Commit Graph

18 Commits

Author SHA1 Message Date
Matthias Gehre 37f10a0c25 [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
Summary:
This is http://reviews.llvm.org/D13746 but instead of including <array>,
a stub is provided.
This check flags all array subscriptions on static arrays and
std::arrays that either have a non-compile-time-constant index or are
out of bounds.

Dynamic accesses into arrays are difficult for both tools and humans to
validate as safe. array_view is a bounds-checked, safe type for
accessing arrays of data. at() is another alternative that ensures
single accesses are bounds-checked. If iterators are needed to access an
array, use the iterators from an array_view constructed over the array.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D15030

llvm-svn: 255470
2015-12-13 22:08:26 +00:00
Matthias Gehre 4241cedb68 [clang-tidy] cppcoreguidelines-pro-bounds-pointer-arithmetic: ignore generated pointer arithmetic
Summary:
Inside a range-based for-loop over an array, the compiler
generates pointer arithmetic (end = array + size). Don't flag this.

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D14582

llvm-svn: 254182
2015-11-26 22:32:11 +00:00
NAKAMURA Takumi 67361cc2e1 Revert r253401, "[clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index"
cppcoreguidelines-pro-bounds-constant-array-index.cpp is failing in several hosts.

llvm-svn: 253428
2015-11-18 02:14:35 +00:00
Matthias Gehre 55020566ed [clang-tidy] add check cppcoreguidelines-pro-bounds-constant-array-index
Summary:
This check flags all array subscriptions on static arrays and
std::arrays that either have a non-compile-time-constant index or are
out of bounds.

Dynamic accesses into arrays are difficult for both tools and humans to
validate as safe. array_view is a bounds-checked, safe type for
accessing arrays of data. at() is another alternative that ensures
single accesses are bounds-checked. If iterators are needed to access an
array, use the iterators from an array_view constructed over the array.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13746

llvm-svn: 253401
2015-11-17 23:43:20 +00:00
Matthias Gehre 4722f1921a Fix bug 25362 "cppcoreguidelines-pro-bounds-array-to-pointer-decay does not consider const"
Summary:
The current matcher is
  implicitCastExpr(unless(hasParent(explicitCastExpr())))
but the AST in the bug is
  `-CXXStaticCastExpr 0x2bb64f8 <col:21, col:55> 'void *const *'
static_cast<void *const *> <NoOp>
    `-ImplicitCastExpr 0x2bb64e0 <col:47> 'void *const *' <NoOp>
      `-ImplicitCastExpr 0x2bb64c8 <col:47> 'void **'
<ArrayToPointerDecay>
        `-DeclRefExpr 0x2bb6458 <col:47> 'void *[2]' lvalue Var
0x2bb59d0 'addrlist' 'void *[2]'
i.e. an ImplicitCastExpr (const cast) between decay and explicit cast.

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D14517

llvm-svn: 253399
2015-11-17 23:35:39 +00:00
Matthias Gehre eeb71758cc [clang-tidy] add new check cppcoreguidelines-pro-type-cstyle-cast
Summary:
This check flags all use of c-style casts that perform a static_cast
downcast, const_cast, or reinterpret_cast.

Use of these casts can violate type safety and cause the program to
access a
variable that is actually of type X to be accessed as if it were of an
unrelated type Z. Note that a C-style (T)expression cast means to
perform
the first of the following that is possible: a const_cast, a
static_cast, a
static_cast followed by a const_cast, a reinterpret_cast, or a
reinterpret_cast followed by a const_cast. This rule bans (T)expression
only when used to perform an unsafe cast.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type4-dont-use-c-style-texpression-casts-that-would-perform-a-static_cast-downcast-const_cast-or-reinterpret_cast.

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D14096

llvm-svn: 252425
2015-11-08 21:10:39 +00:00
Matthias Gehre f33319699d [clang-tidy] Add new check cppcoreguidelines-pro-bounds-array-to-pointer-decay
Summary:
This check flags all array to pointer decays.

Pointers should not be used as arrays. array_view is a bounds-checked,
safe alternative to using pointers to access arrays.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds3-no-array-to-pointer-decay

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13640

llvm-svn: 251358
2015-10-26 21:56:02 +00:00
Matthias Gehre 27da23464f [clang-tidy] add check cppcoreguidelines-pro-type-vararg
Summary:
This check flags all calls to c-style vararg functions and all use
of va_list, va_start and va_arg.

