[PATCH] D140179: [WIP][-Wunsafe-buffer-usage] Add safe buffer opt-out pragma
Ziqing Luo via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Dec 15 16:59:14 PST 2022
ziqingluo-90 created this revision.
ziqingluo-90 added reviewers: jkorous, NoQ, malavikasamak, t-rasmud.
Herald added a project: All.
ziqingluo-90 requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
Add a pair of clang pragmas:
`#pragma clang unsafe_buffer_usage begin`
`#pragma clang unsafe_buffer_usage end`,
which specify the start and end of a safe buffer opt-out region.
Behaviors of safe buffer opt-out regions conform to the following rules:
1. No nested nor overlapped opt-out regions are allowed. One cannot start an opt-out region with `... unsafe_buffer_usage begin` but never close it with `... unsafe_buffer_usage end`. Mis-use of the pragmas will be warned.
2. Warnings raised from unsafe buffer operations inside such an opt-out region will always be suppressed. This behavior CANNOT be changed by `clang diagnostic` pragmas or command-line flags.
3. Warnings raised from unsafe operations outside of such opt-out regions may be reported on declarations inside opt-out regions. These warnings are NOT suppressed.
4. An un-suppressed unsafe operation warning may be attached with notes. These notes are NOT suppressed as well regardless of whether they are in opt-out regions.
The implementation maintains a separate sequence of location pairs representing opt-out regions in `DiagnosticsEngine`.
The `Preprocessor` recognizes those pragmas in order and adds opt-out regions to the sequence.
The `UnsafeBufferUsage` analyzer reads the region sequence to check if an unsafe operation is in an opt-out region. If it is, discard the warning raised from the operation immediately.
Examples,
void f() {
int * p = new int [10];
#pragma clang unsafe_buffer_usage begin
p[5];
#pragma clang unsafe_buffer_usage end
}
Nothing will be warned in `f` since the only unsafe operation `p[5]` is in an opt-out region.
void f() {
#pragma clang unsafe_buffer_usage begin
int * p = new int [10]; // expect a warning on `p` for the unsafe operation below
#pragma clang unsafe_buffer_usage end
p[5]; // may have a note here which is an attachment of the warning above
}
In this example, a warning triggered by `p[5]`, which is not in an opt-out region, will be reported on the declaration. Although the declaration is in an opt-out region, the warning is NOT suppressed.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D140179
Files:
clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h
clang/include/clang/Basic/Diagnostic.h
clang/include/clang/Basic/DiagnosticLexKinds.td
clang/include/clang/Basic/DiagnosticSemaKinds.td
clang/include/clang/Lex/Preprocessor.h
clang/lib/Analysis/UnsafeBufferUsage.cpp
clang/lib/Basic/Diagnostic.cpp
clang/lib/Lex/PPLexerChange.cpp
clang/lib/Lex/Pragma.cpp
clang/lib/Lex/Preprocessor.cpp
clang/lib/Sema/AnalysisBasedWarnings.cpp
clang/test/SemaCXX/warn-unsafe-buffer-usage-pragma-misuse.cpp
clang/test/SemaCXX/warn-unsafe-buffer-usage-pragma.cpp
clang/test/SemaCXX/warn-unsafe-buffer-usage-pragma.h
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D140179.483332.patch
Type: text/x-patch
Size: 21545 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20221216/1524f0f2/attachment-0001.bin>
More information about the cfe-commits
mailing list