llvm-project/clang-tools-extra/test/clang-tidy/checkers/bugprone-signed-char-misuse...

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

250 lines
7.2 KiB
C++
Raw Normal View History

[clang-tidy] new check: bugprone-signed-char-misuse Summary: This check searches for signed char -> integer conversions which might indicate programming error, because of the misinterpretation of char values. A signed char might store the non-ASCII characters as negative values. The human programmer probably expects that after an integer conversion the converted value matches with the character code (a value from [0..255]), however, the actual value is in [-128..127] interval. See also: STR34-C. Cast characters to unsigned char before converting to larger integer sizes <https://wiki.sei.cmu.edu/confluence/display/c/STR34-C.+Cast+characters+to+unsigned+char+before+converting+to+larger+integer+sizes> By now this check is limited to assignment / variable declarations. If we would catch all signed char -> integer conversion, then it would produce a lot of findings and also false positives. So I added only this use case now, but this check can be extended with additional use cases later. The CERT documentation mentions another use case when the char is used for array subscript. Next to that a third use case can be the signed char - unsigned char comparison, which also a use case where things happen unexpectedly because of conversion to integer. Reviewers: alexfh, hokein, aaron.ballman Reviewed By: aaron.ballman Subscribers: sylvestre.ledru, whisperity, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits Tags: #clang, #clang-tools-extra Differential Revision: https://reviews.llvm.org/D71174
2020-01-04 21:05:09 +08:00
// RUN: %check_clang_tidy %s bugprone-signed-char-misuse %t
///////////////////////////////////////////////////////////////////
/// Test cases correctly caught by the check.
typedef __SIZE_TYPE__ size_t;
namespace std {
template <typename T, size_t N>
struct array {
T &operator[](size_t n);
T &at(size_t n);
};
} // namespace std
[clang-tidy] new check: bugprone-signed-char-misuse Summary: This check searches for signed char -> integer conversions which might indicate programming error, because of the misinterpretation of char values. A signed char might store the non-ASCII characters as negative values. The human programmer probably expects that after an integer conversion the converted value matches with the character code (a value from [0..255]), however, the actual value is in [-128..127] interval. See also: STR34-C. Cast characters to unsigned char before converting to larger integer sizes <https://wiki.sei.cmu.edu/confluence/display/c/STR34-C.+Cast+characters+to+unsigned+char+before+converting+to+larger+integer+sizes> By now this check is limited to assignment / variable declarations. If we would catch all signed char -> integer conversion, then it would produce a lot of findings and also false positives. So I added only this use case now, but this check can be extended with additional use cases later. The CERT documentation mentions another use case when the char is used for array subscript. Next to that a third use case can be the signed char - unsigned char comparison, which also a use case where things happen unexpectedly because of conversion to integer. Reviewers: alexfh, hokein, aaron.ballman Reviewed By: aaron.ballman Subscribers: sylvestre.ledru, whisperity, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits Tags: #clang, #clang-tools-extra Differential Revision: https://reviews.llvm.org/D71174
2020-01-04 21:05:09 +08:00
int SimpleVarDeclaration() {
signed char CCharacter = -5;
int NCharacter = CCharacter;
// CHECK-MESSAGES: [[@LINE-1]]:20: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
return NCharacter;
}
int SimpleAssignment() {
signed char CCharacter = -5;
int NCharacter;
NCharacter = CCharacter;
// CHECK-MESSAGES: [[@LINE-1]]:16: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
return NCharacter;
}
int CStyleCast() {
signed char CCharacter = -5;
int NCharacter;
NCharacter = (int)CCharacter;
// CHECK-MESSAGES: [[@LINE-1]]:21: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
return NCharacter;
}
int StaticCast() {
signed char CCharacter = -5;
int NCharacter;
NCharacter = static_cast<int>(CCharacter);
// CHECK-MESSAGES: [[@LINE-1]]:33: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
return NCharacter;
}
int FunctionalCast() {
signed char CCharacter = -5;
int NCharacter;
NCharacter = int(CCharacter);
// CHECK-MESSAGES: [[@LINE-1]]:20: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
return NCharacter;
}
int NegativeConstValue() {
const signed char CCharacter = -5;
int NCharacter = CCharacter;
// CHECK-MESSAGES: [[@LINE-1]]:20: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
return NCharacter;
}
int CharPointer(signed char *CCharacter) {
int NCharacter = *CCharacter;
// CHECK-MESSAGES: [[@LINE-1]]:20: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
return NCharacter;
}
int SignedUnsignedCharEquality(signed char SCharacter) {
unsigned char USCharacter = 'a';
if (SCharacter == USCharacter) // CHECK-MESSAGES: [[@LINE]]:7: warning: comparison between 'signed char' and 'unsigned char' [bugprone-signed-char-misuse]
return 1;
return 0;
}
int SignedUnsignedCharIneqiality(signed char SCharacter) {
unsigned char USCharacter = 'a';
if (SCharacter != USCharacter) // CHECK-MESSAGES: [[@LINE]]:7: warning: comparison between 'signed char' and 'unsigned char' [bugprone-signed-char-misuse]
return 1;
return 0;
}
int CompareWithNonAsciiConstant(unsigned char USCharacter) {
const signed char SCharacter = -5;
