Commit Graph

28 Commits

Author SHA1 Message Date
Jonas Toth 552b62ed1f [clang-tidy] implement cppcoreguidelines macro rules
Summary:
In short macros are discouraged by multiple rules (and sometimes reference randomly). [Enum.1], [ES.30], [ES.31]
This check allows only headerguards and empty macros for annotation.

Reviewers: aaron.ballman, hokein

Reviewed By: aaron.ballman

Subscribers: jbcoe, Eugene.Zelenko, klimek, nemanjai, mgorny, xazax.hun, kbarton, cfe-commits

Differential Revision: https://reviews.llvm.org/D41648

llvm-svn: 344940
2018-10-22 19:20:01 +00:00
Eugene Zelenko 04d38c5f52 [Clang-tidy] Alphabetical sort of files/checks. Add space after clang-tidy in source code headers.
llvm-svn: 342601
2018-09-20 00:02:55 +00:00
Aaron Ballman d824f0cbe3 Adding the readability module to the list of dependencies for the C++ Core Guidelines module. Amends r339516 for a failing bot.
llvm-svn: 339517
2018-08-12 14:47:16 +00:00
Clement Courbet 1c0a15c444 [clang-tidy] new cppcoreguidelines-narrowing-conversions check.
Summary:
Checks for narrowing conversions, e.g.

int i = 0;
i += 0.1;

This has what some might consider false positives for:
i += ceil(d);

Reviewers: alexfh, hokein

Subscribers: srhines, nemanjai, mgorny, JDevlieghere, xazax.hun, kbarton

Differential Revision: https://reviews.llvm.org/D38455

llvm-svn: 333066
2018-05-23 07:58:41 +00:00
Jonas Toth f22f3489d7 [clang-tidy] implement check for goto
The usage of `goto` is discourage in C++ since forever. This check implements
a warning for every `goto`. Even though there are (rare) valid use cases for
`goto`, better high level constructs should be used.

`goto` is used sometimes in C programs to free resources at the end of 
functions in the case of errors. This pattern is better implemented with
RAII in C++.

Reviewers: aaron.ballman, alexfh, hokein

Reviewed By: aaron.ballman

Subscribers: lebedev.ri, jbcoe, Eugene.Zelenko, klimek, nemanjai, mgorny, xazax.hun, kbarton, cfe-commits

Differential Revision: https://reviews.llvm.org/D41815

llvm-svn: 322626
2018-01-17 10:27:41 +00:00
Jonas Toth 6ccc1c342a [clang-tidy] Implement type-based check for `gsl::owner`
This check implements the typebased semantic of `gsl::owner`.
Meaning, that 
- only `gsl::owner` is allowed to get `delete`d
- `new` expression must be assigned to `gsl::owner`
- function calls that expect `gsl::owner` as argument, must get either an owner
  or a newly created and recognized resource (in the moment only `new`ed memory)
- assignment to `gsl::owner` must be either a resource or another owner
- functions returning an `gsl::owner` are considered as factories, and their result
  must be assigned to an `gsl::owner`
- classes that have an `gsl::owner`-member must declare a non-default destructor

There are some problems that occur when typededuction is in place.
For example `auto Var = function_that_returns_owner();` the type of `Var` will not be
an `gsl::owner`. This case is catched, and explicitly noted.

But cases like fully templated functions
```
template <typename T> 
void f(T t) { delete t; }
// ...
f(gsl::owner<int*>(new int(42)));
```
Will created false positive (the deletion is problematic), since the type deduction
removes the wrapping `typeAlias`.

Codereview in D36354

llvm-svn: 313067
2017-09-12 20:00:42 +00:00
Jonas Toth 8bfdc0b1cc [clang-tidy] Revert Implement type-based check for gsl::owner
This should unbreak the buildbot for visual studio 2015 for now.

llvm-svn: 313059
2017-09-12 18:35:54 +00:00
Jonas Toth a5d53274f3 [clang-tidy] Implement type-based check for `gsl::owner`
This check implements the typebased semantic of `gsl::owner`.
Meaning, that 
- only `gsl::owner` is allowed to get `delete`d
- `new` expression must be assigned to `gsl::owner`
- function calls that expect `gsl::owner` as argument, must get either an owner
  or a newly created and recognized resource (in the moment only `new`ed memory)
- assignment to `gsl::owner` must be either a resource or another owner
- functions returning an `gsl::owner` are considered as factories, and their result
  must be assigned to an `gsl::owner`
- classes that have an `gsl::owner`-member must declare a non-default destructor

There are some problems that occur when typededuction is in place.
For example `auto Var = function_that_returns_owner();` the type of `Var` will not be
an `gsl::owner`. This case is catched, and explicitly noted.

But cases like fully templated functions
```
template <typename T> 
void f(T t) { delete t; }
// ...
f(gsl::owner<int*>(new int(42)));
```
Will created false positive (the deletion is problematic), since the type deduction
removes the wrapping `typeAlias`.

