[cfe-commits] r137980 - in /cfe/trunk: include/clang/Basic/Builtins.def include/clang/Basic/DiagnosticSemaKinds.td include/clang/Sema/Sema.h lib/Sema/SemaChecking.cpp test/Sema/warn-strlcpycat-size.c

Eli Friedman eli.friedman at gmail.com
Thu Aug 18 15:03:48 PDT 2011 

On Thu, Aug 18, 2011 at 2:42 PM, Ted Kremenek <kremenek at apple.com> wrote:
>
> On Aug 18, 2011, at 2:33 PM, Eli Friedman wrote:
>
> +  // Output a FIXIT hint if the destination is an array (rather than a
>
> +  // pointer to an array).  This could be enhanced to handle some
>
> +  // pointers if we know the actual size, like if DstArg is 'array+2'
>
> +  // we could say 'sizeof(array)-2'.
>
> +  const Expr *DstArg = Call->getArg(0)->IgnoreParenImpCasts();
>
> +
>
> +  if (DstArg->getType()->isArrayType()) {
>
> +    llvm::SmallString<128> sizeString;
>
> +    llvm::raw_svector_ostream OS(sizeString);
>
> +    OS << "sizeof(";
>
> +    DstArg->printPretty(OS, Context, 0, Context.PrintingPolicy);
>
> +    OS << ")";
>
> +
>
> +    Diag(OriginalSizeArg->getLocStart(), diag::note_strlcpycat_wrong_size)
>
> +      << FixItHint::CreateReplacement(OriginalSizeArg->getSourceRange(),
>
> +                                      OS.str());
>
> +  }
>
> +}
>
> I would say this fixit isn't a good idea, both because we should be
> forcing the programmer to think about what they are doing here, and
> because it isn't necessarily correct.  (sizeof(dest) isn't guaranteed
> to be the actual size of the destination; suppose, for example, dest
> is a flexible array.)
>
> If the array is of constant size, or even a VLA, I don't see any problem
> with emitting a FIXIT.  You're right that a FIXIT shouldn't be emitted for
> flexible arrays.
> As for whether or not we should issue a FIXIT, I think we do more harm than
> good if we can emit a FIXIT that is 99% likely to be okay.  The problem we
> are trying to solve is that people use these APIs incorrectly all the time.
>  Where we are absolutely confident that we can correct the problem, I don't
> see the harm in doing so.  When you say "think about what they are doing
> here", the problem is that often the programmer doesn't know what they
> should be doing.  Sometimes showing them how to fix the problem goes a long
> way to educating them.

Hmm, okay.  (Don't forget to suppress the fixit for arrays of length 1.)

-Eli

More information about the cfe-commits mailing list