[clang] [clang-tools-extra] [compiler-rt] [clang-tidy] add `ctime` and `localtime` to `clang-tidy` (PR #110366)

Зишан Мирза via cfe-commits cfe-commits at lists.llvm.org
Fri Oct 4 11:19:22 PDT 2024


https://github.com/zimirza updated https://github.com/llvm/llvm-project/pull/110366

>From 4fb69942effb3cf34d07f33a14a95757b6ca5ee0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Sat, 28 Sep 2024 17:05:42 +0200
Subject: [PATCH 01/36] [clang-tidy] add `ctime` and `localtime` to
 `clang-tidy`

Closes #107445
---
 clang/docs/tools/clang-formatted-files.txt               | 8 ++++++++
 .../StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp   | 4 ++++
 clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc       | 4 ++++
 clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc     | 6 ++++++
 clang/test/Analysis/cert/env34-c.c                       | 9 ++++++++-
 5 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/clang/docs/tools/clang-formatted-files.txt b/clang/docs/tools/clang-formatted-files.txt
index 67ff085144f4de..5223ca82a5b575 100644
--- a/clang/docs/tools/clang-formatted-files.txt
+++ b/clang/docs/tools/clang-formatted-files.txt
@@ -3058,6 +3058,14 @@ libc/src/threads/linux/thrd_join.cpp
 libc/src/threads/linux/Thread.h
 libc/src/time/asctime.cpp
 libc/src/time/asctime.h
+libc/src/time/ctime.cpp
+libc/src/time/ctime.h
+libc/src/time/ctime_r.cpp
+libc/src/time/ctime_r.h
+libc/src/time/localtime.cpp
+libc/src/time/localtime.h
+libc/src/time/localtime_r.cpp
+libc/src/time/localtime_r.h
 libc/src/time/asctime_r.cpp
 libc/src/time/asctime_r.h
 libc/src/time/gmtime.cpp
diff --git a/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp
index fefe846b6911f7..9c34d3636c8488 100644
--- a/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp
@@ -76,6 +76,10 @@ class InvalidPtrChecker
        &InvalidPtrChecker::postPreviousReturnInvalidatingCall},
       {{CDM::CLibrary, {"asctime"}, 1},
        &InvalidPtrChecker::postPreviousReturnInvalidatingCall},
+      {{CDM::CLibrary, {"ctime"}, 1},
+       &InvalidPtrChecker::postPreviousReturnInvalidatingCall},
+      {{CDM::CLibrary, {"localtime"}, 1},
+       &InvalidPtrChecker::postPreviousReturnInvalidatingCall},
   };
 
   // The private members of this checker corresponding to commandline options
diff --git a/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc b/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc
index 463ce921f0672f..aca22f869b5291 100644
--- a/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc
+++ b/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc
@@ -220,6 +220,10 @@ SYMBOL(and, None, <iso646.h>)
 SYMBOL(and_eq, None, <iso646.h>)
 SYMBOL(asctime, None, <time.h>)
 SYMBOL(asctime_s, None, <time.h>)
+SYMBOL(ctime, None, <time.h>)
+SYMBOL(ctime_s, None, <time.h>)
+SYMBOL(localtime, None, <time.h>)
+SYMBOL(localtime_s, None, <time.h>)
 SYMBOL(asin, None, <math.h>)
 SYMBOL(asinf, None, <math.h>)
 SYMBOL(asinh, None, <math.h>)
diff --git a/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc b/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
index b46bd2e4d7a4b5..8e3471e2fc5729 100644
--- a/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
+++ b/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
@@ -617,6 +617,12 @@ SYMBOL(as_writable_bytes, std::, <span>)
 SYMBOL(asctime, std::, <ctime>)
 SYMBOL(asctime, None, <ctime>)
 SYMBOL(asctime, None, <time.h>)
+SYMBOL(ctime, std::, <time.h>)
+SYMBOL(ctime, None, <ctime>)
+SYMBOL(ctime, None, <time.h>)
+SYMBOL(localtime, std::, <ctime>)
+SYMBOL(localtime, None, <ctime>)
+SYMBOL(localtime, None, <time.h>)
 SYMBOL(asin, std::, <cmath>)
 SYMBOL(asin, None, <cmath>)
 SYMBOL(asin, None, <math.h>)
diff --git a/clang/test/Analysis/cert/env34-c.c b/clang/test/Analysis/cert/env34-c.c
index d307f0d8f4bb01..66ba0be4a67bba 100644
--- a/clang/test/Analysis/cert/env34-c.c
+++ b/clang/test/Analysis/cert/env34-c.c
@@ -15,7 +15,14 @@ lconv *localeconv(void);
 
 typedef struct {
 } tm;
-char *asctime(const tm *timeptr);
+char *asctime(const tm *timeptr)
+;
+typedef struct {
+} tm;
+char *ctime(const tm *timeptr);
+typedef struct {
+} tm;
+struct tm *localtime(struct tm *tm);
 
 int strcmp(const char*, const char*);
 extern void foo(char *e);

>From 5be47623b21694a8f98eb6e5de0e536fdbb4ca0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Sat, 28 Sep 2024 17:20:00 +0200
Subject: [PATCH 02/36] [clang-tidy] add times to clang-tidy

add `ctime` and `localtime` to unsafe functions check function
---
 clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
index 604a7cac0e4903..f058e5ae40680f 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
@@ -50,6 +50,8 @@ static StringRef getReplacementFor(StringRef FunctionName,
     StringRef AnnexKReplacementFunction =
         StringSwitch<StringRef>(FunctionName)
             .Cases("asctime", "asctime_r", "asctime_s")
+            .Cases("ctime", "ctime_r")
+            .Cases("localtime", "localtime_r")
             .Case("gets", "gets_s")
             .Default({});
     if (!AnnexKReplacementFunction.empty())

>From 5deca5d7b330b6e8bdf27862813c7c2acb5c9f77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 16:35:31 +0200
Subject: [PATCH 03/36] [clang-tidy] add `ctime` and `localtime` to
 `clang-tidy`

add changes to release notes
---
 clang-tools-extra/docs/ReleaseNotes.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index 7d37a4b03222cf..42ddb3c1b76c87 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -97,6 +97,8 @@ The improvements are...
 Improvements to clang-tidy
 --------------------------
 
+- Added `ctime` and `localtime` to clang-tidy.
+
 - Improved :program:`run-clang-tidy.py` script. Fixed minor shutdown noise
   happening on certain platforms when interrupting the script.
 