Please give your comments :)

llvm-svn: 313043
2017-09-12 16:20:51 +00:00
Alexander Kornienko ebdfb9cf0c [Clang-tidy] check for malloc, realloc and free calls
Summary:
This checker flags the use of C-style memory management functionality and notes about modern alternatives.
In an earlier revision it tried to autofix some kind of patterns, but that was a bad idea. Since memory management can be so widespread in a program, manual updating is most likely necessary.
Maybe for special cases, there could be later additions to this basic checker.

This is the first checker I wrote and I never did something with clang (only compiling programs). So whenever I missed conventions or did plain retarded stuff, feel free to point it out! I am willing to fix them and write a better checker.

I hope the patch does work, I never did this either. On a testapply in my repository it did, but I am pretty unconfident in my patching skills :)

Reviewers: aaron.ballman, hokein, alexfh, malcolm.parsons

Subscribers: cfe-commits, JDevlieghere, nemanjai, Eugene.Zelenko, Prazek, mgorny, modocache

Tags: #clang-tools-extra

Differential Revision: https://reviews.llvm.org/D26167

Patch by Jonas Toth!

llvm-svn: 289546
2016-12-13 16:38:18 +00:00
Jonathan Coe 5d304b2456 [clang-tidy] add check cppcoreguidelines-special-member-functions
Summary:
Check for classes that violate the rule of five and zero as specified in CppCoreGuidelines:

"If a class defines or deletes a default operation then it should define or delete them all."

https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#c21-if-you-define-or-delete-any-default-operation-define-or-delete-them-all.

Reviewers: alexfh, sbenza, aaron.ballman

Subscribers: Prazek, Eugene.Zelenko, cfe-commits, ericLemanissier, nemanjai

Projects: #clang-tools-extra

Differential Revision: https://reviews.llvm.org/D22513

llvm-svn: 277262
2016-07-30 08:58:54 +00:00
Clement Courbet 22c9e93147 Revert "Revert "[clang-tidy] new cppcoreguidelines-slicing""
Second try for r276408

llvm-svn: 276415
2016-07-22 13:45:00 +00:00
Clement Courbet bd7aa358f0 Revert "[clang-tidy] new cppcoreguidelines-slicing"
Tests fail on clang-x64-ninja-win7 due to too narrow expectation.

llvm-svn: 276413
2016-07-22 13:33:51 +00:00
Clement Courbet f67fbfaa8c [clang-tidy] new cppcoreguidelines-slicing
Flags slicing of member variables or vtable. See:

https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#es63-dont-slice
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#c145-access-polymorphic-objects-through-pointers-and-references

Differential revision:
http://reviews.llvm.org/D21974

llvm-svn: 276408
2016-07-22 12:42:19 +00:00
Alexander Kornienko 477e5d8d31 [clang-tidy] cppcoreguidelines-interfaces-global-init
Summary:
This check flags initializers of globals that access extern objects, and therefore can lead to order-of-initialization problems (this recommandation is part of CPP core guidelines).
Note that this only checks half of the guideline for now (it does not enforce using constexpr functions).

Reviewers: aaron.ballman, alexfh

Subscribers: aaron.ballman, etienneb, Eugene.Zelenko, cfe-commits

Patch by Clement Courbet!

Differential Revision: http://reviews.llvm.org/D18649

llvm-svn: 265774
2016-04-08 09:51:06 +00:00
Felix Berger ffae543b39 [clang-tidy] ClangTidy check to flag uninitialized builtin and pointer fields.
Summary:
This patch is a continuation of http://reviews.llvm.org/D10553 by Jonathan B Coe.

The main additions are:

1. For C++11 the check suggests in-class field initialization as fix. This
makes the fields future proof towards the addition of new constructors.
2 For older language versions the fields are added in the right position
in the initializer list with more tests.
3. User documentation.

Reviewers: alexfh, jbcoe

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D16517

llvm-svn: 260873
2016-02-15 04:27:56 +00:00
Matthias Gehre 37f10a0c25 [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
Summary:
This is http://reviews.llvm.org/D13746 but instead of including <array>,
a stub is provided.
This check flags all array subscriptions on static arrays and
std::arrays that either have a non-compile-time-constant index or are
out of bounds.

Dynamic accesses into arrays are difficult for both tools and humans to
validate as safe. array_view is a bounds-checked, safe type for
accessing arrays of data. at() is another alternative that ensures
single accesses are bounds-checked. If iterators are needed to access an
array, use the iterators from an array_view constructed over the array.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D15030

llvm-svn: 255470
2015-12-13 22:08:26 +00:00
NAKAMURA Takumi 67361cc2e1 Revert r253401, "[clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index"
cppcoreguidelines-pro-bounds-constant-array-index.cpp is failing in several hosts.

llvm-svn: 253428
2015-11-18 02:14:35 +00:00
Matthias Gehre 55020566ed [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
Summary:
This check flags all array subscriptions on static arrays and
std::arrays that either have a non-compile-time-constant index or are
out of bounds.

