Summary:
This check searches for signed char -> integer conversions which might
indicate programming error, because of the misinterpretation of char
values. A signed char might store the non-ASCII characters as negative
values. The human programmer probably expects that after an integer
conversion the converted value matches with the character code
(a value from [0..255]), however, the actual value is in
[-128..127] interval.
See also:
STR34-C. Cast characters to unsigned char before converting to larger integer sizes
<https://wiki.sei.cmu.edu/confluence/display/c/STR34-C.+Cast+characters+to+unsigned+char+before+converting+to+larger+integer+sizes>
By now this check is limited to assignment / variable declarations.
If we would catch all signed char -> integer conversion, then it would
produce a lot of findings and also false positives. So I added only
this use case now, but this check can be extended with additional
use cases later.
The CERT documentation mentions another use case when the char is
used for array subscript. Next to that a third use case can be
the signed char - unsigned char comparison, which also a use case
where things happen unexpectedly because of conversion to integer.
Reviewers: alexfh, hokein, aaron.ballman
Reviewed By: aaron.ballman
Subscribers: sylvestre.ledru, whisperity, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits
Tags: #clang, #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D71174
Builtins are rarely if ever accessed via the Preprocessor. They are
typically found on the ASTContext, so there should be no performance
penalty to using a pointer indirection to store the builtin context.
Summary:
New checker called bugprone-not-null-terminated-result. This checker finds
function calls where it is possible to cause a not null-terminated result.
Usually the proper length of a string is `strlen(src) + 1` or equal length
of this expression, because the null terminator needs an extra space.
Without the null terminator it can result in undefined behaviour when the
string is read.
The following and their respective `wchar_t` based functions are checked:
`memcpy`, `memcpy_s`, `memchr`, `memmove`, `memmove_s`, `strerror_s`,
`strncmp`, `strxfrm`
The following is a real-world example where the programmer forgot to
increase the passed third argument, which is `size_t length`.
That is why the length of the allocated memory is not enough to hold the
null terminator.
```
static char *stringCpy(const std::string &str) {
char *result = reinterpret_cast<char *>(malloc(str.size()));
memcpy(result, str.data(), str.size());
return result;
}
```
In addition to issuing warnings, fix-it rewrites all the necessary code.
It also tries to adjust the capacity of the destination array:
```
static char *stringCpy(const std::string &str) {
char *result = reinterpret_cast<char *>(malloc(str.size() + 1));
strcpy(result, str.data());
return result;
}
```
Note: It cannot guarantee to rewrite every of the path-sensitive memory
allocations.
Reviewed By: JonasToth, aaron.ballman, whisperity, alexfh
Tags: #clang-tools-extra, #clang
Differential Revision: https://reviews.llvm.org/D45050
llvm-svn: 374707
The patch committed was not the accepted version but the
previous one. This commit fixes this issue.
Differential Revision: https://reviews.llvm.org/D64736
llvm-svn: 373428
Finding infinite loops is well-known to be impossible (halting problem).
However, it is possible to detect some obvious infinite loops, for example,
if the loop condition is not changed. Detecting such loops is beneficial
since the tests will hang on programs containing infinite loops so
testing-time detection may be costly in large systems. Obvious cases are
where the programmer forgets to increment/decrement the counter or
increments/decrements the wrong variable.
Differential Revision: https://reviews.llvm.org/D64736
-------
Broke some buildbots "No SOURCES given to target: obj.clangTidyBugproneModule"
llvm-svn: 372704
Finding infinite loops is well-known to be impossible (halting problem).
However, it is possible to detect some obvious infinite loops, for example,
if the loop condition is not changed. Detecting such loops is beneficial
since the tests will hang on programs containing infinite loops so
testing-time detection may be costly in large systems. Obvious cases are
where the programmer forgets to increment/decrement the counter or
increments/decrements the wrong variable.
Differential Revision: https://reviews.llvm.org/D64736
llvm-svn: 372693
Summary:
After revision 370919, this check incorrectly flags certain cases of implicit
constructors. Specifically, if an argument is annotated with an
argument-comment and the argument expression triggers an implicit constructor,
then the argument comment is associated with argument of the implicit
constructor.
However, this only happens when the constructor has more than one argument.
This revision fixes the check for implicit constructors and adds a regression
test for this case.
Note: r370919 didn't cause this bug, it simply uncovered it by fixing another
bug that was masking the behavior.
