.cpp
ThrownExceptionTypeCheck.cpp ThrownExceptionTypeCheck.cpp
VariadicFunctionDefCheck.cpp VariadicFunctionDefCheck.cpp
Show All 13 Lines

clang-tools-extra/clang-tidy/cert/PlacementNewStorageCheck.h

  • This file was added.
//===--- PlacementNewStorageCheck.h - clang-tidy -----------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_PLACEMENTNEWSTORAGECHECK_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_PLACEMENTNEWSTORAGECHECK_H
#include "../ClangTidyCheck.h"
namespace clang {
namespace tidy {
namespace cert {
/// Checks that placement new provided with properly aligned pointer to
/// sufficient storage capacity
class PlacementNewStorageCheck : public ClangTidyCheck {
public:
PlacementNewStorageCheck(StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context) {}
bool isLanguageVersionSupported(const LangOptions &LangOpts) const override {
return LangOpts.CPlusPlus;
}
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
};
} // namespace cert
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_PLACEMENTNEWSTORAGECHECK_H

clang-tools-extra/clang-tidy/cert/PlacementNewStorageCheck.cpp

  • This file was added.
//===--- PlacementNewStorageCheck.cpp - clang-tidy -------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "PlacementNewStorageCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
namespace cert {
static const ValueDecl *getDescendantValueDecl(const Stmt *TheStmt) {
if (const auto *TheDeclRefExpr = dyn_cast<DeclRefExpr>(TheStmt))
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Please use static instead of anonymous namespaces for functions. See LLVM Coding Guidelines.

Eugene.Zelenko: Please use static instead of anonymous namespaces for functions. See LLVM Coding Guidelines.
return TheDeclRefExpr->getDecl();
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

const auto *. Same in other places.

Eugene.Zelenko: const auto *. Same in other places.
for (const Stmt *Child : TheStmt->children()) {
njames93Unsubmitted
Not Done
ReplyInline Actions

For better or worse children can sometimes contain nullptr, best to check for that first

njames93: For better or worse children can sometimes contain nullptr, best to check for that first
if (const auto *TheDeclRefExpr = dyn_cast<DeclRefExpr>(Child))
return TheDeclRefExpr->getDecl();
if (const ValueDecl *TheValueDeclExpr = getDescendantValueDecl(Child))
return TheValueDeclExpr;
}
return nullptr;
}
static void unwindPointeeType(QualType &Type) {
if (Type->isPointerType())
Type = Type->getPointeeType();
else if (Type->isReferenceType())
Type = Type->getPointeeType();
if (Type->isPointerType() || Type->isReferenceType())
unwindPointeeType(Type);
}
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Unnecessary empty line.

Eugene.Zelenko: Unnecessary empty line.
void PlacementNewStorageCheck::registerMatchers(MatchFinder *Finder) {
Finder->addMatcher(
cxxNewExpr(hasPlacementArg(0, implicitCastExpr(expr().bind("arg0"))))
.bind("new"),
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Belongs to isLanguageVersionSupported() now.

Eugene.Zelenko: Belongs to isLanguageVersionSupported() now.
this);
}
void PlacementNewStorageCheck::check(const MatchFinder::MatchResult &Result) {
njames93Unsubmitted
Not Done
ReplyInline Actions

Not gonna say this is blocking anything, but this is quite a large function that could be made smaller (more readable) by moving some of those lambdas out of the function

njames93: Not gonna say this is blocking anything, but this is quite a large function that could be made…
const auto *NewExpr = Result.Nodes.getNodeAs<CXXNewExpr>("new");
const auto *NewExprArg0 = Result.Nodes.getNodeAs<ImplicitCastExpr>("arg0");
const ASTContext *Context = Result.Context;
const SourceManager *SourceManager = Result.SourceManager;
QualType AllocatedT = NewExpr->getAllocatedType();
auto CheckStorageTypeIsFine =
[this, &AllocatedT, NewExpr, Context,
SourceManager](const ValueDecl *StorageVD) -> void {
QualType StorageT = StorageVD->getType();
if (const auto *TheFunctionProtoType = StorageT->getAs<FunctionProtoType>())
StorageT = TheFunctionProtoType->getReturnType();
else if (const auto *ThePointerType = StorageT->getAs<PointerType>())
if (const auto *TheFunctionProtoType =
ThePointerType->getPointeeType()->getAs<FunctionProtoType>())
StorageT = TheFunctionProtoType->getReturnType();
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

const auto *. Same below.

