[all-commits] [llvm/llvm-project] 350da4: [clang-tidy] new check: bugprone-signed-char-misuse

Tamás Zolnai via All-commits all-commits at lists.llvm.org
Mon Jan 6 09:21:56 PST 2020


  Branch: refs/heads/master
  Home:   https://github.com/llvm/llvm-project
  Commit: 350da402ef6b8b2473ff74822e8267bf2716c661
      https://github.com/llvm/llvm-project/commit/350da402ef6b8b2473ff74822e8267bf2716c661
  Author: Tamás Zolnai <tamas.zolnai at collabora.com>
  Date:   2020-01-06 (Mon, 06 Jan 2020)

  Changed paths:
    M clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
    M clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
    A clang-tools-extra/clang-tidy/bugprone/SignedCharMisuseCheck.cpp
    A clang-tools-extra/clang-tidy/bugprone/SignedCharMisuseCheck.h
    M clang-tools-extra/docs/ReleaseNotes.rst
    A clang-tools-extra/docs/clang-tidy/checks/bugprone-signed-char-misuse.rst
    M clang-tools-extra/docs/clang-tidy/checks/list.rst
    A clang-tools-extra/test/clang-tidy/checkers/bugprone-signed-char-misuse-fsigned-char.cpp
    A clang-tools-extra/test/clang-tidy/checkers/bugprone-signed-char-misuse-funsigned-char.cpp
    A clang-tools-extra/test/clang-tidy/checkers/bugprone-signed-char-misuse-with-option.cpp
    A clang-tools-extra/test/clang-tidy/checkers/bugprone-signed-char-misuse.cpp

  Log Message:
  -----------
  [clang-tidy] new check: bugprone-signed-char-misuse

Summary:
This check searches for signed char -> integer conversions which might
indicate programming error, because of the misinterpretation of char
values. A signed char might store the non-ASCII characters as negative
values. The human programmer probably expects that after an integer
conversion the converted value matches with the character code
(a value from [0..255]), however, the actual value is in
[-128..127] interval.

See also:
STR34-C. Cast characters to unsigned char before converting to larger integer sizes
<https://wiki.sei.cmu.edu/confluence/display/c/STR34-C.+Cast+characters+to+unsigned+char+before+converting+to+larger+integer+sizes>

By now this check is limited to assignment / variable declarations.
If we would catch all signed char -> integer conversion, then it would
produce a lot of findings and also false positives. So I added only
this use case now, but this check can be extended with additional
use cases later.
The CERT documentation mentions another use case when the char is
used for array subscript. Next to that a third use case can be
the signed char - unsigned char comparison, which also a use case
where things happen unexpectedly because of conversion to integer.

Reviewers: alexfh, hokein, aaron.ballman

Reviewed By: aaron.ballman

Subscribers: sylvestre.ledru, whisperity, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits

Tags: #clang, #clang-tools-extra

Differential Revision: https://reviews.llvm.org/D71174




More information about the All-commits mailing list