Summary:
This checker flags the use of C-style memory management functionality and notes about modern alternatives.
In an earlier revision it tried to autofix some kind of patterns, but that was a bad idea. Since memory management can be so widespread in a program, manual updating is most likely necessary.
Maybe for special cases, there could be later additions to this basic checker.
This is the first checker I wrote and I never did something with clang (only compiling programs). So whenever I missed conventions or did plain retarded stuff, feel free to point it out! I am willing to fix them and write a better checker.
I hope the patch does work, I never did this either. On a testapply in my repository it did, but I am pretty unconfident in my patching skills :)
Reviewers: aaron.ballman, hokein, alexfh, malcolm.parsons
Subscribers: cfe-commits, JDevlieghere, nemanjai, Eugene.Zelenko, Prazek, mgorny, modocache
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D26167
Patch by Jonas Toth!
llvm-svn: 289546
Summary:
This doesn't work after converting SmallSetVector to use DenseSet.
Instead we can just use a SmallVector.
Reviewers: timshen
Subscribers: nemanjai, cfe-commits
Differential Revision: https://reviews.llvm.org/D25647
llvm-svn: 284873
Summary:
The matcher for matching "class with default constructor" still match
some classes without default constructor, which trigger an assert at
Line 307. This patch makes the matcher more strict.
Reviewers: aaron.ballman
Subscribers: nemanjai, cfe-commits
Differential Revision: https://reviews.llvm.org/D25747
llvm-svn: 284727
Classes with virtual methods or virtual bases are not trivially default constructible, so their members and bases need to be initialized.
Patch by Malcolm Parsons.
llvm-svn: 283224
Summary:
Use a set rather than a vector of defined special member functions so
that multiple declarations of the same function are only counted once.
Move some private static member functions into the cpp file.
Run clang-format on header.
Reviewers: ericLemanissier, Prazek, aaron.ballman
Subscribers: Prazek, cfe-commits, nemanjai
Projects: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D23008
llvm-svn: 277523
Summary:
When the expression is value dependent,
isIntegerConstantExpr() crashes in C++03 mode with
../tools/clang/lib/AST/ExprConstant.cpp:9330: (anonymous namespace)::ICEDiag CheckICE(const clang::Expr *, const clang::ASTContext &):
Assertion `!E->isValueDependent() && "Should not see value dependent exprs!"' failed.
In C++11 mode, that assert does not trigger.
This commit works around this in the check. We don't check
value-dependent indices and instead check their specialization.
Reviewers: alexfh, aaron.ballman
Subscribers: nemanjai, cfe-commits
Differential Revision: http://reviews.llvm.org/D22190
llvm-svn: 275461
Summary:
Fixed a crash in cppcoreguidelines-pro-type-member-init when checking record types with indirect fields pre-C++11.
Fixed handling of indirect fields so they are properly checked and suggested fixes are proposed.
Patch by Michael Miller!
Reviewers: aaron.ballman, alexfh, hokein
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D19993
llvm-svn: 269024
Summary: Finds return statements in assign operator bodies where the return value is different from '*this'. Only assignment operators with correct return value Class& are checked.
Reviewers: aaron.ballman, alexfh, sbenza
Subscribers: o.gyorgy, baloghadamsoftware, LegalizeAdulthood, aaron.ballman, Eugene.Zelenko, xazax.hun, cfe-commits
Differential Revision: http://reviews.llvm.org/D18265
llvm-svn: 268492
Summary: Fix a crash when a record type initializes itself in its own base class initializer list.
Patch by Michael Miller!
Reviewers: alexfh, aaron.ballman, hokein
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D19802
llvm-svn: 268369
Summary:
This is a step forward cleaning up the namespaces in clang-tidy/utils.
There is no behavior change.
Reviewers: alexfh
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D19819
llvm-svn: 268356
Summary:
The goal of the patch is to bring checkers in their appropriate namespace.
This path doesn't change any behavior.
Reviewers: alexfh
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D19811
llvm-svn: 268264
Summary: Fixed a crash in cppcoreguidelines-pro-type-member-init when encountering a type that uses one of its template parameters as a base when compiling for C++98.
Patch by Michael Miller!
Reviewers: aaron.ballman, alexfh, hokein
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D19539
llvm-svn: 267700
Summary: Fixes a crash in cppcoreguidelines-pro-type-member-init when checking some record types with a constructor without a body. We now check to make sure the constructor has a body before looking for missing members and base initializers.
Patch by Michael Miller!
Reviewers: aaron.ballman, alexfh, hokein
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D19270
llvm-svn: 266862
Summary: Added the remaining features needed to satisfy C++ Core Guideline Type.6: Always initialize a member variable to cppcoreguidelines-pro-type-member-init. The check now flags all default-constructed uses of record types without user-provided default constructors that would leave their memory in an undefined state. The check suggests value initializing them instead.
Reviewers: flx, alexfh, aaron.ballman
Subscribers: klimek, aaron.ballman, LegalizeAdulthood, cfe-commits
Patch by Michael Miller!
Differential Revision: http://reviews.llvm.org/D18584
llvm-svn: 266191
Summary:
This check flags initializers of globals that access extern objects, and therefore can lead to order-of-initialization problems (this recommandation is part of CPP core guidelines).
Note that this only checks half of the guideline for now (it does not enforce using constexpr functions).