Reviewers: gribozavr
Subscribers: xazax.hun, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D67744
llvm-svn: 372317
This check now also checks if any calls to pthread_* functions expect negative return values. These functions return either 0 on success or an errno on failure, which is positive only.
llvm-svn: 372037
Summary:
Add bugprone-argument-comment option: IgnoreSingleArgument.
When true, the check will ignore the single argument.
Sometimes, it's not necessary to add comment to single argument.
For example:
> std::string name("Yubo Xie");
> pScreen->SetWidth(1920);
> pScreen->SetHeight(1080);
This option can ignore such single argument in bugprone-argument-comment check.
Reviewers: alexfh
Reviewed By: alexfh
Subscribers: cfe-commits
Tags: #clang
Patch by Yubo Xie.
Differential Revision: https://reviews.llvm.org/D67056
llvm-svn: 371075
Summary:
We've been running doxygen with the autobrief option for a couple of
years now. This makes the \brief markers into our comments
redundant. Since they are a visual distraction and we don't want to
encourage more \brief markers in new code either, this patch removes
them all.
Patch produced by
for i in $(git grep -l '\\brief'); do perl -pi -e 's/\\brief //g' $i & done
[This is analogous to LLVM r331272 and CFE r331834]
Subscribers: srhines, nemanjai, javed.absar, kbarton, MaskRay, jkorous, arphaman, jfb, kadircet, jsji, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D66578
llvm-svn: 369643
Finds instances where variables with static storage are initialized dynamically in header files.
Reviewed By: aaron.ballman, alexfh
Patch by Charles Zhang!
Differential Revision: https://reviews.llvm.org/D62829
llvm-svn: 369568
Now that we've moved to C++14, we no longer need the llvm::make_unique
implementation from STLExtras.h. This patch is a mechanical replacement
of (hopefully) all the llvm::make_unique instances across the monorepo.
Differential revision: https://reviews.llvm.org/D66259
llvm-svn: 368944
Summary:
Lexer::getLocForEndOfToken is defined to return an
invalid location if the given location is inside a macro.
Other checks conditionally warn based off location
validity. Updating this check to do the same.
Reviewers: JonasToth, aaron.ballman, nickdesaulniers
Reviewed By: nickdesaulniers
Subscribers: lebedev.ri, nickdesaulniers, xazax.hun, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D64607
llvm-svn: 366353
Summary:
Checks if any calls to posix functions (except posix_openpt) expect negative return values.
These functions return either 0 on success or an errno on failure, which is positive only.
Reviewers: JonasToth, gribozavr, alexfh, hokein
Reviewed By: gribozavr
Subscribers: Eugene.Zelenko, lebedev.ri, llozano, george.burgess.iv, xazax.hun, srhines, mgorny, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D63623
Patch by Jian Cai.
llvm-svn: 365007
Summary:
Added WarnOnlyIfThisHasSuspiciousField option to allow
to catch any copy assignment operator independently from
the container class's fields.
Added the cert alias using this option.
Reviewers: aaron.ballman
Reviewed By: aaron.ballman
Subscribers: mgorny, Eugene.Zelenko, xazax.hun, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D62192
llvm-svn: 361550
Implement a check for detecting if/else if/else chains where two or more
branches are Type I clones of each other (that is, they contain identical code)
and for detecting switch statements where two or more consecutive branches are
Type I clones of each other.
Patch by Donát Nagy!
Differential Revision: https://reviews.llvm.org/D54757
llvm-svn: 360779
Summary:
This check searches for copy assignment operators which might not handle self-assignment properly. There are three patterns of
handling a self assignment situation: self check, copy-and-swap or the less common copy-and-move. The new check warns if none of
these patterns is found in a user defined implementation.
See also:
OOP54-CPP. Gracefully handle self-copy assignment
https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP54-CPP.+Gracefully+handle+self-copy+assignment
Reviewers: JonasToth, alexfh, hokein, aaron.ballman
Subscribers: riccibruno, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits
Tags: #clang, #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D60507
llvm-svn: 360540
Accidentally taking the size of a struct-pointer type or a value of this type
is more common than explicitly using the & operator for the value. This patch
extends the check to include these cases.
