This is an archive of the discontinued LLVM Phabricator instance.

Differential D89651

[clang-tidy] Add bugprone-suspicious-memory-comparison check
ClosedPublic

Authored by gbencze on Oct 18 2020, 10:26 AM.

Details

Reviewers
aaron.ballman
JonasToth
Charusso
hokein
njames93
Commits
rG3373e845398b: [clang-tidy] Add bugprone-suspicious-memory-comparison check
Summary

The check warns on suspicious calls to memcmp.
It currently checks for comparing types that do not have unique object representations or are non-standard-layout.
Based on
https://wiki.sei.cmu.edu/confluence/display/c/EXP42-C.+Do+not+compare+padding+data
https://wiki.sei.cmu.edu/confluence/display/c/FLP37-C.+Do+not+use+object+representations+to+compare+floating-point+values
and part of
https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP57-CPP.+Prefer+special+member+functions+and+overloaded+operators+to+C+Standard+Library+functions
Add alias cert-exp42-c and cert-flp37-c.

Some tests are currently failing at head, the check depends on D89649.
Originally started in D71973

Diff Detail

Event Timeline

gbencze created this revision.Oct 18 2020, 10:26 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 18 2020, 10:26 AM
Herald added subscribers: cfe-commits, xazax.hun, mgorny. · View Herald Transcript
gbencze requested review of this revision.Oct 18 2020, 10:26 AM
Harbormaster completed remote builds in B75458: Diff 298885.Oct 18 2020, 11:26 AM
Eugene.Zelenko added reviewers: hokein, njames93.Oct 18 2020, 1:58 PM
njames93 added a comment.Oct 19 2020, 4:08 AM

Should point out there is already a check for cert-oop57-cpp, added in D72488. Do these play nice with each other or should they perhaps be merged or share code?

gbencze added a comment.Oct 20 2020, 11:12 AM
In D89651#2338266, @njames93 wrote:

Should point out there is already a check for cert-oop57-cpp, added in D72488. Do these play nice with each other or should they perhaps be merged or share code?

I would certainly expect some duplicate warnings with there two checks, but as far as I can tell that check does not currently warn on using memcmp with non-standard-layout types.
I personally would leave the exp42 and flp37 parts of this check as separate, because those are useful in C as well. But maybe it'd be better to move the warning for non-standard-layout types from here to the existing one.

aaron.ballman added a comment.Oct 22 2020, 7:03 AM
In D89651#2342367, @gbencze wrote:
In D89651#2338266, @njames93 wrote:

Should point out there is already a check for cert-oop57-cpp, added in D72488. Do these play nice with each other or should they perhaps be merged or share code?

I would certainly expect some duplicate warnings with there two checks, but as far as I can tell that check does not currently warn on using memcmp with non-standard-layout types.
I personally would leave the exp42 and flp37 parts of this check as separate, because those are useful in C as well. But maybe it'd be better to move the warning for non-standard-layout types from here to the existing one.

The thrust of the idea behind OOP57-CPP is that you shouldn't use C functions to do work that would normally be done via a C++ overloaded operator. e.g., don't call memcmp() on two structs, define the appropriate set of relational and equality operators for the type instead. It's required that you do this for non-trivial types, but it's aspirational to do it for all types. I don't think the proposed check should relate to OOP57-CPP all that much -- I see it more closely relating to EXP62-CPP instead: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP62-CPP.+Do+not+access+the+bits+of+an+object+representation+that+are+not+part+of+the+object%27s+value+representation except that this check is currently only about comparisons and not accessing, so it's not quite perfect coverage.

clang-tools-extra/clang-tidy/bugprone/SuspiciousMemoryComparisonCheck.cpp
46

The lint warning here is actually correct, which is a lovely change of pace.

71

Note that this may produce false positives as the list of objects with unique representations is not complete. For instance, it doesn't handle _Complex or _Atomic types, etc.

74

unique object representations -> a unique object representation

WDYT about:
consider comparing the values manually -> consider comparing %select{the values|the members of the object}0 manually

to make it more clear that these cases are different:

memcmp(&some_float, &some_other_float, sizeof(float));
memcmp(&some_struct, &some_other_struct, sizeof(some_struct));

The use of "values" make it sound a bit like the user should be able to do if (some_struct == some_other_struct) to me.

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison-32bits.cpp
3

Wouldn't picking a 32-bit target suffice instead of -m32? e.g., -target i386-unknown-unknown

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison.c
122

Just to make it obvious, I think a test like this would also be handy:

struct Whatever {
  int i[2];
  char c;
};

struct Whatever one, two;
memcmp(&one, &two, 2 * sizeof(int)); // Shouldn't warn either

which brings up a pathological case that I have no idea how it should behave:

struct Whatever {
  int i[2];
  int : 0; // What now?!
};

struct Whatever one, two;
memcmp(&one, &two, 2 * sizeof(int)); // Warn? Don't Warn? Cry?
199

How about a test where everything lines up perfectly for bit-fields?

struct Whatever {
  int i : 10;
  int j : 10;
  int k : 10;
  int l : 2;
};
_Static_assert(sizeof(struct Whatever) == sizeof(int));
clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison.cpp
230

Another case we should be careful of is template instantiations:

template <typename Ty>
void func(const Ty *o1, const Ty *o2) {
  memcmp(o1, o2, sizeof(Ty));
}

We don't want to diagnose that unless it's been instantiated with types that are a problem.

steakhal added subscribers: martong, whisperity.Nov 7 2020, 5:18 AM
steakhal added a subscriber: steakhal.
gbencze updated this revision to Diff 303643.Nov 7 2020, 8:06 AM
  • Added some new test cases
  • Fixed assertion in templates
  • Changed loop variable name from i to ArgIndex
  • Changed wording of warnings
  • Changed CHECK-MESSAGES to be in a single line: turns out that only the first line is checked as a prefix if clang-tidy breaks it into multiple lines
gbencze marked an inline comment as done.Nov 7 2020, 8:16 AM
gbencze added inline comments.
clang-tools-extra/clang-tidy/bugprone/SuspiciousMemoryComparisonCheck.cpp
46

Changed to ArgIndex

71

Yes, this could definitely cause some false positives. I'm not sure how we could easily fix it thought, especially if they are in some nested record.
Do you think this is a serious issue?

74

I wasn't entirely happy with the wording either; changed it according to your suggestions.

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison-32bits.cpp
3

To be fully honest, I have no idea, I saw some other tests using -m32 so I decided to copy that.

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison.c
122

Added two new test cases for these: Test_TrailingPadding2 and Bitfield_TrailingUnnamed.
Purely empirically the latter one seems to have a size of 2*sizeof(int), so I assume there is no need to warn there.