Reviewers: aaron.ballman, alexfh
Subscribers: aaron.ballman, etienneb, Eugene.Zelenko, cfe-commits
Patch by Clement Courbet!
Differential Revision: http://reviews.llvm.org/D18649
llvm-svn: 265774
Summary:
This patch is a continuation of http://reviews.llvm.org/D10553 by Jonathan B Coe.
The main additions are:
1. For C++11 the check suggests in-class field initialization as fix. This
makes the fields future proof towards the addition of new constructors.
2 For older language versions the fields are added in the right position
in the initializer list with more tests.
3. User documentation.
Reviewers: alexfh, jbcoe
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D16517
llvm-svn: 260873
Summary:
This patch is provided in preparation for removing autoconf on 1/26. The proposal to remove autoconf on 1/26 was discussed on the llvm-dev thread here: http://lists.llvm.org/pipermail/llvm-dev/2016-January/093875.html
"Now I am become Death, the destroyer of worlds."
-J. Robert Oppenheimer
Reviewers: chandlerc, grosbach, bob.wilson, echristo
Subscribers: cfe-commits, klimek
Differential Revision: http://reviews.llvm.org/D16475
llvm-svn: 258864
Summary:
This is http://reviews.llvm.org/D13746 but instead of including <array>,
a stub is provided.
This check flags all array subscriptions on static arrays and
std::arrays that either have a non-compile-time-constant index or are
out of bounds.
Dynamic accesses into arrays are difficult for both tools and humans to
validate as safe. array_view is a bounds-checked, safe type for
accessing arrays of data. at() is another alternative that ensures
single accesses are bounds-checked. If iterators are needed to access an
array, use the iterators from an array_view constructed over the array.
This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions
Reviewers: alexfh, sbenza, bkramer, aaron.ballman
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D15030
llvm-svn: 255470
Summary:
This check flags all array subscriptions on static arrays and
std::arrays that either have a non-compile-time-constant index or are
out of bounds.
Dynamic accesses into arrays are difficult for both tools and humans to
validate as safe. array_view is a bounds-checked, safe type for
accessing arrays of data. at() is another alternative that ensures
single accesses are bounds-checked. If iterators are needed to access an
array, use the iterators from an array_view constructed over the array.
This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds2-only-index-into-arrays-using-constant-expressions
Reviewers: alexfh, sbenza, bkramer, aaron.ballman
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D13746
llvm-svn: 253401
Summary:
This check flags all use of c-style casts that perform a static_cast
downcast, const_cast, or reinterpret_cast.
Use of these casts can violate type safety and cause the program to
access a
variable that is actually of type X to be accessed as if it were of an
unrelated type Z. Note that a C-style (T)expression cast means to
perform
the first of the following that is possible: a const_cast, a
static_cast, a
static_cast followed by a const_cast, a reinterpret_cast, or a
reinterpret_cast followed by a const_cast. This rule bans (T)expression
only when used to perform an unsafe cast.
This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type4-dont-use-c-style-texpression-casts-that-would-perform-a-static_cast-downcast-const_cast-or-reinterpret_cast.
Reviewers: alexfh, sbenza, bkramer, aaron.ballman
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D14096
llvm-svn: 252425
Summary:
This check flags all calls to c-style vararg functions and all use
of va_list, va_start and va_arg.
Passing to varargs assumes the correct type will be read. This is
fragile because it cannot generally be enforced to be safe in the
language and so relies on programmer discipline to get it right.
This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type8-avoid-reading-from-varargs-or-passing-vararg-arguments-prefer-variadic-template-parameters-instead
This commits also reverts
"[clang-tidy] add cert's VariadicFunctionDefCheck as cppcoreguidelines-pro-type-vararg-def"
because that check makes the SFINAE use of vararg functions impossible.
Reviewers: alexfh, sbenza, bkramer, aaron.ballman
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D13787
llvm-svn: 250939
Summary:
This check flags all access to members of unions. Passing unions as a
whole is not flagged.
Reading from a union member assumes that member was the last one
written, and writing to a union member assumes another member with a
nontrivial destructor had its destructor called. This is fragile because
it cannot generally be enforced to be safe in the language and so relies
on programmer discipline to get it right.
This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type7-avoid-accessing-members-of-raw-unions-prefer-variant-instead
Reviewers: alexfh, sbenza, bkramer, aaron.ballman
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D13784
llvm-svn: 250537
Summary:
This check flags all usage of pointer arithmetic, because it could lead
to an
invalid pointer.
Subtraction of two pointers is not flagged by this check.
Pointers should only refer to single objects, and pointer arithmetic is
fragile and easy to get wrong. array_view is a bounds-checked, safe type
for accessing arrays of data.
This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds1-dont-use-pointer-arithmetic-use-array_view-instead
Depends on D13313
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D13311
llvm-svn: 250116
Summary:
This check flags all usages of static_cast, where a base class is casted
to a derived class.
In those cases, a fixit is provided to convert the cast to a
dynamic_cast.
Use of these casts can violate type safety and cause the program to
access a variable that is actually of type X to be accessed as if it
were of an unrelated type Z.
This rule is part of the "Type safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-type2-dont-use-static_cast-downcasts-use-dynamic_cast-instead
Depends on D13313
Reviewers: alexfh, sbenza, bkramer, aaron.ballman
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D13368
llvm-svn: 250098