Differential Revision: https://reviews.llvm.org/D61260
llvm-svn: 360114
Some programmers tend to forget that subtracting two pointers results in the
difference between them in number of elements of the pointee type instead of
bytes. This leads to codes such as `size_t size = (p - q) / sizeof(int)` where
`p` and `q` are of type `int*`. Or similarily, `if (p - q < buffer_size *
sizeof(int)) { ... }`. This patch extends `bugprone-sizeof-expression` to
detect such cases.
Differential Revision: https://reviews.llvm.org/D61422
llvm-svn: 360032
Summary:
The bugprone-too-small-loop-variable check often catches loop variables which can represent "big enough" values, so we don't actually need to worry about that this variable will overflow in a loop when the code iterates through a container. For example a 32 bit signed integer type's maximum value is 2 147 483 647 and a container's size won't reach this maximum value in most of the cases.
So the idea of this option to allow the user to specify an upper limit (using magnitude bit of the integer type) to filter out those catches which are not interesting for the user, so he/she can focus on the more risky integer incompatibilities.
Next to the option I replaced the term "positive bits" to "magnitude bits" which seems a better naming both in the code and in the name of the new option.
Reviewers: JonasToth, alexfh, aaron.ballman, hokein
Reviewed By: JonasToth
Subscribers: Eugene.Zelenko, xazax.hun, jdoerfert, cfe-commits
Tags: #clang-tools-extra, #clang
Differential Revision: https://reviews.llvm.org/D59870
llvm-svn: 358356
Requires making the llvm::MemoryBuffer* stored by SourceManager const,
which in turn requires making the accessors for that return const
llvm::MemoryBuffer*s and updating all call sites.
The original motivation for this was to use it and fix the TODO in
CodeGenAction.cpp's ConvertBackendLocation() by using the UnownedTag
version of createFileID, and since llvm::SourceMgr* hands out a const
llvm::MemoryBuffer* this is required. I'm not sure if fixing the TODO
this way actually works, but this seems like a good change on its own
anyways.
No intended behavior change.
Differential Revision: https://reviews.llvm.org/D60247
llvm-svn: 357724
Summary: Detect a few expressions as likely character expressions, see PR27723.
Reviewers: xazax.hun, alexfh
Subscribers: rnkovacs, jdoerfert, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D58609
llvm-svn: 355089
Summary:
The analsis on the throwing behvaiour on functions and statements gave only
a binary answer whether an exception could occur and if yes which types are
thrown.
This refactoring allows keeping track if there is a unknown factor, because the
code calls to some functions with unavailable source code with no `noexcept`
information.
This 'potential Unknown' information is propagated properly and can be queried
separately.
Reviewers: lebedev.ri, aaron.ballman, baloghadamsoftware, alexfh
Reviewed By: lebedev.ri, baloghadamsoftware
Subscribers: xazax.hun, rnkovacs, a.sidorin, Szelethus, donat.nagy, dkrupp, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D57883
llvm-svn: 354517
ExprWithCleanups is currently not skipped by IgnoreParenImpCasts, but is skipped
by IgnoreImpCasts. In view of fixing this inconsistency in D57267, remove the
IgnoreParenImpCasts between the ReturnStmt and the ExprWithCleanups which
is not needed since ExprWithCleanups is always created as a direct child of
ReturnStmt (by inspection of each ReturnStmt::Create in Sema/SemaStmt.cpp).
NFC intended.
llvm-svn: 354228
bugprone-argument-comment only supports identifying those comments which do not match the function parameter name
This revision add 3 options to adding missing argument comments to literals (granularity on type is added to control verbosity of fixit)
```
CheckOptions:
- key: bugprone-argument-comment.CommentBoolLiterals
value: '1'
- key: bugprone-argument-comment.CommentFloatLiterals
value: '1'
- key: bugprone-argument-comment.CommentIntegerLiterals
value: '1'
- key: bugprone-argument-comment.CommentStringLiterals
value: '1'
- key: bugprone-argument-comment.CommentCharacterLiterals
value: '1'
- key: bugprone-argument-comment.CommentUserDefinedLiterals
value: '1'
- key: bugprone-argument-comment.CommentNullPtrs
value: '1'
```
After applying these options, literal arguments will be preceded with /*ParameterName=*/
Reviewers: JonasToth, Eugene.Zelenko, alexfh, hokein, aaron.ballman
Reviewed By: aaron.ballman, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D57674
llvm-svn: 353535
Tamás Zolnai