>From 377ef53a4e6b8c5f5c4af7c303dc8aae9deeaad4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 16:42:07 +0200
Subject: [PATCH 04/36] [clang-tidy] add `ctime` and `localtime` to
 `clang-tidy`

fix: tests
---
 clang/test/Analysis/cert/env34-c.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/clang/test/Analysis/cert/env34-c.c b/clang/test/Analysis/cert/env34-c.c
index 66ba0be4a67bba..ae344a815679ec 100644
--- a/clang/test/Analysis/cert/env34-c.c
+++ b/clang/test/Analysis/cert/env34-c.c
@@ -15,13 +15,8 @@ lconv *localeconv(void);
 
 typedef struct {
 } tm;
-char *asctime(const tm *timeptr)
-;
-typedef struct {
-} tm;
+char *asctime(const tm *timeptr);
 char *ctime(const tm *timeptr);
-typedef struct {
-} tm;
 struct tm *localtime(struct tm *tm);
 
 int strcmp(const char*, const char*);

>From 564c8577e002f40075306e2e351ab3d27eabe74b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 16:58:06 +0200
Subject: [PATCH 05/36] undo symbols, since these should be automatically
 generated

---
 clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc   | 4 ----
 clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc | 6 ------
 2 files changed, 10 deletions(-)

diff --git a/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc b/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc
index aca22f869b5291..463ce921f0672f 100644
--- a/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc
+++ b/clang/lib/Tooling/Inclusions/Stdlib/CSymbolMap.inc
@@ -220,10 +220,6 @@ SYMBOL(and, None, <iso646.h>)
 SYMBOL(and_eq, None, <iso646.h>)
 SYMBOL(asctime, None, <time.h>)
 SYMBOL(asctime_s, None, <time.h>)
-SYMBOL(ctime, None, <time.h>)
-SYMBOL(ctime_s, None, <time.h>)
-SYMBOL(localtime, None, <time.h>)
-SYMBOL(localtime_s, None, <time.h>)
 SYMBOL(asin, None, <math.h>)
 SYMBOL(asinf, None, <math.h>)
 SYMBOL(asinh, None, <math.h>)
diff --git a/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc b/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
index 8e3471e2fc5729..b46bd2e4d7a4b5 100644
--- a/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
+++ b/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
@@ -617,12 +617,6 @@ SYMBOL(as_writable_bytes, std::, <span>)
 SYMBOL(asctime, std::, <ctime>)
 SYMBOL(asctime, None, <ctime>)
 SYMBOL(asctime, None, <time.h>)
-SYMBOL(ctime, std::, <time.h>)
-SYMBOL(ctime, None, <ctime>)
-SYMBOL(ctime, None, <time.h>)
-SYMBOL(localtime, std::, <ctime>)
-SYMBOL(localtime, None, <ctime>)
-SYMBOL(localtime, None, <time.h>)
 SYMBOL(asin, std::, <cmath>)
 SYMBOL(asin, None, <cmath>)
 SYMBOL(asin, None, <math.h>)

>From 6d388c05a4ec3de5bc7227e4caa4c1477e0b8e46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 17:00:51 +0200
Subject: [PATCH 06/36] moved release notes for `ctime` and `localtime`

---
 clang-tools-extra/docs/ReleaseNotes.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index 42ddb3c1b76c87..2c9a9bad5dfc15 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -97,8 +97,6 @@ The improvements are...
 Improvements to clang-tidy
 --------------------------
 
-- Added `ctime` and `localtime` to clang-tidy.
-
 - Improved :program:`run-clang-tidy.py` script. Fixed minor shutdown noise
   happening on certain platforms when interrupting the script.
 
@@ -115,6 +113,8 @@ New check aliases
 Changes in existing checks
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+- Added `ctime` and `localtime` to clang-tidy.
+
 - Improved :doc:`bugprone-casting-through-void
   <clang-tidy/checks/bugprone/casting-through-void>` check to suggest replacing
   the offending code with ``reinterpret_cast``, to more clearly express intent.

>From b6631f22971c5aad722f997308a02d61822752c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 17:15:48 +0200
Subject: [PATCH 07/36] updated release notes for `ctime` and `localtime`

---
 clang-tools-extra/docs/ReleaseNotes.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index 2c9a9bad5dfc15..f5e7eb781b6033 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -113,7 +113,8 @@ New check aliases
 Changes in existing checks
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-- Added `ctime` and `localtime` to clang-tidy.
+- New unsafe functions checks :doc:`bugprone-unsafe-functions-check`
+  <clang-tidy/bugprone/UnsafeFunctionsCheck.cpp> were added to clang-tidy.
 
 - Improved :doc:`bugprone-casting-through-void
   <clang-tidy/checks/bugprone/casting-through-void>` check to suggest replacing

>From b54d08b8c58ddf300effa5a73c678d09b0c545f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 17:45:33 +0200
Subject: [PATCH 08/36] added `ctime_r` and `localtime_r` to documentation

---
 .../docs/clang-tidy/checks/bugprone/unsafe-functions.rst       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst
index fb070627e31b1d..0199e63d89152c 100644
--- a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst
@@ -34,7 +34,8 @@ following functions:
 ``vsnprintf``, ``vsprintf``, ``vsscanf``, ``vswprintf``, ``vswscanf``,
 ``vwprintf``, ``vwscanf``, ``wcrtomb``, ``wcscat``, ``wcscpy``,
 ``wcslen``, ``wcsncat``, ``wcsncpy``, ``wcsrtombs``, ``wcstok``, ``wcstombs``,
-``wctomb``, ``wmemcpy``, ``wmemmove``, ``wprintf``, ``wscanf``.
+``wctomb``, ``wmemcpy``, ``wmemmove``, ``wprintf``, ``wscanf``. ``ctime_r``,
+``localtime_r``
 
 If *Annex K.* is not available, replacements are suggested only for the
 following functions from the previous list:

>From 9d38467f6783512e171046396145f42eb8bbbcf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 17:45:57 +0200
Subject: [PATCH 09/36] updated release notes for `ctime` and `localtime`

---
 clang-tools-extra/docs/ReleaseNotes.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index f5e7eb781b6033..ae0833509f4c3e 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -113,8 +113,9 @@ New check aliases
 Changes in existing checks
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-- New unsafe functions checks :doc:`bugprone-unsafe-functions-check`
-  <clang-tidy/bugprone/UnsafeFunctionsCheck.cpp> were added to clang-tidy.
+- Improved :doc:`bugprone-unsafe-functions-check`
+  `<clang-tidy/checks/bugprone/unsafe-functions>`, added `ctime` and `localtime`
+  to unsafe functions check in clang-tidy.
 
