[all-commits] [llvm/llvm-project] a518ed: Respect the [[clang::unsafe_buffer_usage]] attribu...
Dana Jansens via All-commits
all-commits at lists.llvm.org
Wed Oct 30 11:31:15 PDT 2024
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: a518ed2d815c16010a6262edd0414a5f60a63a39
https://github.com/llvm/llvm-project/commit/a518ed2d815c16010a6262edd0414a5f60a63a39
Author: Dana Jansens <danakj at chromium.org>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M clang/lib/Analysis/UnsafeBufferUsage.cpp
M clang/test/SemaCXX/warn-unsafe-buffer-usage-function-attr.cpp
M clang/test/SemaCXX/warn-unsafe-buffer-usage-in-container-span-construct.cpp
Log Message:
-----------
Respect the [[clang::unsafe_buffer_usage]] attribute for field and constructor initializers (#91991)
CXXCtorInitializers are not statements , but they point to an
initializer expression which is. When visiting a FunctionDecl, also
walk through any constructor initializers and run the warning
checks/matchers against their initializer expressions. This catches
warnings for initializing fields and calling other constructors, such
as:
struct C {
C(P* Ptr) : AnUnsafeCtor(Ptr) {}
}
Field initializers can be found by traversing CXXDefaultInitExprs. This
catches warnings in places such as:
struct C {
P* Ptr;
AnUnsafeCtor U{Ptr};
};
We add tests for explicit construction, for field initialization, base
class constructor calls, delegated constructor calls, and aggregate
initialization.
Note that aggregate initialization is not fully covered where a field
specifies an initializer and it's not overridden in the aggregate initialization,
such as in:
struct AggregateViaValueInit {
UnsafeMembers f1;
// FIXME: A construction of this class does initialize the field
// through this initializer, so it should warn. Ideally it should
// also point to where the site of the construction is in
// testAggregateViaValueInit().
UnsafeMembers f2{3};
};
void testAggregateViaValueInit() {
auto A = AggregateViaValueInit();
};
There are 3 tests for different types of aggregate initialization with
FIXMEs documenting this future work.
One attempt to fix this involved returning true from
MatchDescendantVisitor::shouldVisitImplicitCode(), however, it breaks expectations
for field in-class initializers by moving the SourceLocation, possibly
to inside the implicit ctor instead of on the line where the field
initialization happens.
struct C {
P* Ptr;
AnUnsafeCtor U{Ptr}; // expected-warning{{this is never seen then}}
};
Tests are also added for std::span(ptr, size) constructor being called
from a field initializer and a constructor initializer.
Issue #80482
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list