if (USCharacter == SCharacter) // CHECK-MESSAGES: [[@LINE]]:7: warning: comparison between 'signed char' and 'unsigned char' [bugprone-signed-char-misuse]
return 1;
return 0;
}
int CompareWithUnsignedNonAsciiConstant(signed char SCharacter) {
const unsigned char USCharacter = 128;
if (USCharacter == SCharacter) // CHECK-MESSAGES: [[@LINE]]:7: warning: comparison between 'signed char' and 'unsigned char' [bugprone-signed-char-misuse]
return 1;
return 0;
}
int SignedCharCArraySubscript(signed char SCharacter) {
int Array[3] = {1, 2, 3};
return Array[static_cast<unsigned int>(SCharacter)]; // CHECK-MESSAGES: [[@LINE]]:42: warning: 'signed char' to 'unsigned int' conversion in array subscript; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
}
int SignedCharSTDArraySubscript(std::array<int, 3> Array, signed char SCharacter) {
return Array[static_cast<unsigned int>(SCharacter)]; // CHECK-MESSAGES: [[@LINE]]:42: warning: 'signed char' to 'unsigned int' conversion in array subscript; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
}
[clang-tidy] new check: bugprone-signed-char-misuse Summary: This check searches for signed char -> integer conversions which might indicate programming error, because of the misinterpretation of char values. A signed char might store the non-ASCII characters as negative values. The human programmer probably expects that after an integer conversion the converted value matches with the character code (a value from [0..255]), however, the actual value is in [-128..127] interval. See also: STR34-C. Cast characters to unsigned char before converting to larger integer sizes <https://wiki.sei.cmu.edu/confluence/display/c/STR34-C.+Cast+characters+to+unsigned+char+before+converting+to+larger+integer+sizes> By now this check is limited to assignment / variable declarations. If we would catch all signed char -> integer conversion, then it would produce a lot of findings and also false positives. So I added only this use case now, but this check can be extended with additional use cases later. The CERT documentation mentions another use case when the char is used for array subscript. Next to that a third use case can be the signed char - unsigned char comparison, which also a use case where things happen unexpectedly because of conversion to integer. Reviewers: alexfh, hokein, aaron.ballman Reviewed By: aaron.ballman Subscribers: sylvestre.ledru, whisperity, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits Tags: #clang, #clang-tools-extra Differential Revision: https://reviews.llvm.org/D71174
2020-01-04 21:05:09 +08:00
///////////////////////////////////////////////////////////////////
/// Test cases correctly ignored by the check.
int UnsignedCharCast() {
unsigned char CCharacter = 'a';
int NCharacter = CCharacter;
return NCharacter;
}
int PositiveConstValue() {
const signed char CCharacter = 5;
int NCharacter = CCharacter;
return NCharacter;
}
// singed char -> integer cast is not the direct child of declaration expression.
int DescendantCast() {
signed char CCharacter = 'a';
int NCharacter = 10 + CCharacter;
return NCharacter;
}
// singed char -> integer cast is not the direct child of assignment expression.
int DescendantCastAssignment() {
signed char CCharacter = 'a';
int NCharacter;
NCharacter = 10 + CCharacter;
return NCharacter;
}
// bool is an integer type in clang; make sure to ignore it.
bool BoolVarDeclaration() {
signed char CCharacter = 'a';
bool BCharacter = CCharacter == 'b';
return BCharacter;
}
// bool is an integer type in clang; make sure to ignore it.
bool BoolAssignment() {
signed char CCharacter = 'a';
bool BCharacter;
BCharacter = CCharacter == 'b';
return BCharacter;
}
// char is an integer type in clang; make sure to ignore it.
unsigned char CharToCharCast() {
signed char SCCharacter = 'a';
unsigned char USCharacter;
USCharacter = SCCharacter;
return USCharacter;
}
int FixComparisonWithSignedCharCast(signed char SCharacter) {
unsigned char USCharacter = 'a';
if (SCharacter == static_cast<signed char>(USCharacter))
return 1;
return 0;
}
int FixComparisonWithUnSignedCharCast(signed char SCharacter) {
unsigned char USCharacter = 'a';
if (static_cast<unsigned char>(SCharacter) == USCharacter)
return 1;
return 0;
}
// Make sure we don't catch other type of char comparison.
int SameCharTypeComparison(signed char SCharacter) {
signed char SCharacter2 = 'a';
if (SCharacter == SCharacter2)
return 1;
return 0;
}
// Make sure we don't catch other type of char comparison.
int SameCharTypeComparison2(unsigned char USCharacter) {
unsigned char USCharacter2 = 'a';
if (USCharacter == USCharacter2)
return 1;
return 0;
}
// Make sure we don't catch integer - char comparison.
int CharIntComparison(signed char SCharacter) {
int ICharacter = 10;
if (SCharacter == ICharacter)
return 1;
return 0;
}
int CompareWithAsciiLiteral(unsigned char USCharacter) {
if (USCharacter == 'x') // no warning
return 1;
return 0;
}
int CompareWithAsciiConstant(unsigned char USCharacter) {
const signed char SCharacter = 'a';
if (USCharacter == SCharacter)
return 1;
return 0;
}
int CompareWithUnsignedAsciiConstant(signed char SCharacter) {
const unsigned char USCharacter = 'a';
if (USCharacter == SCharacter)
return 1;
return 0;
}
int UnsignedCharCArraySubscript(unsigned char USCharacter) {
int Array[3] = {1, 2, 3};
return Array[static_cast<unsigned int>(USCharacter)];
}
int CastedCArraySubscript(signed char SCharacter) {
int Array[3] = {1, 2, 3};
return Array[static_cast<unsigned char>(SCharacter)];
}
int UnsignedCharSTDArraySubscript(std::array<int, 3> Array, unsigned char USCharacter) {
return Array[static_cast<unsigned int>(USCharacter)];
}
int CastedSTDArraySubscript(std::array<int, 3> Array, signed char SCharacter) {
return Array[static_cast<unsigned char>(SCharacter)];
}