 - Improved :doc:`bugprone-casting-through-void
   <clang-tidy/checks/bugprone/casting-through-void>` check to suggest replacing

>From 9c626e5cee876e551f2ccd56c485e899a4bedf9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 17:48:03 +0200
Subject: [PATCH 10/36] fix: documentation name for unsafe functions check

---
 clang-tools-extra/docs/ReleaseNotes.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index ae0833509f4c3e..a0f78bbbf4c284 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -113,7 +113,7 @@ New check aliases
 Changes in existing checks
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-- Improved :doc:`bugprone-unsafe-functions-check`
+- Improved :doc:`bugprone-unsafe-functions`
   `<clang-tidy/checks/bugprone/unsafe-functions>`, added `ctime` and `localtime`
   to unsafe functions check in clang-tidy.
 

>From 0ecd051dc86fcb1f6714940b267d0fc8f1c75d2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 17:49:35 +0200
Subject: [PATCH 11/36] fix: release notes for `ctime` and `localtime`

---
 clang-tools-extra/docs/ReleaseNotes.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index a0f78bbbf4c284..682e0029f1f612 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -113,8 +113,8 @@ New check aliases
 Changes in existing checks
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-- Improved :doc:`bugprone-unsafe-functions`
-  `<clang-tidy/checks/bugprone/unsafe-functions>`, added `ctime` and `localtime`
+- Improved :doc:`bugprone-unsafe-functions
+  <clang-tidy/checks/bugprone/unsafe-functions>`, added `ctime` and `localtime`
   to unsafe functions check in clang-tidy.
 
 - Improved :doc:`bugprone-casting-through-void

>From bf5910164bfdc02b44e463095465e19f7b03b48b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 17:59:46 +0200
Subject: [PATCH 12/36] release notes should be in alphabetical order

---
 clang-tools-extra/docs/ReleaseNotes.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index 682e0029f1f612..50eaf0a1b4b15e 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -113,10 +113,6 @@ New check aliases
 Changes in existing checks
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-- Improved :doc:`bugprone-unsafe-functions
-  <clang-tidy/checks/bugprone/unsafe-functions>`, added `ctime` and `localtime`
-  to unsafe functions check in clang-tidy.
-
 - Improved :doc:`bugprone-casting-through-void
   <clang-tidy/checks/bugprone/casting-through-void>` check to suggest replacing
   the offending code with ``reinterpret_cast``, to more clearly express intent.
@@ -143,6 +139,10 @@ Changes in existing checks
   `bsl::optional` and `bdlb::NullableValue` from
   <https://github.com/bloomberg/bde>_.
 
+- Improved :doc:`bugprone-unsafe-functions
+  <clang-tidy/checks/bugprone/unsafe-functions>`, added `ctime` and `localtime`
+  to unsafe functions check in clang-tidy.
+
 - Improved :doc:`bugprone-unsafe-functions
   <clang-tidy/checks/bugprone/unsafe-functions>` check to allow specifying
   additional functions to match.

>From 4772cfe40ce50164ce1685f4e7d0ececaee6351a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 18:00:54 +0200
Subject: [PATCH 13/36] updated release notes

---
 clang-tools-extra/docs/ReleaseNotes.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index 50eaf0a1b4b15e..f4fce10ae71b8e 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -140,8 +140,8 @@ Changes in existing checks
   <https://github.com/bloomberg/bde>_.
 
 - Improved :doc:`bugprone-unsafe-functions
-  <clang-tidy/checks/bugprone/unsafe-functions>`, added `ctime` and `localtime`
-  to unsafe functions check in clang-tidy.
+  <clang-tidy/checks/bugprone/unsafe-functions>` by adding ``ctime`` and
+  ``localtime`` functions.
 
 - Improved :doc:`bugprone-unsafe-functions
   <clang-tidy/checks/bugprone/unsafe-functions>` check to allow specifying

>From 72952bb1d968d57e6c7d254d590d24f9f178058e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 18:29:12 +0200
Subject: [PATCH 14/36] fix: function for unsafe functions check

---
 .../clang-tidy/bugprone/UnsafeFunctionsCheck.cpp              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
index f058e5ae40680f..106e6c13eb00f5 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
@@ -50,8 +50,8 @@ static StringRef getReplacementFor(StringRef FunctionName,
     StringRef AnnexKReplacementFunction =
         StringSwitch<StringRef>(FunctionName)
             .Cases("asctime", "asctime_r", "asctime_s")
-            .Cases("ctime", "ctime_r")
-            .Cases("localtime", "localtime_r")
+            .Case("ctime", "ctime_r")
+            .Case("localtime", "localtime_r")
             .Case("gets", "gets_s")
             .Default({});
     if (!AnnexKReplacementFunction.empty())

>From d1e26986b87a964b94bd31869306496e80d46472 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 18:40:23 +0200
Subject: [PATCH 15/36] add `ctime` and `localtime` to standard library checks

---
 clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
index 106e6c13eb00f5..e5fdc8b1f452a3 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
@@ -62,6 +62,8 @@ static StringRef getReplacementFor(StringRef FunctionName,
   // should be matched and suggested.
   return StringSwitch<StringRef>(FunctionName)
       .Cases("asctime", "asctime_r", "strftime")
+      .Case("ctime", "ctime_r")
+      .Case("localtime", "localtime_r")
       .Case("gets", "fgets")
       .Case("rewind", "fseek")
       .Case("setbuf", "setvbuf");

>From 6e57fe468d3862fcbd3f2456e4674dceb20e7453 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 18:42:33 +0200
Subject: [PATCH 16/36] added `ctime` and `localtime` to bounds checking checks

---
 .../clang-tidy/bugprone/UnsafeFunctionsCheck.cpp              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
index e5fdc8b1f452a3..b283e7f82a231b 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
@@ -94,8 +94,8 @@ static StringRef getReplacementForAdditional(StringRef FunctionName,
 /// safer alternative.
 static StringRef getRationaleFor(StringRef FunctionName) {
   return StringSwitch<StringRef>(FunctionName)
-      .Cases("asctime", "asctime_r", "ctime",
-             "is not bounds-checking and non-reentrant")
+      .Cases("asctime", "asctime_r", "ctime", "ctime_r", "localtime",
+             "localtime_r", "is not bounds-checking and non-reentrant")
       .Cases("bcmp", "bcopy", "bzero", "is deprecated")
       .Cases("fopen", "freopen", "has no exclusive access to the opened file")
       .Case("gets", "is insecure, was deprecated and removed in C11 and C++14")