Dynamic accesses into arrays are difficult for both tools and humans to
validate as safe. array_view is a bounds-checked, safe type for
accessing arrays of data. at() is another alternative that ensures
single accesses are bounds-checked. If iterators are needed to access an
array, use the iterators from an array_view constructed over the array.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13746

llvm-svn: 253401
2015-11-17 23:43:20 +00:00
Matthias Gehre eeb71758cc [clang-tidy] add new check cppcoreguidelines-pro-type-cstyle-cast
Summary:
This check flags all use of c-style casts that perform a static_cast
downcast, const_cast, or reinterpret_cast.

Use of these casts can violate type safety and cause the program to
access a
variable that is actually of type X to be accessed as if it were of an
unrelated type Z. Note that a C-style (T)expression cast means to
perform
the first of the following that is possible: a const_cast, a
static_cast, a
static_cast followed by a const_cast, a reinterpret_cast, or a
reinterpret_cast followed by a const_cast. This rule bans (T)expression
only when used to perform an unsafe cast.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type4-dont-use-c-style-texpression-casts-that-would-perform-a-static_cast-downcast-const_cast-or-reinterpret_cast.

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D14096

llvm-svn: 252425
2015-11-08 21:10:39 +00:00
Matthias Gehre f33319699d [clang-tidy] Add new check cppcoreguidelines-pro-bounds-array-to-pointer-decay
Summary:
This check flags all array to pointer decays.

Pointers should not be used as arrays. array_view is a bounds-checked,
safe alternative to using pointers to access arrays.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds3-no-array-to-pointer-decay

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13640

llvm-svn: 251358
2015-10-26 21:56:02 +00:00
Matthias Gehre 27da23464f [clang-tidy] add check cppcoreguidelines-pro-type-vararg
Summary:
This check flags all calls to c-style vararg functions and all use
of va_list, va_start and va_arg.

Passing to varargs assumes the correct type will be read. This is
fragile because it cannot generally be enforced to be safe in the
language and so relies on programmer discipline to get it right.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type8-avoid-reading-from-varargs-or-passing-vararg-arguments-prefer-variadic-template-parameters-instead

This commits also reverts
  "[clang-tidy] add cert's VariadicFunctionDefCheck as cppcoreguidelines-pro-type-vararg-def"
because that check makes the SFINAE use of vararg functions impossible.

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13787

llvm-svn: 250939
2015-10-21 20:09:02 +00:00
Matthias Gehre b785407c28 [clang-tidy] add check cppcoreguidelines-pro-type-union-access
Summary:
This check flags all access to members of unions. Passing unions as a
whole is not flagged.

Reading from a union member assumes that member was the last one
written, and writing to a union member assumes another member with a
nontrivial destructor had its destructor called. This is fragile because
it cannot generally be enforced to be safe in the language and so relies
on programmer discipline to get it right.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type7-avoid-accessing-members-of-raw-unions-prefer-variant-instead

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13784

llvm-svn: 250537
2015-10-16 18:46:30 +00:00
Matthias Gehre 0f629153af [clang-tidy] add cert's VariadicFunctionDefCheck as cppcoreguidelines-pro-type-vararg-def
Summary:
Import the cert check for variadic function definitions into
cppcoreguidelines module to check part of
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type8-avoid-reading-from-varargs-or-passing-vararg-arguments-prefer-variadic-template-parameters-instead

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13785

llvm-svn: 250468
2015-10-15 22:40:45 +00:00
Aaron Ballman d8e52d65f1 Appeasing build bots by linking in the proper libraries.
llvm-svn: 250166
2015-10-13 15:42:06 +00:00
Matthias Gehre dc48412c93 [clang-tidy] new check cppcoreguidelines-pro-bounds-pointer-arithmetic
Summary:
This check flags all usage of pointer arithmetic, because it could lead
to an
invalid pointer.
Subtraction of two pointers is not flagged by this check.

Pointers should only refer to single objects, and pointer arithmetic is
fragile and easy to get wrong. array_view is a bounds-checked, safe type
for accessing arrays of data.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds1-dont-use-pointer-arithmetic-use-array_view-instead

Depends on D13313

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13311

llvm-svn: 250116
2015-10-12 21:53:19 +00:00
Matthias Gehre a704d4bb27 [clang-tidy] add check cppcoreguidelines-pro-type-static-cast-downcast
Summary:
This check flags all usages of static_cast, where a base class is casted
to a derived class.
In those cases, a fixit is provided to convert the cast to a
dynamic_cast.

Use of these casts can violate type safety and cause the program to
access a variable that is actually of type X to be accessed as if it
were of an unrelated type Z.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type2-dont-use-static_cast-downcasts-use-dynamic_cast-instead

Depends on D13313

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13368

llvm-svn: 250098
2015-10-12 20:46:53 +00:00
Aaron Ballman 0bf129823a Add checker for the C++ Core Guidelines: cppcoreguidelines-pro-type-const-cast.
Patch by Matthias Gehre!

llvm-svn: 249540
2015-10-07 12:24:57 +00:00
Aaron Ballman aaa4080d21 Add a new module for the C++ Core Guidelines, and the first checker for those guidelines: cppcoreguidelines-pro-type-reinterpret-cast.
Patch by Matthias Gehre!

llvm-svn: 249399
2015-10-06 13:31:00 +00:00