Eugene.Zelenko: const auto *. Same below.
unwindPointeeType(StorageT);
if (StorageT->isVoidPointerType() || StorageT->isVoidType())
return;
const std::size_t BitsPerByteCount = 8;
unsigned StorageTAlign = Context->getTypeAlign(StorageT);
if (unsigned SpecifiedAlignment = StorageVD->getMaxAlignment())
StorageTAlign = SpecifiedAlignment;
StorageTAlign = StorageTAlign / BitsPerByteCount;
unsigned AllocatedTAlign =
Context->getTypeAlign(AllocatedT) / BitsPerByteCount;
if (AllocatedTAlign > StorageTAlign) {
diag(NewExpr->getBeginLoc(), "%0 is aligned to %1 bytes but "
"allocated type %2 is aligned to %3 bytes")
<< StorageVD << StorageTAlign << AllocatedT << AllocatedTAlign;
return;
}
uint64_t StorageTSize = Context->getTypeSize(StorageT) / BitsPerByteCount;
if (llvm::Optional<const Expr *> TheArraySizeExpr =
NewExpr->getArraySize()) {
Expr::EvalResult EvaluatedArraySizeValue;
if (!TheArraySizeExpr.getValue()->EvaluateAsInt(EvaluatedArraySizeValue,
*Context) &&
!EvaluatedArraySizeValue.Val.isInt()) {
return;
}
uint64_t AllocatedSize =
(Context->getTypeSize(AllocatedT) *
(*EvaluatedArraySizeValue.Val.getInt().getRawData())) /
BitsPerByteCount;
if (AllocatedSize >= StorageTSize)
diag(NewExpr->getBeginLoc(), "%0 bytes are not enough for array "
"allocation which requires %1 bytes")
<< (unsigned)AllocatedSize << (unsigned)StorageTSize;
else
diag(NewExpr->getBeginLoc(),
"possibly not enough %0 bytes for array allocation which requires "
"%1 bytes. current overhead requires the size of %2 bytes")
<< (unsigned)StorageTSize << (unsigned)AllocatedSize
<< (unsigned)(StorageTSize - AllocatedSize);
} else if (StorageT->isArrayType()) {
uint64_t AllocatedSize =
Context->getTypeSize(AllocatedT) / BitsPerByteCount;
if (AllocatedSize > StorageTSize)
diag(NewExpr->getBeginLoc(), "%0 bytes are not enough for allocation "
"type %1 which requires %2 bytes")
<< (unsigned)StorageTSize << AllocatedT << (unsigned)AllocatedSize;
}
};
auto IsPointerAlignedProperly =
[this, &AllocatedT, NewExpr, Context,
SourceManager](const Expr *ThePointerAddressExpr) -> void {
Expr::EvalResult EvaluatedValue;
if (ThePointerAddressExpr->EvaluateAsInt(EvaluatedValue, *Context) &&
EvaluatedValue.Val.isInt()) {
unsigned AllocatedTAlign = Context->getTypeAlign(AllocatedT) / 8;
unsigned AddressAlign =
*EvaluatedValue.Val.getInt().getRawData() % AllocatedTAlign;
if (AddressAlign != 0) {
diag(NewExpr->getBeginLoc(),
"address is aligned to %0 bytes instead of %1 bytes")
<< AddressAlign << AllocatedTAlign;
}
}
};
const Expr *StorageExpr = NewExprArg0->getSubExpr();
if (const auto *TheUnaryOperator = dyn_cast<UnaryOperator>(StorageExpr)) {
if (UnaryOperatorKind::UO_AddrOf == TheUnaryOperator->getOpcode()) {
if (const ValueDecl *TheValueDecl =
getDescendantValueDecl(TheUnaryOperator->getSubExpr())) {
CheckStorageTypeIsFine(TheValueDecl);
}
}
} else if (const auto *TheCallExpr = dyn_cast<CallExpr>(StorageExpr)) {
if (const ValueDecl *TheValueDecl = getDescendantValueDecl(TheCallExpr)) {
CheckStorageTypeIsFine(TheValueDecl);
}
} else if (const auto *TheCastExpr = dyn_cast<CastExpr>(StorageExpr)) {
const CastKind TheCastKind = TheCastExpr->getCastKind();
if (CastKind::CK_LValueToRValue == TheCastKind ||
CastKind::CK_ArrayToPointerDecay == TheCastKind) {
if (const ValueDecl *TheValueDecl =
getDescendantValueDecl(TheCastExpr->getSubExpr())) {
CheckStorageTypeIsFine(TheValueDecl);
}
} else if (CastKind::CK_IntegralToPointer == TheCastKind) {
IsPointerAlignedProperly(TheCastExpr->getSubExpr()->IgnoreParenCasts());
}
} else if (const auto *TheDeclRefExpr = dyn_cast<DeclRefExpr>(StorageExpr)) {
CheckStorageTypeIsFine(TheDeclRefExpr->getDecl());
}
}
} // namespace cert
} // namespace tidy
} // namespace clang