>From ef0d8e2b562ee0968ee4691a0fb0c784da618036 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 18:45:04 +0200
Subject: [PATCH 17/36] added ctime and localtime to functions list

---
 .../clang-tidy/bugprone/UnsafeFunctionsCheck.cpp              | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
index b283e7f82a231b..e6b60d1eb411fa 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
@@ -228,7 +228,9 @@ void UnsafeFunctionsCheck::registerMatchers(MatchFinder *Finder) {
 
     // Matching functions with replacements without Annex K.
     auto FunctionNamesMatcher =
-        hasAnyName("::asctime", "asctime_r", "::gets", "::rewind", "::setbuf");
+        hasAnyName("::asctime", "asctime_r", "::ctime", "ctime_r",
+                   "::localtime", "localtime_r", "::gets", "::rewind",
+                   "::setbuf");
     Finder->addMatcher(
         declRefExpr(
             to(functionDecl(FunctionNamesMatcher).bind(FunctionNamesId)))

>From 43619ca51a041ac58cda2b1950e4055047c579b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 18:51:15 +0200
Subject: [PATCH 18/36] format code with clang-format

---
 .../clang-tidy/bugprone/UnsafeFunctionsCheck.cpp           | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
index e6b60d1eb411fa..c4bdda55808d1e 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
@@ -227,10 +227,9 @@ void UnsafeFunctionsCheck::registerMatchers(MatchFinder *Finder) {
     }
 
     // Matching functions with replacements without Annex K.
-    auto FunctionNamesMatcher =
-        hasAnyName("::asctime", "asctime_r", "::ctime", "ctime_r",
-                   "::localtime", "localtime_r", "::gets", "::rewind",
-                   "::setbuf");
+    auto FunctionNamesMatcher = hasAnyName(
+        "::asctime", "asctime_r", "::ctime", "ctime_r", "::localtime",
+        "localtime_r", "::gets", "::rewind", "::setbuf");
     Finder->addMatcher(
         declRefExpr(
             to(functionDecl(FunctionNamesMatcher).bind(FunctionNamesId)))

>From 8b6931dc25ab882a129616fe9c3c7be07272f3e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 19:23:14 +0200
Subject: [PATCH 19/36] fix: tests

---
 .../clang-tidy/checkers/bugprone/unsafe-functions.c  | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 0409dd6bfcaa3d..71e1db7672b244 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -50,6 +50,8 @@ void f1w(wchar_t *S) {
 
 struct tm;
 char *asctime(const struct tm *TimePtr);
+char *ctime(const struct tm *TimePtr);
+char *localtime(const struct tm *tm);
 
 void f2(const struct tm *Time) {
   asctime(Time);
@@ -57,6 +59,16 @@ void f2(const struct tm *Time) {
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
+  ctime(Time);
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
+  localtime(Time);
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
   char *(*F1)(const struct tm *) = asctime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead

>From 518112ee6f16c3eaafe1a5d44838b7e3d15d74c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 19:26:41 +0200
Subject: [PATCH 20/36] fix: tests

---
 .../checkers/bugprone/unsafe-functions.c      | 24 +++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 71e1db7672b244..635bf626677178 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -60,12 +60,12 @@ void f2(const struct tm *Time) {
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
   ctime(Time);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
   localtime(Time);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
@@ -78,6 +78,26 @@ void f2(const struct tm *Time) {
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
+  struct tm *(*F1)(const struct tm *) = ctime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
+  struct tm *(*F2)(const struct tm *) = &ctime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
+  struct tm *(*F1)(const struct tm *) = localtime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
+  struct tm *(*F2)(const struct tm *) = &localtime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 }
 
 typedef void *FILE;

>From f4864b89d73ad0b8350454d954b21624f93ce432 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 19:30:34 +0200
Subject: [PATCH 21/36] fix: tests for `ctime`

---
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 635bf626677178..6bd70a672b7ea0 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -79,12 +79,12 @@ void f2(const struct tm *Time) {
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
-  struct tm *(*F1)(const struct tm *) = ctime;
+  char *(*F1)(const struct tm *) = ctime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
-  struct tm *(*F2)(const struct tm *) = &ctime;
+  char *(*F2)(const struct tm *) = &ctime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead

>From 105227dd48b5fc4a96789f2e95248868c566bc57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 19:32:16 +0200
Subject: [PATCH 22/36] fix: message for localtime

---
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 6bd70a672b7ea0..8e3478d365a35f 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -90,9 +90,9 @@ void f2(const struct tm *Time) {
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
   struct tm *(*F1)(const struct tm *) = localtime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
   struct tm *(*F2)(const struct tm *) = &localtime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead

>From d8765571f6ea723efe89f7e85740e2661d4808c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 20:06:42 +0200
Subject: [PATCH 23/36] fix: tests for ctime and localtime

---
 .../checkers/bugprone/unsafe-functions.c      | 42 ++++---------------
 1 file changed, 8 insertions(+), 34 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 8e3478d365a35f..9d61836468b24c 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -50,8 +50,6 @@ void f1w(wchar_t *S) {
 
 struct tm;
 char *asctime(const struct tm *TimePtr);
-char *ctime(const struct tm *TimePtr);
-char *localtime(const struct tm *tm);
 
 void f2(const struct tm *Time) {
   asctime(Time);
@@ -59,16 +57,6 @@ void f2(const struct tm *Time) {
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
-  ctime(Time);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  localtime(Time);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
   char *(*F1)(const struct tm *) = asctime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
@@ -78,26 +66,6 @@ void f2(const struct tm *Time) {
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  char *(*F1)(const struct tm *) = ctime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  char *(*F2)(const struct tm *) = &ctime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  struct tm *(*F1)(const struct tm *) = localtime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  struct tm *(*F2)(const struct tm *) = &localtime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 }
 
 typedef void *FILE;
@@ -137,11 +105,17 @@ void f3(char *S, FILE *F) {
 
 typedef int time_t;
 char *ctime(const time_t *Timer);
+struct tm *localtime(const struct tm *tm);
 
 void f4(const time_t *Timer) {
   ctime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // no-warning WITHOUT-ANNEX-K
+
+  localtime(Time);
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
   // no-warning WITHOUT-ANNEX-K
 }
 

>From d5cef8c1ba3f4d900c5af3eba9d66a538d22c2a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 20:08:57 +0200
Subject: [PATCH 24/36] add ctime and localtime safe functions