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison.cpp
230

Thanks, I added two new tests for these. I also made a minor fix in registerMatchers to make sure I don't try to evaluate a dependant expression.

aaron.ballman added inline comments.Nov 17 2020, 8:22 AM
clang-tools-extra/clang-tidy/bugprone/SuspiciousMemoryComparisonCheck.cpp
71

I don't think it's a serious issue except for possibly the _Atomic case in C code. It may be worth testing that scenario explicitly and putting a FIXME comment on the test case.

77

It looks like this part of the string literal can be moved up a line.

clang-tools-extra/docs/clang-tidy/checks/bugprone-suspicious-memory-comparison.rst
14

May also want to mention EXP62-CPP which is similarly related to OOP57-CPP -- but the docs should be clear that this isn't a check for those rules, just that it has some partial overlap.

17

Type -> Types
representations -> representation

19

representaions -> representation

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison.c
122

Thanks for the new test cases, and I think that emergent behavior is reasonable.

gbencze updated this revision to Diff 306679.Nov 20 2020, 6:36 AM

Address comments:

  • add new test case for _Atomic (with a FIXME comment)
  • fix string literal formatting
  • update docs
Herald added a subscriber: jfb. · View Herald TranscriptNov 20 2020, 6:36 AM
aaron.ballman accepted this revision.Nov 20 2020, 8:30 AM

LGTM, thank you for the new check!

This revision is now accepted and ready to land.Nov 20 2020, 8:30 AM
gbencze added a comment.Nov 21 2020, 9:18 AM

Thanks for the review! I'll push this as soon as the updated version of D89649 is also accepted.

steakhal added a comment.Feb 8 2021, 6:55 AM

I really love this.
I'm gonna have a look at the blocking patch.

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison-32bits.cpp
3

Why don't we pick i386-unknown-linux instead?
That would limit the scope of this test to Ititanium ABI.

Herald added a subscriber: nullptr.cpp. · View Herald TranscriptFeb 8 2021, 6:55 AM
Closed by commit rG3373e845398b: [clang-tidy] Add bugprone-suspicious-memory-comparison check (authored by gbencze, committed by steakhal). · Explain WhyAug 26 2021, 12:29 AM
This revision was automatically updated to reflect the committed changes.
steakhal added a commit: rG3373e845398b: [clang-tidy] Add bugprone-suspicious-memory-comparison check.

Revision Contents

Diff 368824

clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp

Show First 20 LinesShow All 46 Lines▼ Show 20 Lines
#include "SizeofContainerCheck.h" #include "SizeofContainerCheck.h"
#include "SizeofExpressionCheck.h" #include "SizeofExpressionCheck.h"
#include "SpuriouslyWakeUpFunctionsCheck.h" #include "SpuriouslyWakeUpFunctionsCheck.h"
#include "StringConstructorCheck.h" #include "StringConstructorCheck.h"
#include "StringIntegerAssignmentCheck.h" #include "StringIntegerAssignmentCheck.h"
#include "StringLiteralWithEmbeddedNulCheck.h" #include "StringLiteralWithEmbeddedNulCheck.h"
#include "SuspiciousEnumUsageCheck.h" #include "SuspiciousEnumUsageCheck.h"
#include "SuspiciousIncludeCheck.h" #include "SuspiciousIncludeCheck.h"
#include "SuspiciousMemoryComparisonCheck.h"
#include "SuspiciousMemsetUsageCheck.h" #include "SuspiciousMemsetUsageCheck.h"
#include "SuspiciousMissingCommaCheck.h" #include "SuspiciousMissingCommaCheck.h"
#include "SuspiciousSemicolonCheck.h" #include "SuspiciousSemicolonCheck.h"
#include "SuspiciousStringCompareCheck.h" #include "SuspiciousStringCompareCheck.h"
#include "SwappedArgumentsCheck.h" #include "SwappedArgumentsCheck.h"
#include "TerminatingContinueCheck.h" #include "TerminatingContinueCheck.h"
#include "ThrowKeywordMissingCheck.h" #include "ThrowKeywordMissingCheck.h"
#include "TooSmallLoopVariableCheck.h" #include "TooSmallLoopVariableCheck.h"
▲ Show 20 LinesShow All 92 Lines▼ Show 20 Lines void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
CheckFactories.registerCheck<StringIntegerAssignmentCheck>( CheckFactories.registerCheck<StringIntegerAssignmentCheck>(
"bugprone-string-integer-assignment"); "bugprone-string-integer-assignment");
CheckFactories.registerCheck<StringLiteralWithEmbeddedNulCheck>( CheckFactories.registerCheck<StringLiteralWithEmbeddedNulCheck>(
"bugprone-string-literal-with-embedded-nul"); "bugprone-string-literal-with-embedded-nul");
CheckFactories.registerCheck<SuspiciousEnumUsageCheck>( CheckFactories.registerCheck<SuspiciousEnumUsageCheck>(
"bugprone-suspicious-enum-usage"); "bugprone-suspicious-enum-usage");
CheckFactories.registerCheck<SuspiciousIncludeCheck>( CheckFactories.registerCheck<SuspiciousIncludeCheck>(
"bugprone-suspicious-include"); "bugprone-suspicious-include");
CheckFactories.registerCheck<SuspiciousMemoryComparisonCheck>(
"bugprone-suspicious-memory-comparison");
CheckFactories.registerCheck<SuspiciousMemsetUsageCheck>( CheckFactories.registerCheck<SuspiciousMemsetUsageCheck>(
"bugprone-suspicious-memset-usage"); "bugprone-suspicious-memset-usage");
CheckFactories.registerCheck<SuspiciousMissingCommaCheck>( CheckFactories.registerCheck<SuspiciousMissingCommaCheck>(
"bugprone-suspicious-missing-comma"); "bugprone-suspicious-missing-comma");
CheckFactories.registerCheck<SuspiciousSemicolonCheck>( CheckFactories.registerCheck<SuspiciousSemicolonCheck>(
"bugprone-suspicious-semicolon"); "bugprone-suspicious-semicolon");
CheckFactories.registerCheck<SuspiciousStringCompareCheck>( CheckFactories.registerCheck<SuspiciousStringCompareCheck>(
"bugprone-suspicious-string-compare"); "bugprone-suspicious-string-compare");
Show All 39 Lines

clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt

Show First 20 LinesShow All 41 Lines▼ Show 20 Linesadd_clang_library(clangTidyBugproneModule
SizeofContainerCheck.cpp SizeofContainerCheck.cpp
SizeofExpressionCheck.cpp SizeofExpressionCheck.cpp
SpuriouslyWakeUpFunctionsCheck.cpp SpuriouslyWakeUpFunctionsCheck.cpp
StringConstructorCheck.cpp StringConstructorCheck.cpp
StringIntegerAssignmentCheck.cpp StringIntegerAssignmentCheck.cpp
StringLiteralWithEmbeddedNulCheck.cpp StringLiteralWithEmbeddedNulCheck.cpp
SuspiciousEnumUsageCheck.cpp SuspiciousEnumUsageCheck.cpp
SuspiciousIncludeCheck.cpp SuspiciousIncludeCheck.cpp
SuspiciousMemoryComparisonCheck.cpp
SuspiciousMemsetUsageCheck.cpp SuspiciousMemsetUsageCheck.cpp
SuspiciousMissingCommaCheck.cpp SuspiciousMissingCommaCheck.cpp
SuspiciousSemicolonCheck.cpp SuspiciousSemicolonCheck.cpp
SuspiciousStringCompareCheck.cpp SuspiciousStringCompareCheck.cpp
SwappedArgumentsCheck.cpp SwappedArgumentsCheck.cpp
TerminatingContinueCheck.cpp TerminatingContinueCheck.cpp
ThrowKeywordMissingCheck.cpp ThrowKeywordMissingCheck.cpp
TooSmallLoopVariableCheck.cpp TooSmallLoopVariableCheck.cpp
Show All 27 Lines

clang-tools-extra/clang-tidy/bugprone/SuspiciousMemoryComparisonCheck.h

  • This file was added.
//===--- SuspiciousMemoryComparisonCheck.h - clang-tidy ---------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SUSPICIOUSMEMORYCOMPARISONCHECK_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SUSPICIOUSMEMORYCOMPARISONCHECK_H
#include "../ClangTidyCheck.h"
namespace clang {
namespace tidy {
namespace bugprone {
/// Finds potentially incorrect calls to ``memcmp()`` based on properties of the
/// arguments.
///
/// For the user-facing documentation see:
/// http://clang.llvm.org/extra/clang-tidy/checks/bugprone-suspicious-memory-comparison.html
class SuspiciousMemoryComparisonCheck : public ClangTidyCheck {
public:
SuspiciousMemoryComparisonCheck(StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context) {}
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
};
} // namespace bugprone
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SUSPICIOUSMEMORYCOMPARISONCHECK_H

clang-tools-extra/clang-tidy/bugprone/SuspiciousMemoryComparisonCheck.cpp

  • This file was added.
//===--- SuspiciousMemoryComparisonCheck.cpp - clang-tidy -----------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "SuspiciousMemoryComparisonCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
namespace bugprone {
static llvm::Optional<uint64_t> tryEvaluateSizeExpr(const Expr *SizeExpr,
const ASTContext &Ctx) {
Expr::EvalResult Result;
if (SizeExpr->EvaluateAsRValue(Result, Ctx))
return Ctx.toBits(
CharUnits::fromQuantity(Result.Val.getInt().getExtValue()));
return None;
}
void SuspiciousMemoryComparisonCheck::registerMatchers(MatchFinder *Finder) {
Finder->addMatcher(
callExpr(allOf(callee(namedDecl(
anyOf(hasName("::memcmp"), hasName("::std::memcmp")))),
unless(isInstantiationDependent())))
.bind("call"),
this);
}
void SuspiciousMemoryComparisonCheck::check(
const MatchFinder::MatchResult &Result) {
const ASTContext &Ctx = *Result.Context;
const auto *CE = Result.Nodes.getNodeAs<CallExpr>("call");
const Expr *SizeExpr = CE->getArg(2);
assert(SizeExpr != nullptr && "Third argument of memcmp is mandatory.");
llvm::Optional<uint64_t> ComparedBits = tryEvaluateSizeExpr(SizeExpr, Ctx);
for (unsigned int ArgIndex = 0; ArgIndex < 2; ++ArgIndex) {
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

The lint warning here is actually correct, which is a lovely change of pace.

aaron.ballman: The lint warning here is actually correct, which is a lovely change of pace.
gbenczeAuthorUnsubmitted
Done
ReplyInline Actions

Changed to ArgIndex

gbencze: Changed to `ArgIndex`
const Expr *ArgExpr = CE->getArg(ArgIndex);
QualType ArgType = ArgExpr->IgnoreImplicit()->getType();
const Type *PointeeType = ArgType->getPointeeOrArrayElementType();
assert(PointeeType != nullptr && "PointeeType should always be available.");
QualType PointeeQualifiedType(PointeeType, 0);
if (PointeeType->isRecordType()) {
if (const RecordDecl *RD =
PointeeType->getAsRecordDecl()->getDefinition()) {
if (const auto *CXXDecl = dyn_cast<CXXRecordDecl>(RD)) {
if (!CXXDecl->isStandardLayout()) {
diag(CE->getBeginLoc(),
"comparing object representation of non-standard-layout type "
"%0; consider using a comparison operator instead")
<< PointeeQualifiedType;
break;
}
}
}
}
if (!PointeeType->isIncompleteType()) {
uint64_t PointeeSize = Ctx.getTypeSize(PointeeType);
if (ComparedBits.hasValue() && *ComparedBits >= PointeeSize &&
!Ctx.hasUniqueObjectRepresentations(PointeeQualifiedType)) {
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Note that this may produce false positives as the list of objects with unique representations is not complete. For instance, it doesn't handle _Complex or _Atomic types, etc.

aaron.ballman: Note that this may produce false positives as the list of objects with unique representations…
gbenczeAuthorUnsubmitted
Done
ReplyInline Actions

Yes, this could definitely cause some false positives. I'm not sure how we could easily fix it thought, especially if they are in some nested record.
Do you think this is a serious issue?

gbencze: Yes, this could definitely cause some false positives. I'm not sure how we could easily fix it…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

I don't think it's a serious issue except for possibly the _Atomic case in C code. It may be worth testing that scenario explicitly and putting a FIXME comment on the test case.

aaron.ballman: I don't think it's a serious issue except for possibly the `_Atomic` case in C code. It may be…
diag(CE->getBeginLoc(),
"comparing object representation of type %0 which does not have a "
"unique object representation; consider comparing %select{the "
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

unique object representations -> a unique object representation

WDYT about:
consider comparing the values manually -> consider comparing %select{the values|the members of the object}0 manually

to make it more clear that these cases are different:

memcmp(&some_float, &some_other_float, sizeof(float));
memcmp(&some_struct, &some_other_struct, sizeof(some_struct));

The use of "values" make it sound a bit like the user should be able to do if (some_struct == some_other_struct) to me.

aaron.ballman: unique object representations -> a unique object representation WDYT about: consider comparing…
gbenczeAuthorUnsubmitted
Done
ReplyInline Actions

I wasn't entirely happy with the wording either; changed it according to your suggestions.