clang-tools-extra/docs/ReleaseNotes.rst

Show First 20 LinesShow All 83 Lines▼ Show 20 Lines
- New :doc:`bugprone-suspicious-include - New :doc:`bugprone-suspicious-include
<clang-tidy/checks/bugprone-suspicious-include>` check. <clang-tidy/checks/bugprone-suspicious-include>` check.
Finds cases where an include refers to what appears to be an implementation Finds cases where an include refers to what appears to be an implementation
file, which often leads to hard-to-track-down ODR violations, and diagnoses file, which often leads to hard-to-track-down ODR violations, and diagnoses
them. them.
- New :doc:`cert-mem54-cpp
<clang-tidy/checks/cert-mem54-cpp>` check.
Checks that placement ``new`` provided with properly aligned pointer to
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Please highlight new with double back-ticks.

Eugene.Zelenko: Please highlight new with double back-ticks.
sufficient storage capacity.
- New :doc:`cert-oop57-cpp - New :doc:`cert-oop57-cpp
<clang-tidy/checks/cert-oop57-cpp>` check. <clang-tidy/checks/cert-oop57-cpp>` check.
Flags use of the `C` standard library functions ``memset``, ``memcpy`` and Flags use of the `C` standard library functions ``memset``, ``memcpy`` and
``memcmp`` and similar derivatives on non-trivial types. ``memcmp`` and similar derivatives on non-trivial types.
- New :doc:`objc-dealloc-in-category - New :doc:`objc-dealloc-in-category
<clang-tidy/checks/objc-dealloc-in-category>` check. <clang-tidy/checks/objc-dealloc-in-category>` check.
▲ Show 20 LinesShow All 66 LinesShow Last 20 Lines

clang-tools-extra/docs/clang-tidy/checks/cert-mem54-cpp.rst

  • This file was added.
.. title:: clang-tidy - cert-mem54-cpp
cert-mem54-cpp
==============
Checks that placement ``new`` provided with properly aligned pointer to sufficient storage capacity.
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Please highlight new with double back-ticks.

Eugene.Zelenko: Please highlight new with double back-ticks.
This check corresponds to the CERT C++ Coding Standard rule
`MEM54-CPP. Provide placement new with properly aligned pointers to sufficient storage capacity
<https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM54-CPP.+Provide+placement+new+with+properly+aligned+pointers+to+sufficient+storage+capacity>`_.

clang-tools-extra/docs/clang-tidy/checks/list.rst

Show First 20 LinesShow All 99 Lines▼ Show 20 Lines.. csv-table::
`cert-dcl50-cpp <cert-dcl50-cpp.html>`_, `cert-dcl50-cpp <cert-dcl50-cpp.html>`_,
`cert-dcl58-cpp <cert-dcl58-cpp.html>`_, `cert-dcl58-cpp <cert-dcl58-cpp.html>`_,
`cert-env33-c <cert-env33-c.html>`_, `cert-env33-c <cert-env33-c.html>`_,
`cert-err34-c <cert-err34-c.html>`_, `cert-err34-c <cert-err34-c.html>`_,
`cert-err52-cpp <cert-err52-cpp.html>`_, `cert-err52-cpp <cert-err52-cpp.html>`_,
`cert-err58-cpp <cert-err58-cpp.html>`_, `cert-err58-cpp <cert-err58-cpp.html>`_,
`cert-err60-cpp <cert-err60-cpp.html>`_, `cert-err60-cpp <cert-err60-cpp.html>`_,
`cert-flp30-c <cert-flp30-c.html>`_, `cert-flp30-c <cert-flp30-c.html>`_,
`cert-mem54-cpp <cert-mem54-cpp.html>`_,
`cert-mem57-cpp <cert-mem57-cpp.html>`_, `cert-mem57-cpp <cert-mem57-cpp.html>`_,
`cert-msc50-cpp <cert-msc50-cpp.html>`_, `cert-msc50-cpp <cert-msc50-cpp.html>`_,
`cert-msc51-cpp <cert-msc51-cpp.html>`_, `cert-msc51-cpp <cert-msc51-cpp.html>`_,
`cert-oop57-cpp <cert-oop57-cpp.html>`_, `cert-oop57-cpp <cert-oop57-cpp.html>`_,
`cert-oop58-cpp <cert-oop58-cpp.html>`_, `cert-oop58-cpp <cert-oop58-cpp.html>`_,
`clang-analyzer-core.DynamicTypePropagation <clang-analyzer-core.DynamicTypePropagation.html>`_, `clang-analyzer-core.DynamicTypePropagation <clang-analyzer-core.DynamicTypePropagation.html>`_,
`clang-analyzer-core.uninitialized.CapturedBlockVariable <clang-analyzer-core.uninitialized.CapturedBlockVariable.html>`_, `clang-analyzer-core.uninitialized.CapturedBlockVariable <clang-analyzer-core.uninitialized.CapturedBlockVariable.html>`_,
`clang-analyzer-cplusplus.InnerPointer <clang-analyzer-cplusplus.InnerPointer.html>`_, `clang-analyzer-cplusplus.InnerPointer <clang-analyzer-cplusplus.InnerPointer.html>`_,
▲ Show 20 LinesShow All 299 LinesShow Last 20 Lines