---
 .../clang-tidy/checkers/bugprone/unsafe-functions.c    | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 9d61836468b24c..040d1b9aeef3c9 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -161,6 +161,8 @@ void fOptional() {
 typedef int errno_t;
 typedef size_t rsize_t;
 errno_t asctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
+errno_t ctime_r(char *S, rsize_t Maxsize, const struct tm *TimePtr);
+errno_t localtime_r(char *S, rsize_t Maxsize, const struct tm *tm);
 errno_t strcat_s(char *S1, rsize_t S1Max, const char *S2);
 
 void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
@@ -170,6 +172,14 @@ void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
   if (asctime_s(Buf, BUFSIZ, Time) != 0)
     return;
 
+  // no-warning, safe function from annex K is used
+  if (ctime_s(Buf, BUFSIZ, Time) != 0)
+    return;
+
+  // no-warning, safe function from annex K is used
+  if (localtime_s(Buf, BUFSIZ, Time) != 0)
+    return;
+
   // no-warning, safe function from annex K is used
   if (strcat_s(Buf, BUFSIZ, "something") != 0)
     return;

>From 18284985275767e4dfea86ae6b440464e94c3874 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 20:10:19 +0200
Subject: [PATCH 25/36] fix: localtime_r argument

---
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 040d1b9aeef3c9..3e77af2a8a5148 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -162,7 +162,7 @@ typedef int errno_t;
 typedef size_t rsize_t;
 errno_t asctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
 errno_t ctime_r(char *S, rsize_t Maxsize, const struct tm *TimePtr);
-errno_t localtime_r(char *S, rsize_t Maxsize, const struct tm *tm);
+errno_t localtime_r(char *S, rsize_t Maxsize, const struct tm *TimePtr);
 errno_t strcat_s(char *S1, rsize_t S1Max, const char *S2);
 
 void fUsingSafeFunctions(const struct tm *Time, FILE *F) {

>From 3813d1e156fb381521d22b86178d6b38f6086b75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 20:11:14 +0200
Subject: [PATCH 26/36] use `_r` functions, since `_s` functions are not
 implemented

---
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 3e77af2a8a5148..86b00b504513bf 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -173,11 +173,11 @@ void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
     return;
 
   // no-warning, safe function from annex K is used
-  if (ctime_s(Buf, BUFSIZ, Time) != 0)
+  if (ctime_r(Buf, BUFSIZ, Time) != 0)
     return;
 
   // no-warning, safe function from annex K is used
-  if (localtime_s(Buf, BUFSIZ, Time) != 0)
+  if (localtime_r(Buf, BUFSIZ, Time) != 0)
     return;
 
   // no-warning, safe function from annex K is used

>From 5302c1ba92a7406caf4249279552ab4c3b701c99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 20:19:40 +0200
Subject: [PATCH 27/36] safe functions should be used

---
 .../checkers/bugprone/unsafe-functions.c         | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 86b00b504513bf..d5a14c3b16630b 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -109,13 +109,13 @@ struct tm *localtime(const struct tm *tm);
 
 void f4(const time_t *Timer) {
   ctime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K
 
   localtime(Time);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K
 }
 
@@ -161,8 +161,8 @@ void fOptional() {
 typedef int errno_t;
 typedef size_t rsize_t;
 errno_t asctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
-errno_t ctime_r(char *S, rsize_t Maxsize, const struct tm *TimePtr);
-errno_t localtime_r(char *S, rsize_t Maxsize, const struct tm *TimePtr);
+errno_t ctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
+errno_t localtime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
 errno_t strcat_s(char *S1, rsize_t S1Max, const char *S2);
 
 void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
@@ -173,11 +173,11 @@ void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
     return;
 
   // no-warning, safe function from annex K is used
-  if (ctime_r(Buf, BUFSIZ, Time) != 0)
+  if (ctime_s(Buf, BUFSIZ, Time) != 0)
     return;
 
   // no-warning, safe function from annex K is used
-  if (localtime_r(Buf, BUFSIZ, Time) != 0)
+  if (localtime_s(Buf, BUFSIZ, Time) != 0)
     return;
 
   // no-warning, safe function from annex K is used

>From ccb3422a3773f987e1ea6c94b4df04ce1a63ddce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 20:41:18 +0200
Subject: [PATCH 28/36] use safe functions

---
 .../clang-tidy/bugprone/UnsafeFunctionsCheck.cpp          | 8 ++++----
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c  | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
index c4bdda55808d1e..322fd82464e798 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp
@@ -50,8 +50,8 @@ static StringRef getReplacementFor(StringRef FunctionName,
     StringRef AnnexKReplacementFunction =
         StringSwitch<StringRef>(FunctionName)
             .Cases("asctime", "asctime_r", "asctime_s")
-            .Case("ctime", "ctime_r")
-            .Case("localtime", "localtime_r")
+            .Cases("ctime", "ctime_r", "ctime_s")
+            .Cases("localtime", "localtime_r", "localtime_s")
             .Case("gets", "gets_s")
             .Default({});
     if (!AnnexKReplacementFunction.empty())
@@ -62,8 +62,8 @@ static StringRef getReplacementFor(StringRef FunctionName,
   // should be matched and suggested.
   return StringSwitch<StringRef>(FunctionName)
       .Cases("asctime", "asctime_r", "strftime")
-      .Case("ctime", "ctime_r")
-      .Case("localtime", "localtime_r")
+      .Cases("ctime", "ctime_r", "ctime_s")
+      .Cases("localtime", "localtime_r", "localtime_s")
       .Case("gets", "fgets")
       .Case("rewind", "fseek")
       .Case("setbuf", "setvbuf");
diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index d5a14c3b16630b..95eb3613258453 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -162,10 +162,10 @@ typedef int errno_t;
 typedef size_t rsize_t;
 errno_t asctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
 errno_t ctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
-errno_t localtime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
+errno_t localtime_s(struct tm *TimePtr, time_t *Timep);
 errno_t strcat_s(char *S1, rsize_t S1Max, const char *S2);
 
-void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
+void fUsingSafeFunctions(const struct tm *Time, FILE *F, time_t *Timep) {
   char Buf[BUFSIZ] = {0};
 
   // no-warning, safe function from annex K is used
@@ -177,7 +177,7 @@ void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
     return;
 
   // no-warning, safe function from annex K is used
-  if (localtime_s(Buf, BUFSIZ, Time) != 0)
+  if (localtime_s(Time, Timep) != 0)
     return;
 
   // no-warning, safe function from annex K is used

>From a0dada8b4bffdade86863179128a33abc44889ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 21:24:19 +0200
Subject: [PATCH 29/36] fix: localtime argument