gbencze: I wasn't entirely happy with the wording either; changed it according to your suggestions.
"values|the members of the object}1 manually")
<< PointeeQualifiedType << (PointeeType->isRecordType() ? 1 : 0);
break;
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

It looks like this part of the string literal can be moved up a line.

aaron.ballman: It looks like this part of the string literal can be moved up a line.
}
}
}
}
} // namespace bugprone
} // namespace tidy
} // namespace clang

clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp

//===--- CERTTidyModule.cpp - clang-tidy ----------------------------------===// //===--- CERTTidyModule.cpp - clang-tidy ----------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "../ClangTidy.h" #include "../ClangTidy.h"
#include "../ClangTidyModule.h" #include "../ClangTidyModule.h"
#include "../ClangTidyModuleRegistry.h" #include "../ClangTidyModuleRegistry.h"
#include "../bugprone/BadSignalToKillThreadCheck.h" #include "../bugprone/BadSignalToKillThreadCheck.h"
#include "../bugprone/ReservedIdentifierCheck.h" #include "../bugprone/ReservedIdentifierCheck.h"
#include "../bugprone/SignalHandlerCheck.h" #include "../bugprone/SignalHandlerCheck.h"
#include "../bugprone/SignedCharMisuseCheck.h" #include "../bugprone/SignedCharMisuseCheck.h"
#include "../bugprone/SpuriouslyWakeUpFunctionsCheck.h" #include "../bugprone/SpuriouslyWakeUpFunctionsCheck.h"
#include "../bugprone/SuspiciousMemoryComparisonCheck.h"
#include "../bugprone/UnhandledSelfAssignmentCheck.h" #include "../bugprone/UnhandledSelfAssignmentCheck.h"
#include "../concurrency/ThreadCanceltypeAsynchronousCheck.h" #include "../concurrency/ThreadCanceltypeAsynchronousCheck.h"
#include "../google/UnnamedNamespaceInHeaderCheck.h" #include "../google/UnnamedNamespaceInHeaderCheck.h"
#include "../misc/NewDeleteOverloadsCheck.h" #include "../misc/NewDeleteOverloadsCheck.h"
#include "../misc/NonCopyableObjects.h" #include "../misc/NonCopyableObjects.h"
#include "../misc/StaticAssertCheck.h" #include "../misc/StaticAssertCheck.h"
#include "../misc/ThrowByValueCatchByReferenceCheck.h" #include "../misc/ThrowByValueCatchByReferenceCheck.h"
#include "../performance/MoveConstructorInitCheck.h" #include "../performance/MoveConstructorInitCheck.h"
▲ Show 20 LinesShow All 68 Lines▼ Show 20 Lines void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
// DCL // DCL
CheckFactories.registerCheck<misc::StaticAssertCheck>("cert-dcl03-c"); CheckFactories.registerCheck<misc::StaticAssertCheck>("cert-dcl03-c");
CheckFactories.registerCheck<readability::UppercaseLiteralSuffixCheck>( CheckFactories.registerCheck<readability::UppercaseLiteralSuffixCheck>(
"cert-dcl16-c"); "cert-dcl16-c");
CheckFactories.registerCheck<bugprone::ReservedIdentifierCheck>( CheckFactories.registerCheck<bugprone::ReservedIdentifierCheck>(
"cert-dcl37-c"); "cert-dcl37-c");
// ENV // ENV
CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c"); CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c");
// EXP
CheckFactories.registerCheck<bugprone::SuspiciousMemoryComparisonCheck>(
"cert-exp42-c");
// FLP // FLP
CheckFactories.registerCheck<FloatLoopCounter>("cert-flp30-c"); CheckFactories.registerCheck<FloatLoopCounter>("cert-flp30-c");
CheckFactories.registerCheck<bugprone::SuspiciousMemoryComparisonCheck>(
"cert-flp37-c");
// FIO // FIO
CheckFactories.registerCheck<misc::NonCopyableObjectsCheck>("cert-fio38-c"); CheckFactories.registerCheck<misc::NonCopyableObjectsCheck>("cert-fio38-c");
// ERR // ERR
CheckFactories.registerCheck<StrToNumCheck>("cert-err34-c"); CheckFactories.registerCheck<StrToNumCheck>("cert-err34-c");
// MSC // MSC
CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc30-c"); CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc30-c");
CheckFactories.registerCheck<ProperlySeededRandomGeneratorCheck>( CheckFactories.registerCheck<ProperlySeededRandomGeneratorCheck>(
"cert-msc32-c"); "cert-msc32-c");
Show All 36 Lines

clang-tools-extra/docs/ReleaseNotes.rst

Show First 20 LinesShow All 66 Lines▼ Show 20 Lines
Improvements to clang-tidy Improvements to clang-tidy
-------------------------- --------------------------
The improvements are... The improvements are...
New checks New checks
^^^^^^^^^^ ^^^^^^^^^^
- New :doc:`bugprone-suspicious-memory-comparison
<clang-tidy/checks/bugprone-suspicious-memory-comparison>` check.
Finds potentially incorrect calls to ``memcmp()`` based on properties of the arguments.
- New :doc:`readability-identifier-length - New :doc:`readability-identifier-length
<clang-tidy/checks/readability-identifier-length>` check. <clang-tidy/checks/readability-identifier-length>` check.
Reports identifiers whose names are too short. Currently checks local variables and function parameters only. Reports identifiers whose names are too short. Currently checks local variables and function parameters only.
New check aliases New check aliases
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
- New alias :doc:`cert-exp42-c
<clang-tidy/checks/cert-exp42-c>` to
:doc:`bugprone-suspicious-memory-comparison
<clang-tidy/checks/bugprone-suspicious-memory-comparison>` was added.
- New alias :doc:`cert-flp37-c
<clang-tidy/checks/cert-flp37-c>` to
:doc:`bugprone-suspicious-memory-comparison
<clang-tidy/checks/bugprone-suspicious-memory-comparison>` was added.
Changes in existing checks Changes in existing checks
^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^
Removed checks Removed checks
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
Improvements to include-fixer Improvements to include-fixer
----------------------------- -----------------------------
Show All 20 Lines

clang-tools-extra/docs/clang-tidy/checks/bugprone-suspicious-memory-comparison.rst

  • This file was added.
.. title:: clang-tidy - bugprone-suspicious-memory-comparison
bugprone-suspicious-memory-comparison
=====================================
Finds potentially incorrect calls to ``memcmp()`` based on properties of the
arguments. The following cases are covered:
**Case 1: Non-standard-layout type**
Comparing the object representaions of non-standard-layout objects may not
properly compare the value representations.
**Case 2: Types with no unique object representation**
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

May also want to mention EXP62-CPP which is similarly related to OOP57-CPP -- but the docs should be clear that this isn't a check for those rules, just that it has some partial overlap.