Passing to varargs assumes the correct type will be read. This is
fragile because it cannot generally be enforced to be safe in the
language and so relies on programmer discipline to get it right.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type8-avoid-reading-from-varargs-or-passing-vararg-arguments-prefer-variadic-template-parameters-instead

This commits also reverts
  "[clang-tidy] add cert's VariadicFunctionDefCheck as cppcoreguidelines-pro-type-vararg-def"
because that check makes the SFINAE use of vararg functions impossible.

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13787

llvm-svn: 250939
2015-10-21 20:09:02 +00:00
Matthias Gehre b785407c28 [clang-tidy] add check cppcoreguidelines-pro-type-union-access
Summary:
This check flags all access to members of unions. Passing unions as a
whole is not flagged.

Reading from a union member assumes that member was the last one
written, and writing to a union member assumes another member with a
nontrivial destructor had its destructor called. This is fragile because
it cannot generally be enforced to be safe in the language and so relies
on programmer discipline to get it right.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type7-avoid-accessing-members-of-raw-unions-prefer-variant-instead

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13784

llvm-svn: 250537
2015-10-16 18:46:30 +00:00
Matthias Gehre 0f629153af [clang-tidy] add cert's VariadicFunctionDefCheck as cppcoreguidelines-pro-type-vararg-def
Summary:
Import the cert check for variadic function definitions into
cppcoreguidelines module to check part of
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type8-avoid-reading-from-varargs-or-passing-vararg-arguments-prefer-variadic-template-parameters-instead

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13785

llvm-svn: 250468
2015-10-15 22:40:45 +00:00
Aaron Ballman d8e52d65f1 Appeasing build bots by linking in the proper libraries.
llvm-svn: 250166
2015-10-13 15:42:06 +00:00
Aaron Ballman 17b6feef69 Expose the clang-tidy misc-assign-operator-signature checker as cppcoreguidelines-c-copy-assignment-signature.
llvm-svn: 250165
2015-10-13 15:24:33 +00:00
Matthias Gehre dc48412c93 [clang-tidy] new check cppcoreguidelines-pro-bounds-pointer-arithmetic
Summary:
This check flags all usage of pointer arithmetic, because it could lead
to an
invalid pointer.
Subtraction of two pointers is not flagged by this check.

Pointers should only refer to single objects, and pointer arithmetic is
fragile and easy to get wrong. array_view is a bounds-checked, safe type
for accessing arrays of data.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds1-dont-use-pointer-arithmetic-use-array_view-instead

Depends on D13313

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13311

llvm-svn: 250116
2015-10-12 21:53:19 +00:00
Matthias Gehre a704d4bb27 [clang-tidy] add check cppcoreguidelines-pro-type-static-cast-downcast
Summary:
This check flags all usages of static_cast, where a base class is casted
to a derived class.
In those cases, a fixit is provided to convert the cast to a
dynamic_cast.

Use of these casts can violate type safety and cause the program to
access a variable that is actually of type X to be accessed as if it
were of an unrelated type Z.

This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type2-dont-use-static_cast-downcasts-use-dynamic_cast-instead

Depends on D13313

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13368

llvm-svn: 250098
2015-10-12 20:46:53 +00:00
Matthias Gehre 36489cd39b Test commit
llvm-svn: 250002
2015-10-11 22:55:29 +00:00
Aaron Ballman 9ec7c3c72e Fixing links and reformatting code; NFC.
Patch by Marek Kurdej!

llvm-svn: 249612
2015-10-07 20:33:36 +00:00
Aaron Ballman 0bf129823a Add checker for the C++ Core Guidelines: cppcoreguidelines-pro-type-const-cast.
Patch by Matthias Gehre!

llvm-svn: 249540
2015-10-07 12:24:57 +00:00
Aaron Ballman aaa4080d21 Add a new module for the C++ Core Guidelines, and the first checker for those guidelines: cppcoreguidelines-pro-type-reinterpret-cast.
Patch by Matthias Gehre!

llvm-svn: 249399
2015-10-06 13:31:00 +00:00