---
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 95eb3613258453..0a321f3981be54 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -113,7 +113,7 @@ void f4(const time_t *Timer) {
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K
 
-  localtime(Time);
+  localtime(Timer);
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K

>From 0f322ffc40a6a6d3e46b45f9a8969cabd9f2a3c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Mon, 30 Sep 2024 22:14:51 +0200
Subject: [PATCH 30/36] temporarily use `_r` functions

---
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 0a321f3981be54..56f31232c37e39 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -109,13 +109,13 @@ struct tm *localtime(const struct tm *tm);
 
 void f4(const time_t *Timer) {
   ctime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
   // no-warning WITHOUT-ANNEX-K
 
   localtime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
   // no-warning WITHOUT-ANNEX-K
 }
 

>From 06ceefd9930bf96dd1698dd0fb68031c5f0886e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Tue, 1 Oct 2024 18:41:56 +0200
Subject: [PATCH 31/36] use `_s` functions and add functions for `ctime` and
 `localtime`

---
 .../checkers/bugprone/unsafe-functions.c       | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 56f31232c37e39..12e042347b9eb4 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -109,13 +109,23 @@ struct tm *localtime(const struct tm *tm);
 
 void f4(const time_t *Timer) {
   ctime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K
 
   localtime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_r' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // no-warning WITHOUT-ANNEX-K
+
+  char *(*F4)(const struct tm *) = &ctime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // no-warning WITHOUT-ANNEX-K
+
+  struct tm *(*F4)(const struct tm *) = &localtime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K
 }
 

>From 7096b48b37954519de028a1408cebcb5001e59e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Tue, 1 Oct 2024 19:33:20 +0200
Subject: [PATCH 32/36] fix: function names

---
 .../test/clang-tidy/checkers/bugprone/unsafe-functions.c      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index 12e042347b9eb4..aeab8ad69d4e69 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -118,12 +118,12 @@ void f4(const time_t *Timer) {
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K
 
-  char *(*F4)(const struct tm *) = &ctime;
+  char *(*F1)(const struct tm *) = &ctime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K
 
-  struct tm *(*F4)(const struct tm *) = &localtime;
+  struct tm *(*F2)(const struct tm *) = &localtime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // no-warning WITHOUT-ANNEX-K

>From 688a8d1e381fb334ecd654c495fa56e7e74fec20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Tue, 1 Oct 2024 20:10:25 +0200
Subject: [PATCH 33/36] fix: tests for clang-tidy

---
 .../checkers/bugprone/unsafe-functions.c      | 38 ++++++++++++-------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index aeab8ad69d4e69..cd607f783259db 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -105,28 +105,38 @@ void f3(char *S, FILE *F) {
 
 typedef int time_t;
 char *ctime(const time_t *Timer);
-struct tm *localtime(const struct tm *tm);
+struct tm *localtime(const time_t *Timer);
 
 void f4(const time_t *Timer) {
   ctime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // no-warning WITHOUT-ANNEX-K
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:116: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:116: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:116: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
   localtime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // no-warning WITHOUT-ANNEX-K
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:116: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:116: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:116: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
+  char *(*F1)(const time_t *) = ctime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
-  char *(*F1)(const struct tm *) = &ctime;
+  char *(*F2)(const time_t *) = &ctime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // no-warning WITHOUT-ANNEX-K
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+
+  struct tm *(*F4)(const time_t *) = localtime;
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 
-  struct tm *(*F2)(const struct tm *) = &localtime;
+  struct tm *(*F5)(const time_t *) = &localtime;
   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // no-warning WITHOUT-ANNEX-K
+  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
 }
 
 #define BUFSIZ 128
@@ -171,8 +181,8 @@ void fOptional() {
 typedef int errno_t;
 typedef size_t rsize_t;
 errno_t asctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
-errno_t ctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
-errno_t localtime_s(struct tm *TimePtr, time_t *Timep);
+errno_t ctime_s(char *S, rsize_t Maxsize, const time_t *Timep);
+errno_t localtime_s(const time_t *Timep, rsize_t Maxsize, const struct tm *TimePtr);
 errno_t strcat_s(char *S1, rsize_t S1Max, const char *S2);
 
 void fUsingSafeFunctions(const struct tm *Time, FILE *F, time_t *Timep) {
@@ -187,7 +197,7 @@ void fUsingSafeFunctions(const struct tm *Time, FILE *F, time_t *Timep) {
     return;
 
   // no-warning, safe function from annex K is used
-  if (localtime_s(Time, Timep) != 0)
+  if (localtime_s(Timep, BUFSIZ, Time) != 0)
     return;
 
   // no-warning, safe function from annex K is used

>From f62583c7ea42c86acd7f55a38da5428d62b3d5b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Tue, 1 Oct 2024 21:03:38 +0200
Subject: [PATCH 34/36] temporarily remove localtime

---
 .../checkers/bugprone/unsafe-functions.c      | 31 ++-----------------
 1 file changed, 3 insertions(+), 28 deletions(-)

diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index cd607f783259db..bb442978420975 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -109,34 +109,9 @@ struct tm *localtime(const time_t *Timer);
 
 void f4(const time_t *Timer) {
   ctime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:116: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:116: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:116: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  localtime(Timer);
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:116: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:116: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:116: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  char *(*F1)(const time_t *) = ctime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  char *(*F2)(const time_t *) = &ctime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'ctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  struct tm *(*F4)(const time_t *) = localtime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
-
-  struct tm *(*F5)(const time_t *) = &localtime;
-  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'localtime_s' should be used instead
-  // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'localtime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
+  // no-warning WITHOUT-ANNEX-K
 }
 
 #define BUFSIZ 128

>From 096ddb455aeb9e562e0b383fb6822e5bee6daa7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Tue, 1 Oct 2024 21:04:05 +0200
Subject: [PATCH 35/36] add tests for ctime and localtime