aaron.ballman: May also want to mention EXP62-CPP which is similarly related to OOP57-CPP -- but the docs…
Objects with the same value may not have the same object representaion.
This may be caused by padding or floating-point types.
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Type -> Types
representations -> representation

aaron.ballman: Type -> Types representations -> representation
See also:
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

representaions -> representation

aaron.ballman: representaions -> representation
`EXP42-C. Do not compare padding data
<https://wiki.sei.cmu.edu/confluence/display/c/EXP42-C.+Do+not+compare+padding+data>`_
and
`FLP37-C. Do not use object representations to compare floating-point values
<https://wiki.sei.cmu.edu/confluence/display/c/FLP37-C.+Do+not+use+object+representations+to+compare+floating-point+values>`_
This check is also related to and partially overlaps the CERT C++ Coding Standard rules
`OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions
<https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP57-CPP.+Prefer+special+member+functions+and+overloaded+operators+to+C+Standard+Library+functions>`_
and
`EXP62-CPP. Do not access the bits of an object representation that are not part of the object's value representation
<https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP62-CPP.+Do+not+access+the+bits+of+an+object+representation+that+are+not+part+of+the+object%27s+value+representation>`_

clang-tools-extra/docs/clang-tidy/checks/cert-exp42-c.rst

  • This file was added.
.. meta::
:http-equiv=refresh: 5;URL=bugprone-suspicious-memory-comparison.html
cert-exp42-c
============
The cert-exp42-c check is an alias, please see
`bugprone-suspicious-memory-comparison <bugprone-suspicious-memory-comparison.html>`_ for more information.

clang-tools-extra/docs/clang-tidy/checks/cert-flp37-c.rst

  • This file was added.
.. meta::
:http-equiv=refresh: 5;URL=bugprone-suspicious-memory-comparison.html
cert-flp37-c
============
The cert-flp37-c check is an alias, please see
`bugprone-suspicious-memory-comparison <bugprone-suspicious-memory-comparison.html>`_ for more information.

clang-tools-extra/docs/clang-tidy/checks/list.rst

Show First 20 LinesShow All 87 Lines▼ Show 20 Lines.. csv-table::
`bugprone-sizeof-container <bugprone-sizeof-container.html>`_, `bugprone-sizeof-container <bugprone-sizeof-container.html>`_,
`bugprone-sizeof-expression <bugprone-sizeof-expression.html>`_, `bugprone-sizeof-expression <bugprone-sizeof-expression.html>`_,
`bugprone-spuriously-wake-up-functions <bugprone-spuriously-wake-up-functions.html>`_, `bugprone-spuriously-wake-up-functions <bugprone-spuriously-wake-up-functions.html>`_,
`bugprone-string-constructor <bugprone-string-constructor.html>`_, "Yes" `bugprone-string-constructor <bugprone-string-constructor.html>`_, "Yes"
`bugprone-string-integer-assignment <bugprone-string-integer-assignment.html>`_, "Yes" `bugprone-string-integer-assignment <bugprone-string-integer-assignment.html>`_, "Yes"
`bugprone-string-literal-with-embedded-nul <bugprone-string-literal-with-embedded-nul.html>`_, `bugprone-string-literal-with-embedded-nul <bugprone-string-literal-with-embedded-nul.html>`_,
`bugprone-suspicious-enum-usage <bugprone-suspicious-enum-usage.html>`_, `bugprone-suspicious-enum-usage <bugprone-suspicious-enum-usage.html>`_,
`bugprone-suspicious-include <bugprone-suspicious-include.html>`_, `bugprone-suspicious-include <bugprone-suspicious-include.html>`_,
`bugprone-suspicious-memory-comparison <bugprone-suspicious-memory-comparison.html>`_,
`bugprone-suspicious-memset-usage <bugprone-suspicious-memset-usage.html>`_, "Yes" `bugprone-suspicious-memset-usage <bugprone-suspicious-memset-usage.html>`_, "Yes"
`bugprone-suspicious-missing-comma <bugprone-suspicious-missing-comma.html>`_, `bugprone-suspicious-missing-comma <bugprone-suspicious-missing-comma.html>`_,
`bugprone-suspicious-semicolon <bugprone-suspicious-semicolon.html>`_, "Yes" `bugprone-suspicious-semicolon <bugprone-suspicious-semicolon.html>`_, "Yes"
`bugprone-suspicious-string-compare <bugprone-suspicious-string-compare.html>`_, "Yes" `bugprone-suspicious-string-compare <bugprone-suspicious-string-compare.html>`_, "Yes"
`bugprone-swapped-arguments <bugprone-swapped-arguments.html>`_, "Yes" `bugprone-swapped-arguments <bugprone-swapped-arguments.html>`_, "Yes"
`bugprone-terminating-continue <bugprone-terminating-continue.html>`_, "Yes" `bugprone-terminating-continue <bugprone-terminating-continue.html>`_, "Yes"
`bugprone-throw-keyword-missing <bugprone-throw-keyword-missing.html>`_, `bugprone-throw-keyword-missing <bugprone-throw-keyword-missing.html>`_,
`bugprone-too-small-loop-variable <bugprone-too-small-loop-variable.html>`_, `bugprone-too-small-loop-variable <bugprone-too-small-loop-variable.html>`_,
`bugprone-undefined-memory-manipulation <bugprone-undefined-memory-manipulation.html>`_, `bugprone-undefined-memory-manipulation <bugprone-undefined-memory-manipulation.html>`_,
`bugprone-undelegated-constructor <bugprone-undelegated-constructor.html>`_, `bugprone-undelegated-constructor <bugprone-undelegated-constructor.html>`_,
`bugprone-unhandled-exception-at-new <bugprone-unhandled-exception-at-new.html>`_, `bugprone-unhandled-exception-at-new <bugprone-unhandled-exception-at-new.html>`_,
`bugprone-unhandled-self-assignment <bugprone-unhandled-self-assignment.html>`_, `bugprone-unhandled-self-assignment <bugprone-unhandled-self-assignment.html>`_,
`bugprone-unused-raii <bugprone-unused-raii.html>`_, "Yes" `bugprone-unused-raii <bugprone-unused-raii.html>`_, "Yes"
`bugprone-unused-return-value <bugprone-unused-return-value.html>`_, `bugprone-unused-return-value <bugprone-unused-return-value.html>`_,
`bugprone-use-after-move <bugprone-use-after-move.html>`_, `bugprone-use-after-move <bugprone-use-after-move.html>`_,
`bugprone-virtual-near-miss <bugprone-virtual-near-miss.html>`_, "Yes" `bugprone-virtual-near-miss <bugprone-virtual-near-miss.html>`_, "Yes"
`cert-dcl21-cpp <cert-dcl21-cpp.html>`_, `cert-dcl21-cpp <cert-dcl21-cpp.html>`_,
`cert-dcl50-cpp <cert-dcl50-cpp.html>`_, `cert-dcl50-cpp <cert-dcl50-cpp.html>`_,
`cert-dcl58-cpp <cert-dcl58-cpp.html>`_, `cert-dcl58-cpp <cert-dcl58-cpp.html>`_,
`cert-env33-c <cert-env33-c.html>`_, `cert-env33-c <cert-env33-c.html>`_,
`cert-err34-c <cert-err34-c.html>`_, `cert-err34-c <cert-err34-c.html>`_,
`cert-err52-cpp <cert-err52-cpp.html>`_, `cert-err52-cpp <cert-err52-cpp.html>`_,
`cert-err58-cpp <cert-err58-cpp.html>`_, `cert-err58-cpp <cert-err58-cpp.html>`_,
`cert-err60-cpp <cert-err60-cpp.html>`_, `cert-err60-cpp <cert-err60-cpp.html>`_,
`cert-exp42-c <cert-exp42-c.html>`_,
`cert-flp30-c <cert-flp30-c.html>`_, `cert-flp30-c <cert-flp30-c.html>`_,
`cert-flp37-c <cert-flp37-c.html>`_,
`cert-mem57-cpp <cert-mem57-cpp.html>`_, `cert-mem57-cpp <cert-mem57-cpp.html>`_,
`cert-msc50-cpp <cert-msc50-cpp.html>`_, `cert-msc50-cpp <cert-msc50-cpp.html>`_,
`cert-msc51-cpp <cert-msc51-cpp.html>`_, `cert-msc51-cpp <cert-msc51-cpp.html>`_,
`cert-oop57-cpp <cert-oop57-cpp.html>`_, `cert-oop57-cpp <cert-oop57-cpp.html>`_,
`cert-oop58-cpp <cert-oop58-cpp.html>`_, `cert-oop58-cpp <cert-oop58-cpp.html>`_,
`clang-analyzer-core.DynamicTypePropagation <clang-analyzer-core.DynamicTypePropagation.html>`_, `clang-analyzer-core.DynamicTypePropagation <clang-analyzer-core.DynamicTypePropagation.html>`_,
`clang-analyzer-core.uninitialized.CapturedBlockVariable <clang-analyzer-core.uninitialized.CapturedBlockVariable.html>`_, `clang-analyzer-core.uninitialized.CapturedBlockVariable <clang-analyzer-core.uninitialized.CapturedBlockVariable.html>`_,
`clang-analyzer-cplusplus.InnerPointer <clang-analyzer-cplusplus.InnerPointer.html>`_, `clang-analyzer-cplusplus.InnerPointer <clang-analyzer-cplusplus.InnerPointer.html>`_,
▲ Show 20 LinesShow All 317 LinesShow Last 20 Lines