clang-tools-extra/test/clang-tidy/checkers/cert-mem54-cpp.cpp

  • This file was added.
// RUN: %check_clang_tidy %s cert-mem54-cpp %t
inline void *operator new(size_t s, void *p) noexcept {
(void)s;
return p;
}
inline void *operator new[](size_t s, void *p) noexcept {
(void)s;
return p;
}
void test1()
{
// bad (short is aligned to 2).
short s1;
::new (&s1) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 's1' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
// ok (same alignment because types are the same).
long s2;
::new (&s2) long;
// ok (long long is greater then long).
long long s3;
::new (&s3) long;
// bad (alias for type 'short' which is aligned to 2).
using s4t = short;
s4t s4;
::new (&s4) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 's4' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
// ok (skip void pointer).
void* s5 = nullptr;
::new (s5) long;
// bad (short is aligned to 2).
short* s6 = nullptr;
::new (s6) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 's6' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
// bad (just check for pointer to pointer).
short **s7;
::new (*s7) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 's7' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
}
void test2()
{
// ok.
alignas(long) unsigned char buffer1[sizeof(long)];
::new (buffer1) long;
// bad (buffer is aligned to 'short' instead of 'long').
alignas(short) unsigned char buffer2[sizeof(long)];
::new (buffer2) long;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 'buffer2' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
// bad (not enough space).
alignas(long) unsigned char buffer3[sizeof(short)];
::new (buffer3) long;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 2 bytes are not enough for allocation type 'long' which requires 4 bytes [cert-mem54-cpp]
// bad (still not enough space).
alignas(long) unsigned char buffer4[sizeof(short) + 1];
::new (buffer4) long;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 3 bytes are not enough for allocation type 'long' which requires 4 bytes [cert-mem54-cpp]
}
void test3()
{
// ok (100 % 4 == 0).
::new ((size_t*)100) long;
// bad (100 % 4 == 2).
::new ((size_t*)102) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: address is aligned to 2 bytes instead of 4 bytes [cert-mem54-cpp]
::new (reinterpret_cast<size_t*>(100)) long;
::new (reinterpret_cast<size_t*>(102)) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: address is aligned to 2 bytes instead of 4 bytes [cert-mem54-cpp]
::new ((size_t*)(100 + 0)) long;
::new ((size_t*)(100 + 2)) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: address is aligned to 2 bytes instead of 4 bytes [cert-mem54-cpp]
}
short* test4_f1()
{
return nullptr;
}
short& test4_f2()
{
static short v;
return v;
}
void test4()
{
::new (test4_f1()) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 'test4_f1' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
::new (&test4_f2()) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 'test4_f2' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
short* (*p1)();
p1 = test4_f1;
::new (p1()) long;
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: 'p1' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
}
void test5()
{
struct S
{
short a;
};
// bad (not enough space).
const unsigned N = 32;
alignas(S) unsigned char buffer1[sizeof(S) * N];
::new (buffer1) S[N];
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 64 bytes are not enough for array allocation which requires 64 bytes [cert-mem54-cpp]
// maybe ok but we need to warn.
alignas(S) unsigned char buffer2[sizeof(S) * N + sizeof(int)];
::new (buffer2) S[N];
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: possibly not enough 68 bytes for array allocation which requires 64 bytes. current overhead requires the size of 4 bytes [cert-mem54-cpp]
}
void test6()
{
struct A
{
char a;
char b;
} Ai;
// bad (struct A is aligned to char).
::new (&Ai.a) long;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 'Ai' is aligned to 1 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
struct B
{
char a;
long b;
} Bi;
// ok (struct B is aligned to long).
::new (&Bi.a) long;
struct C
{
char a;
alignas(2) char b;
} Ci;
// bad (struct C is aligned to 2).
::new (&Ci.a) long;
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: 'Ci' is aligned to 2 bytes but allocated type 'long' is aligned to 4 bytes [cert-mem54-cpp]
struct D
{
char a;
char b;
struct {
long c;
};
} Di;
// ok (struct D is aligned to long).
::new (&Di.a) long;
struct alignas(alignof(long)) E {
char a;
char b;
} Ei;
// ok (struct E is aligned to long).
::new (&Ei.a) long;
}