---
 .../Inputs/std-c-library-functions-POSIX.h    |  4 ++-
 clang/test/Analysis/cert/env34-c.c            | 32 +++++++++++++++++--
 .../Analysis/std-c-library-functions-POSIX.c  |  4 ++-
 3 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/clang/test/Analysis/Inputs/std-c-library-functions-POSIX.h b/clang/test/Analysis/Inputs/std-c-library-functions-POSIX.h
index b146068eedb080..16941434ab78e0 100644
--- a/clang/test/Analysis/Inputs/std-c-library-functions-POSIX.h
+++ b/clang/test/Analysis/Inputs/std-c-library-functions-POSIX.h
@@ -174,9 +174,11 @@ int utimensat(int dirfd, const char *pathname, const struct timespec times[2], i
 int utimes(const char *filename, const struct timeval times[2]);
 int nanosleep(const struct timespec *rqtp, struct timespec *rmtp);
 struct tm *localtime(const time_t *tp);
-struct tm *localtime_r(const time_t *restrict timer, struct tm *restrict result);
+struct tm *localtime_r(const time_t *timer, struct tm *result);
+struct tm *localtime_s(const time_t *restrict timer, struct tm *restrict result);
 char *asctime_r(const struct tm *restrict tm, char *restrict buf);
 char *ctime_r(const time_t *timep, char *buf);
+char *ctime_s(char *buf, rsize_t buf_size, const time_t *timep);
 struct tm *gmtime_r(const time_t *restrict timer, struct tm *restrict result);
 struct tm *gmtime(const time_t *tp);
 int clock_gettime(clockid_t clock_id, struct timespec *tp);
diff --git a/clang/test/Analysis/cert/env34-c.c b/clang/test/Analysis/cert/env34-c.c
index ae344a815679ec..0f1dd8707f98f4 100644
--- a/clang/test/Analysis/cert/env34-c.c
+++ b/clang/test/Analysis/cert/env34-c.c
@@ -16,8 +16,8 @@ lconv *localeconv(void);
 typedef struct {
 } tm;
 char *asctime(const tm *timeptr);
-char *ctime(const tm *timeptr);
-struct tm *localtime(struct tm *tm);
+char *ctime(const time_t *time);
+struct tm *localtime(const time_t *time);
 
 int strcmp(const char*, const char*);
 extern void foo(char *e);
@@ -315,6 +315,34 @@ void asctime_test(void) {
   // expected-note at -2{{dereferencing an invalid pointer}}
 }
 
+void ctime_test(void) {
+  const time_t *t;
+  const time_t *tt;
+
+  char* p = ctime(t);
+  // expected-note at -1{{previous function call was here}}
+  char* pp = ctime(tt);
+  // expected-note at -1{{'ctime' call may invalidate the result of the previous 'ctime'}}
+
+  *p;
+  // expected-warning at -1{{dereferencing an invalid pointer}}
+  // expected-note at -2{{dereferencing an invalid pointer}}
+}
+
+void time_test(void) {
+  const time_t *t;
+  const time_t *tt;
+
+  struct tm* p = localtime(t);
+  // expected-note at -1{{previous function call was here}}
+  struct tm* pp = localtime(tt);
+  // expected-note at -1{{'localtime' call may invalidate the result of the previous 'localtime'}}
+
+  *p;
+  // expected-warning at -1{{dereferencing an invalid pointer}}
+  // expected-note at -2{{dereferencing an invalid pointer}}
+}
+
 void localeconv_test1(void) {
   lconv *lc1 = localeconv();
   // expected-note at -1{{previous function call was here}}
diff --git a/clang/test/Analysis/std-c-library-functions-POSIX.c b/clang/test/Analysis/std-c-library-functions-POSIX.c
index b53f3132b86877..872165e542e17e 100644
--- a/clang/test/Analysis/std-c-library-functions-POSIX.c
+++ b/clang/test/Analysis/std-c-library-functions-POSIX.c
@@ -129,9 +129,11 @@
 // CHECK: Loaded summary for: int utimes(const char *filename, const struct timeval times[2])
 // CHECK: Loaded summary for: int nanosleep(const struct timespec *rqtp, struct timespec *rmtp)
 // CHECK: Loaded summary for: struct tm *localtime(const time_t *tp)
-// CHECK: Loaded summary for: struct tm *localtime_r(const time_t *restrict timer, struct tm *restrict result)
+// CHECK: Loaded summary for: struct tm *localtime_r(const time_t *timer, struct tm *result)
+// CHECK: Loaded summary for: struct tm *localtime_s(const time_t *restrict timer, struct tm *restrict result)
 // CHECK: Loaded summary for: char *asctime_r(const struct tm *restrict tm, char *restrict buf)
 // CHECK: Loaded summary for: char *ctime_r(const time_t *timep, char *buf)
+// CHECK: Loaded summary for: char *ctime_s(char *buf, rsize_t buf_size, const time_t *timep)
 // CHECK: Loaded summary for: struct tm *gmtime_r(const time_t *restrict timer, struct tm *restrict result)
 // CHECK: Loaded summary for: struct tm *gmtime(const time_t *tp)
 // CHECK: Loaded summary for: int clock_gettime(clockid_t clock_id, struct timespec *tp)

>From db3832f8efaa1aa8fbfe67b020631699c4583855 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B8=D1=88=D0=B0=D0=BD=20=D0=9C=D0=B8=D1=80=D0=B7?=
 =?UTF-8?q?=D0=B0?= <zmirza at tutanota.de>
Date: Fri, 4 Oct 2024 20:18:55 +0200
Subject: [PATCH 36/36] update tests for ctime and localtime

---
 .../checks/bugprone/unsafe-functions.rst      |  2 ++
 .../checkers/bugprone/unsafe-functions.c      |  1 -
 .../Checkers/StdLibraryFunctionsChecker.cpp   | 25 +++++++++++++++++--
 .../Inclusions/Stdlib/StdSymbolMap.inc        |  4 +--
 clang/test/Analysis/cert/env34-c.c            |  2 +-
 .../lib/dfsan/libc_ubuntu1404_abilist.txt     |  2 ++
 .../sanitizer_common_interceptors.inc         | 23 +++++++++++++++++
 7 files changed, 53 insertions(+), 6 deletions(-)

diff --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst
index 0199e63d89152c..2b3f4df6001185 100644
--- a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst
@@ -41,6 +41,8 @@ If *Annex K.* is not available, replacements are suggested only for the
 following functions from the previous list:
 
  - ``asctime``, ``asctime_r``, suggested replacement: ``strftime``
+ - ``ctime``, ``ctime_r``, suggested replacement: ``ctime_s``
+ - ``localtime``, ``localtime_r``, suggested replacement: ``localtime_s``
  - ``gets``, suggested replacement: ``fgets``
 
 The following functions are always checked, regardless of *Annex K* availability:
diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
index bb442978420975..bc1e6007201bb2 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c
@@ -105,7 +105,6 @@ void f3(char *S, FILE *F) {
 
 typedef int time_t;
 char *ctime(const time_t *Timer);
-struct tm *localtime(const time_t *Timer);
 
 void f4(const time_t *Timer) {
   ctime(Timer);
diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
index 4f30b2a0e7e7da..825d8a1bb12b52 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
@@ -3532,10 +3532,20 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
         Signature(ArgTypes{ConstTime_tPtrTy}, RetType{StructTmPtrTy}),
         Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0))));
 