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison-32bits.cpp

  • This file was added.
// RUN: %check_clang_tidy %s bugprone-suspicious-memory-comparison %t \
// RUN: -- -- -target i386-unknown-unknown
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Wouldn't picking a 32-bit target suffice instead of -m32? e.g., -target i386-unknown-unknown

aaron.ballman: Wouldn't picking a 32-bit target suffice instead of `-m32`? e.g., `-target i386-unknown-unknown`
gbenczeAuthorUnsubmitted
Done
ReplyInline Actions

To be fully honest, I have no idea, I saw some other tests using -m32 so I decided to copy that.

gbencze: To be fully honest, I have no idea, I saw some other tests using `-m32` so I decided to copy…
steakhalUnsubmitted
Not Done
ReplyInline Actions

Why don't we pick i386-unknown-linux instead?
That would limit the scope of this test to Ititanium ABI.

steakhal: Why don't we pick `i386-unknown-linux` instead? That would limit the scope of this test to…
static_assert(sizeof(int *) == sizeof(int));
namespace std {
typedef __SIZE_TYPE__ size_t;
int memcmp(const void *lhs, const void *rhs, size_t count);
} // namespace std
namespace no_padding_on_32bit {
struct S {
int x;
int *y;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
}
} // namespace no_padding_on_32bit
namespace inner_padding {
struct S {
char x;
int y;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'inner_padding::S' which does not have a unique object representation; consider comparing the members of the object manually
}
} // namespace inner_padding

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison.c

  • This file was added.
// RUN: %check_clang_tidy %s bugprone-suspicious-memory-comparison %t \
// RUN: -- -- -target x86_64-unknown-unknown -std=c99
typedef __SIZE_TYPE__ size_t;
int memcmp(const void *lhs, const void *rhs, size_t count);
// Examples from cert rule exp42-c
struct S {
char c;
int i;
char buffer[13];
};
void exp42_c_noncompliant(const struct S *left, const struct S *right) {
if ((left && right) && (0 == memcmp(left, right, sizeof(struct S)))) {
// CHECK-MESSAGES: :[[@LINE-1]]:32: warning: comparing object representation of type 'struct S' which does not have a unique object representation; consider comparing the members of the object manually
}
}
void exp42_c_compliant(const struct S *left, const struct S *right) {
if ((left && right) && (left->c == right->c) && (left->i == right->i) &&
(0 == memcmp(left->buffer, right->buffer, 13))) {
}
}
#pragma pack(push, 1)
struct Packed_S {
char c;
int i;
char buffer[13];
};
#pragma pack(pop)
void compliant_packed(const struct Packed_S *left,
const struct Packed_S *right) {
if ((left && right) && (0 == memcmp(left, right, sizeof(struct Packed_S)))) {
// no-warning
}
}
// Examples from cert rule flp37-c
struct S2 {
int i;
float f;
};
int flp37_c_noncompliant(const struct S2 *s1, const struct S2 *s2) {
if (!s1 && !s2)
return 1;
else if (!s1 || !s2)
return 0;
return 0 == memcmp(s1, s2, sizeof(struct S2));
// CHECK-MESSAGES: :[[@LINE-1]]:15: warning: comparing object representation of type 'struct S2' which does not have a unique object representation; consider comparing the members of the object manually
}
int flp37_c_compliant(const struct S2 *s1, const struct S2 *s2) {
if (!s1 && !s2)
return 1;
else if (!s1 || !s2)
return 0;
return s1->i == s2->i && s1->f == s2->f;
// no-warning
}
void Test_Float() {
float a, b;
memcmp(&a, &b, sizeof(float));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'float' which does not have a unique object representation; consider comparing the values manually
}
void TestArray_Float() {
float a[3], b[3];
memcmp(a, b, sizeof(a));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'float' which does not have a unique object representation; consider comparing the values manually
}
struct PredeclaredType;
void Test_PredeclaredType(const struct PredeclaredType *lhs,
const struct PredeclaredType *rhs) {
memcmp(lhs, rhs, 1); // no-warning: predeclared type
}
struct NoPadding {
int x;
int y;
};
void Test_NoPadding() {
struct NoPadding a, b;
memcmp(&a, &b, sizeof(struct NoPadding));
}
void TestArray_NoPadding() {
struct NoPadding a[3], b[3];
memcmp(a, b, 3 * sizeof(struct NoPadding));
}
struct TrailingPadding {
int i;
char c;
};
void Test_TrailingPadding() {
struct TrailingPadding a, b;
memcmp(&a, &b, sizeof(struct TrailingPadding));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct TrailingPadding' which does not have a unique object representation; consider comparing the members of the object manually
memcmp(&a, &b, sizeof(int)); // no-warning: not comparing entire object
memcmp(&a, &b, 2 * sizeof(int));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct TrailingPadding' which does not have a unique object representation; consider comparing the members of the object manually
}
struct TrailingPadding2 {
int i[2];
char c;
};
void Test_TrailingPadding2() {
struct TrailingPadding2 a, b;
memcmp(&a, &b, 2 * sizeof(int)); // no-warning: not comparing entire object
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Just to make it obvious, I think a test like this would also be handy:

