[all-commits] [llvm/llvm-project] 5ac343: Respect the [[clang::unsafe_buffer_usage]] attribu...

Dana Jansens via All-commits all-commits at lists.llvm.org
Thu May 16 08:01:31 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 5ac34358181b21135851979c1c949632be5a9d32
      https://github.com/llvm/llvm-project/commit/5ac34358181b21135851979c1c949632be5a9d32
  Author: Dana Jansens <danakj at chromium.org>
  Date:   2024-05-16 (Thu, 16 May 2024)

  Changed paths:
    M clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h
    M clang/include/clang/Analysis/Analyses/UnsafeBufferUsageGadgets.def
    M clang/lib/Analysis/UnsafeBufferUsage.cpp
    M clang/lib/Sema/AnalysisBasedWarnings.cpp
    M clang/test/SemaCXX/warn-unsafe-buffer-usage-function-attr.cpp

  Log Message:
  -----------
  Respect the [[clang::unsafe_buffer_usage]] attribute for constructors (#91777)

The -Wunsafe-buffer-usage warning should fire on any call to a function
annotated with [[clang::unsafe_buffer_usage]], however it omitted calls
to constructors, since the expression is a CXXConstructExpr which does
not subclass CallExpr. Thus the matcher on callExpr() does not find
these expressions.

Add a new WarningGadget that matches cxxConstructExpr that are calling a
CXXConstructDecl annotated by [[clang::unsafe_buffer_usage]] and fires
the warning. The new UnsafeBufferUsageCtorAttrGadget gadget explicitly
avoids matching against the std::span(ptr, size) constructor because
that is handled by SpanTwoParamConstructorGadget and we never want two
gadgets to match the same thing (and this is guarded by asserts).

The gadgets themselves do not report the warnings, instead each gadget's
Stmt is passed to the UnsafeBufferUsageHandler (implemented by
UnsafeBufferUsageReporter). The Reporter is previously hardcoded that a
CXXConstructExpr statement must be a match for std::span(ptr, size), but
that is no longer the case. We want the Reporter to generate different
warnings (in the -Wunsafe-buffer-usage-in-container subgroup) for the
span contructor. And we will want it to report more warnings for other
std-container-specific gadgets in the future. To handle this we allow
the gadget to control if the warning is general (it calls
handleUnsafeBufferUsage()) or is a std-container-specific warning (it
calls handleUnsafeOperationInContainer()).

Then the WarningGadget grows a virtual method to dispatch to the
appropriate path in the UnsafeBufferUsageHandler. By doing so, we no
longer need getBaseStmt in the Gadget interface. The only use of it for
FixableGadgets was to get the SourceLocation, so we make an explicit
virtual method for that on Gadget. Then the handleUnsafeOperation()
dispatcher can be a virtual method that is only in WarningGadget.

The SpanTwoParamConstructorGadget gadget dispatches to
handleUnsafeOperationInContainer() while the other WarningGadgets all
dispatch to the original handleUnsafeBufferUsage().

Tests are added for annotated constructors, conversion operattors, call
operators, fold expressions, and regular methods.

Issue #80482



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list