-    // struct tm *localtime_r(const time_t *restrict timer,
-    //                        struct tm *restrict result);
+    // struct tm *localtime_r(const time_t *timer,
+    //                        struct tm *result);
     addToFunctionSummaryMap(
         "localtime_r",
+        Signature(ArgTypes{ConstTime_tPtrTy, StructTmPtrTy},
+                  RetType{StructTmPtrTy}),
+        Summary(NoEvalCall)
+            .ArgConstraint(NotNull(ArgNo(0)))
+            .ArgConstraint(NotNull(ArgNo(1))));
+
+    // struct tm *localtime_s(const time_t *restrict timer,
+    //                        struct tm *restrict result);
+    addToFunctionSummaryMap(
+        "localtime_s",
         Signature(ArgTypes{ConstTime_tPtrRestrictTy, StructTmPtrRestrictTy},
                   RetType{StructTmPtrTy}),
         Summary(NoEvalCall)
@@ -3564,6 +3574,17 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
                 /*Buffer=*/ArgNo(1),
                 /*MinBufSize=*/BVF.getValue(26, IntTy))));
 
+    // char *ctime_r(char *buf, rsize_t buf_size, const time_t *timep);
+    addToFunctionSummaryMap(
+        "ctime_s",
+        Signature(ArgTypes{CharPtrTy, BufferSize(ArgNo(1), BVF.getValue(26, IntTy)), ConstTime_tPtrTy}, RetType{CharPtrTy}),
+        Summary(NoEvalCall)
+            .ArgConstraint(NotNull(ArgNo(0)))
+            .ArgConstraint(NotNull(ArgNo(1)))
+            .ArgConstraint(BufferSize(
+                /*Buffer=*/ArgNo(1),
+                /*MinBufSize=*/BVF.getValue(26, IntTy))));
+
     // struct tm *gmtime_r(const time_t *restrict timer,
     //                     struct tm *restrict result);
     addToFunctionSummaryMap(
diff --git a/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc b/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
index b46bd2e4d7a4b5..11b48a422b65b9 100644
--- a/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
+++ b/clang/lib/Tooling/Inclusions/Stdlib/StdSymbolMap.inc
@@ -1994,8 +1994,8 @@ SYMBOL(locale, std::, <locale>)
 SYMBOL(localeconv, std::, <clocale>)
 SYMBOL(localeconv, None, <clocale>)
 SYMBOL(localeconv, None, <locale.h>)
-SYMBOL(localtime, std::, <ctime>)
-SYMBOL(localtime, None, <ctime>)
+SYMBOL(localtime, std::, <localtime>)
+SYMBOL(localtime, None, <localtime>)
 SYMBOL(localtime, None, <time.h>)
 SYMBOL(lock, std::, <mutex>)
 SYMBOL(lock_guard, std::, <mutex>)
diff --git a/clang/test/Analysis/cert/env34-c.c b/clang/test/Analysis/cert/env34-c.c
index 0f1dd8707f98f4..3e764543b7ed0b 100644
--- a/clang/test/Analysis/cert/env34-c.c
+++ b/clang/test/Analysis/cert/env34-c.c
@@ -329,7 +329,7 @@ void ctime_test(void) {
   // expected-note at -2{{dereferencing an invalid pointer}}
 }
 
-void time_test(void) {
+void localtime_test(void) {
   const time_t *t;
   const time_t *tt;
 
diff --git a/compiler-rt/lib/dfsan/libc_ubuntu1404_abilist.txt b/compiler-rt/lib/dfsan/libc_ubuntu1404_abilist.txt
index 9ffa56a238185f..d0d6e74743d32f 100644
--- a/compiler-rt/lib/dfsan/libc_ubuntu1404_abilist.txt
+++ b/compiler-rt/lib/dfsan/libc_ubuntu1404_abilist.txt
@@ -1547,6 +1547,7 @@ fun:ctanl=uninstrumented
 fun:ctermid=uninstrumented
 fun:ctime=uninstrumented
 fun:ctime_r=uninstrumented
+fun:ctime_s=uninstrumented
 fun:cuserid=uninstrumented
 fun:daemon=uninstrumented
 fun:dcgettext=uninstrumented
@@ -2205,6 +2206,7 @@ fun:llseek=uninstrumented
 fun:localeconv=uninstrumented
 fun:localtime=uninstrumented
 fun:localtime_r=uninstrumented
+fun:localtime_s=uninstrumented
 fun:lockf=uninstrumented
 fun:lockf64=uninstrumented
 fun:log=uninstrumented
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 7898af4a335e3a..bd516eaaffa11e 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -1374,6 +1374,16 @@ INTERCEPTOR(__sanitizer_tm *, localtime_r, unsigned long *timep, void *result) {
   }
   return res;
 }
+INTERCEPTOR(__sanitizer_tm *, localtime_s, unsigned long *timep, void *result) {
+  void *ctx;
+  COMMON_INTERCEPTOR_ENTER(ctx, localtime_r, timep, result);
+  __sanitizer_tm *res = REAL(localtime_r)(timep, result);
+  if (res) {
+    COMMON_INTERCEPTOR_READ_RANGE(ctx, timep, sizeof(*timep));
+    unpoison_tm(ctx, res);
+  }
+  return res;
+}
 INTERCEPTOR(__sanitizer_tm *, gmtime, unsigned long *timep) {
   void *ctx;
   COMMON_INTERCEPTOR_ENTER(ctx, gmtime, timep);
@@ -1420,6 +1430,19 @@ INTERCEPTOR(char *, ctime_r, unsigned long *timep, char *result) {
   }
   return res;
 }
+INTERCEPTOR(char *, ctime_s, char* result, size_t result_size, unsigned long *timep) {
+  void *ctx;
+  COMMON_INTERCEPTOR_ENTER(ctx, ctime_s, result, result_size, timep);
+  // FIXME: under ASan the call below may write to freed memory and corrupt
+  // its metadata. See
+  // https://github.com/google/sanitizers/issues/321.
+  char *res = REAL(ctime_r)(result, result_size, timep);
+  if (res) {
+    COMMON_INTERCEPTOR_READ_RANGE(ctx, timep, sizeof(*timep));
+    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, internal_strlen(res) + 1);
+  }
+  return res;
+}
 INTERCEPTOR(char *, asctime, __sanitizer_tm *tm) {
   void *ctx;
   COMMON_INTERCEPTOR_ENTER(ctx, asctime, tm);



More information about the cfe-commits mailing list