[clang] [clang][analyzer] Add AllowWithoutC11 option to DeprecatedOrUnsafeBuf… (PR #168704)

Balázs Benics via cfe-commits cfe-commits at lists.llvm.org
Wed Nov 26 05:12:20 PST 2025 

================
@@ -1,48 +1,38 @@
 // Test 1: Without C11 and without flag - should NOT warn
-// RUN: %clang_analyze_cc1 %s -verify -std=gnu99 \
-// RUN:   -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \
-// RUN:   -DEXPECT_NO_WARNINGS
+// RUN: %clang_analyze_cc1 %s -verify=c99-noflag -std=gnu99 \
+// RUN:   -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling
 
 // Test 2: Without C11 but with flag enabled - should warn
-// RUN: %clang_analyze_cc1 %s -verify -std=gnu99 \
+// RUN: %clang_analyze_cc1 %s -verify=c99-withflag -std=gnu99 \
 // RUN:   -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \
-// RUN:   -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true \
-// RUN:   -DEXPECT_WARNINGS
+// RUN:   -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true
 
 // Test 3: With C11 - should warn (existing behavior)
-// RUN: %clang_analyze_cc1 %s -verify -std=gnu11 \
-// RUN:   -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \
-// RUN:   -DEXPECT_WARNINGS
+// RUN: %clang_analyze_cc1 %s -verify=c11 -std=gnu11 \
+// RUN:   -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling
 
 #include "Inputs/system-header-simulator.h"
 
 extern char buf[128];
 extern char src[128];
 
+// c99-noflag-no-diagnostics
+
 void test_memcpy(void) {
   memcpy(buf, src, 10);
-#ifdef EXPECT_WARNINGS
-  // expected-warning at -2{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}}
-#else
-  // expected-no-diagnostics
-#endif
+  // c99-withflag-warning at -1{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}}
+  // c11-warning at -2{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}}
----------------
steakhal wrote:

You can share the same expectation across run lines. I usually call the shared parts as 'common'.
So the flag would look like `--verify=c99-withflag,common`, and than `// c99-withflag {{...}}` and `// common-warning {{...}}` would also match on the lines.


https://github.com/llvm/llvm-project/pull/168704

More information about the cfe-commits mailing list