struct Whatever {
  int i[2];
  char c;
};

struct Whatever one, two;
memcmp(&one, &two, 2 * sizeof(int)); // Shouldn't warn either

which brings up a pathological case that I have no idea how it should behave:

struct Whatever {
  int i[2];
  int : 0; // What now?!
};

struct Whatever one, two;
memcmp(&one, &two, 2 * sizeof(int)); // Warn? Don't Warn? Cry?
aaron.ballman: Just to make it obvious, I think a test like this would also be handy: ``` struct Whatever {…
gbenczeAuthorUnsubmitted
Done
ReplyInline Actions

Added two new test cases for these: Test_TrailingPadding2 and Bitfield_TrailingUnnamed.
Purely empirically the latter one seems to have a size of 2*sizeof(int), so I assume there is no need to warn there.

gbencze: Added two new test cases for these: `Test_TrailingPadding2` and `Bitfield_TrailingUnnamed`.
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Thanks for the new test cases, and I think that emergent behavior is reasonable.

aaron.ballman: Thanks for the new test cases, and I think that emergent behavior is reasonable.
memcmp(&a, &b, sizeof(struct TrailingPadding2));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct TrailingPadding2' which does not have a unique object representation; consider comparing the members of the object manually
}
void Test_UnknownCount(size_t count) {
struct TrailingPadding a, b;
memcmp(&a, &b, count); // no-warning: unknown count value
}
void Test_ExplicitVoidCast() {
struct TrailingPadding a, b;
memcmp((void *)&a, (void *)&b,
sizeof(struct TrailingPadding)); // no-warning: explicit cast
}
void TestArray_TrailingPadding() {
struct TrailingPadding a[3], b[3];
memcmp(a, b, 3 * sizeof(struct TrailingPadding));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct TrailingPadding' which does not have a unique object representation; consider comparing the members of the object manually
}
struct InnerPadding {
char c;
int i;
};
void Test_InnerPadding() {
struct InnerPadding a, b;
memcmp(&a, &b, sizeof(struct InnerPadding));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct InnerPadding' which does not have a unique object representation; consider comparing the members of the object manually
}
struct Bitfield_TrailingPaddingBytes {
int x : 10;
int y : 6;
};
void Test_Bitfield_TrailingPaddingBytes() {
struct Bitfield_TrailingPaddingBytes a, b;
memcmp(&a, &b, sizeof(struct S));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct Bitfield_TrailingPaddingBytes' which does not have a unique object representation; consider comparing the members of the object manually
}
struct Bitfield_TrailingPaddingBits {
int x : 10;
int y : 20;
};
void Test_Bitfield_TrailingPaddingBits() {
struct Bitfield_TrailingPaddingBits a, b;
memcmp(&a, &b, sizeof(struct Bitfield_TrailingPaddingBits));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct Bitfield_TrailingPaddingBits' which does not have a unique object representation; consider comparing the members of the object manually
}
struct Bitfield_InnerPaddingBits {
char x : 2;
int : 0;
char y : 8;
};
void Test_Bitfield_InnerPaddingBits() {
struct Bitfield_InnerPaddingBits a, b;
memcmp(&a, &b, sizeof(struct Bitfield_InnerPaddingBits));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct Bitfield_InnerPaddingBits' which does not have a unique object representation; consider comparing the members of the object manually
}
struct Bitfield_NoPadding {
int i : 10;
int j : 10;
int k : 10;
int l : 2;
};
_Static_assert(sizeof(struct Bitfield_NoPadding) == sizeof(int),
"Bit-fields should line up perfectly");
void Test_Bitfield_NoPadding() {
struct Bitfield_NoPadding a, b;
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

How about a test where everything lines up perfectly for bit-fields?

struct Whatever {
  int i : 10;
  int j : 10;
  int k : 10;
  int l : 2;
};
_Static_assert(sizeof(struct Whatever) == sizeof(int));
aaron.ballman: How about a test where everything lines up perfectly for bit-fields? ``` struct Whatever {…
memcmp(&a, &b, sizeof(struct Bitfield_NoPadding)); // no-warning
}
struct Bitfield_TrailingUnnamed {
int i[2];
int : 0;
};
void Bitfield_TrailingUnnamed() {
struct Bitfield_TrailingUnnamed a, b;
memcmp(&a, &b, 2 * sizeof(int)); // no-warning
memcmp(&a, &b, sizeof(struct Bitfield_TrailingUnnamed)); // no-warning
}
struct PaddingAfterUnion {
union {
unsigned short a;
short b;
} x;
int y;
};
void Test_PaddingAfterUnion() {
struct PaddingAfterUnion a, b;
memcmp(&a, &b, sizeof(struct PaddingAfterUnion));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct PaddingAfterUnion' which does not have a unique object representation; consider comparing the members of the object manually
}
struct Union_NoPadding {
union {
int a;
unsigned int b;
} x;
int y;
};
void Test_Union_NoPadding() {
struct Union_NoPadding a, b;
memcmp(&a, &b, 2 * sizeof(int));
memcmp(&a, &b, sizeof(struct Union_NoPadding));
}
union UnionWithPaddingInNestedStruct {
int i;
struct {
int i;
char c;
} x;
};
void Test_UnionWithPaddingInNestedStruct() {
union UnionWithPaddingInNestedStruct a, b;
memcmp(&a, &b, sizeof(union UnionWithPaddingInNestedStruct));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'union UnionWithPaddingInNestedStruct' which does not have a unique object representation; consider comparing the members of the object manually
}
struct PaddingInNested {
struct TrailingPadding x;
char y;
};
void Test_PaddingInNested() {
struct PaddingInNested a, b;
memcmp(&a, &b, sizeof(struct PaddingInNested));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct PaddingInNested' which does not have a unique object representation; consider comparing the members of the object manually
}
struct PaddingAfterNested {
struct {
char a;
char b;
} x;
int y;
};
void Test_PaddingAfterNested() {
struct PaddingAfterNested a, b;
memcmp(&a, &b, sizeof(struct PaddingAfterNested));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct PaddingAfterNested' which does not have a unique object representation; consider comparing the members of the object manually
}
struct AtomicMember {
_Atomic(int) x;
};
void Test_AtomicMember() {
// FIXME: this is a false positive as the list of objects with unique object
// representations is incomplete.
struct AtomicMember a, b;
memcmp(&a, &b, sizeof(struct AtomicMember));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'struct AtomicMember' which does not have a unique object representation; consider comparing the members of the object manually
}

clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memory-comparison.cpp

  • This file was added.
// RUN: %check_clang_tidy %s bugprone-suspicious-memory-comparison %t \
// RUN: -- -- -target x86_64-unknown-unknown
namespace std {
typedef __SIZE_TYPE__ size_t;
int memcmp(const void *lhs, const void *rhs, size_t count);
} // namespace std
namespace sei_cert_example_oop57_cpp {
class C {
int i;
public:
virtual void f();
};
void f(C &c1, C &c2) {
if (!std::memcmp(&c1, &c2, sizeof(C))) {
// CHECK-MESSAGES: :[[@LINE-1]]:8: warning: comparing object representation of non-standard-layout type 'sei_cert_example_oop57_cpp::C'; consider using a comparison operator instead
}
}
} // namespace sei_cert_example_oop57_cpp
namespace inner_padding_64bit_only {
struct S {
int x;
int *y;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'inner_padding_64bit_only::S' which does not have a unique object representation; consider comparing the members of the object manually
}
} // namespace inner_padding_64bit_only
namespace padding_in_base {
class Base {
char c;
int i;
};
class Derived : public Base {};
class Derived2 : public Derived {};
void testDerived() {
Derived a, b;
std::memcmp(&a, &b, sizeof(Base));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'padding_in_base::Derived' which does not have a unique object representation; consider comparing the members of the object manually
std::memcmp(&a, &b, sizeof(Derived));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'padding_in_base::Derived' which does not have a unique object representation; consider comparing the members of the object manually
}
void testDerived2() {
Derived2 a, b;
std::memcmp(&a, &b, sizeof(Base));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'padding_in_base::Derived2' which does not have a unique object representation; consider comparing the members of the object manually
std::memcmp(&a, &b, sizeof(Derived2));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'padding_in_base::Derived2' which does not have a unique object representation; consider comparing the members of the object manually
}
} // namespace padding_in_base
namespace no_padding_in_base {
class Base {
int a, b;
};
class Derived : public Base {};
class Derived2 : public Derived {};
void testDerived() {
Derived a, b;
std::memcmp(&a, &b, sizeof(Base));
std::memcmp(&a, &b, sizeof(Derived));
}
void testDerived2() {
Derived2 a, b;
std::memcmp(&a, &b, sizeof(char));
std::memcmp(&a, &b, sizeof(Base));
std::memcmp(&a, &b, sizeof(Derived2));
}
} // namespace no_padding_in_base
namespace non_standard_layout {
class C {
private:
int x;
public:
int y;
};
void test() {
C a, b;
std::memcmp(&a, &b, sizeof(C));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of non-standard-layout type 'non_standard_layout::C'; consider using a comparison operator instead
}
} // namespace non_standard_layout
namespace static_ignored {
struct S {
static char c;
int i;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
}
} // namespace static_ignored
namespace operator_void_ptr {
struct S {
operator void *() const;
};
void test() {
S s;
std::memcmp(s, s, sizeof(s));
}
} // namespace operator_void_ptr
namespace empty_struct {
struct S {};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'empty_struct::S' which does not have a unique object representation; consider comparing the members of the object manually
}
} // namespace empty_struct
namespace empty_field {
struct Empty {};
struct S {
Empty e;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'empty_field::S' which does not have a unique object representation; consider comparing the members of the object manually
}
} // namespace empty_field
namespace no_unique_address_attribute {
struct Empty {};
namespace no_padding {
struct S {
char c;
[[no_unique_address]] Empty e;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
}
} // namespace no_padding
namespace multiple_empties_same_type {
struct S {
char c;
[[no_unique_address]] Empty e1, e2;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'no_unique_address_attribute::multiple_empties_same_type::S' which does not have a unique object representation; consider comparing the members of the object manually
}
} // namespace multiple_empties_same_type
namespace multiple_empties_different_types {
struct Empty2 {};
struct S {
char c;
[[no_unique_address]] Empty e1;
[[no_unique_address]] Empty2 e2;
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
}
} // namespace multiple_empties_different_types
} // namespace no_unique_address_attribute
namespace alignment {
struct S {
char x;
alignas(sizeof(int)) char y[sizeof(int)];
};
void test() {
S a, b;
std::memcmp(&a, &b, sizeof(S));
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: comparing object representation of type 'alignment::S' which does not have a unique object representation; consider comparing the members of the object manually
}
} // namespace alignment
namespace no_warning_in_template {
template <typename T>
int compare(const T *l, const T *r) {
return std::memcmp(l, r, sizeof(T));
}
void test() {
int a, b;
compare(&a, &b);
}
} // namespace no_warning_in_template
namespace warning_in_template {
template <typename T>
int compare(const T *l, const T *r) {
return std::memcmp(l, r, sizeof(T));
// CHECK-MESSAGES: :[[@LINE-1]]:10: warning: comparing object representation of type 'float' which does not have a unique object representation; consider comparing the values manually
}
void test() {
float a, b;
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Another case we should be careful of is template instantiations:

template <typename Ty>
void func(const Ty *o1, const Ty *o2) {
  memcmp(o1, o2, sizeof(Ty));
}

We don't want to diagnose that unless it's been instantiated with types that are a problem.

aaron.ballman: Another case we should be careful of is template instantiations: ``` template <typename Ty>…
gbenczeAuthorUnsubmitted
Done
ReplyInline Actions

Thanks, I added two new tests for these. I also made a minor fix in registerMatchers to make sure I don't try to evaluate a dependant expression.

gbencze: Thanks, I added two new tests for these. I also made a minor fix in `registerMatchers` to make…
compare(&a, &b);
}
} // namespace warning_in_template