A `const &` parameter can also be returned via a conditional operator:
`c ? a : b`. This change adds support for diagnosing returning these
parameters
with conditional operators.
Fix#113652.
When calling `Node.isAggregate()` and `Node.isPOD()`, if `Node` is declared but
not defined, it will result in null pointer dereference (and if assertions are
enabled, it will cause an assertion failure).
Previously the name of anonymous enums in the check were `enum 'enum
(unnamed at /full/path/to/file.c:1:1)'`, which breaks reproducibility of
clang-tidy reports when the analyzed project is in a different folder.
This change moves the `alpha.nondeterministic.PointerSorting` and
`alpha.nondeterministic.PointerIteration` static analyzer checkers to a
single `clang-tidy` check. Those checkers were implemented as simple
`clang-tidy` check-like code, wrapped in the static analyzer framework.
The documentation was updated to describe what the checks can and cannot
do, and testing was completed on a broad set of open-source projects.
Co-authored-by: Vince Bridgers <vince.a.bridgers@ericsson.com>
Fixed#111013
bool will be builtin type in C23 but comparison result in C is still
int.
It is no need to change this kind of implicit cast to explicit cast.
Treat calls to zero-param const methods as having stable return values
(with a cache) to address issue #58510. The cache is invalidated when
non-const methods are called. This uses the infrastructure from PR
#111006.
For now we cache methods returning:
- ref to optional
- optional by value
- booleans
We can extend that to pointers to optional in a next change.
In some cases and for projects that deal with a lot of low-level buffers, a
pattern often emerges that an array and its full size, not in the number of
"elements" but in "bytes", are known with no syntax-level connection between
the two values.
To access the array elements, the pointer arithmetic involved will have
to divide 'SizeInBytes' (a numeric value) with `sizeof(*Buffer)`.
Since the previous patch introduced this new warning, potential
false-positives were triggered from `bugprone-sizeof-expression`, as `sizeof`
appeared in pointer arithmetic where integers are scaled.
This patch adds a new check option, `WarnOnOffsetDividedBySizeOf`, which allows
users to opt out of warning about the division case.
In arbitrary projects, it might still be worthwhile to get these warnings until
an opt-out from the detection of scaling issues, especially if a project
might not be using low-level buffers intensively.
Add support for the following two patterns:
```
haystack.compare(haystack.length() - needle.length(), needle.length(), needle) == 0;
haystack.rfind(needle) == (haystack.size() - needle.size());
```
Expanding all macros in the printf/absl::StrFormat format string before
conversion could easily break code if those macros are expanded change
their definition between builds. It's important for this check to expand
the <inttypes.h> PRI macros though, so let's ensure that the presence of
any other macros in the format string causes the check to emit a warning
and not perform any conversion.
Updated the `HeaderFilterRegex` description to reference
`--header-filter` instead of the incorrect `--header-filter-regex` in
the clang-tidy documentation.
To detect unsafe usages of casting a pointer to another via copying
the bytes from one into the other, either via std::bit_cast or via
memcpy. This is currently not caught by any other means.
Fixes#106987
---------
Co-authored-by: Carlos Gálvez <carlos.galvez@zenseact.com>
Previously the configuration options for the Clang Static Analyzer
checkers were not recognized for the verification of the configuration
with `--verify-config`.
Add all available configuration options of CSA checkers as possible
configuration options in a clang-tidy config.
This patch introduces a new check to find mismatches between the number
of data members in a union and the number enum values present in
variant-like structures.
Variant-like types can look something like this:
```c++
struct variant {
enum {
tag1,
tag2,
} kind;
union {
int i;
char c;
} data;
};
```
The kind data member of the variant is supposed to tell which data
member of the union is valid, however if there are fewer enum values
than union members, then it is likely a mistake.
The opposite is not that obvious, because it might be fine to have more
enum values than union data members, but for the time being I am curious
how many real bugs can be caught if we give a warning regardless.
This patch also contains a heuristic where we try to guess whether the
last enum constant is actually supposed to be a tag value for the
variant or whether it is just holding how many enum constants have been
created.
Patch by Gábor Tóthvári!
Adds the check option `bugprone-unsafe-functions.CustomFunctions` to be
able to match user-defined functions as part of the checker.
Adds the option `bugprone-unsafe-functions.ReportDefaultFunctions` to
disable reporting the default set of functions as well.
The functions names are matched using the same mechanism as the
`matchesAnyListedName` tidy matcher, documented in
`unsafe-functions.rst`.
Make modernize-use-nullptr matcher also match "NULL", but not "0", when
it appears on a substituted type of a template specialization.
Previously, any matches on a substituted type were excluded, but this
meant that a situation like the following is not diagnosed:
```c++
template <typename T>
struct X {
T val;
X() { val = NULL; } // should diagnose
};
```
When the user says `NULL`, we expect that the destination type is always
meant to be a pointer type, so this should be converted to `nullptr`. By
contrast, we do not propose changing a literal `0` in that case, which
appears as initializers of both pointer and integer specializations in
reasonable real code. (If `NULL` is used erroneously in such a
situation, it should be changed to `0` or `{}`.)
`std::span` suffers from the same dangling issues as `std::string_view`.
This patch adds `std::span` to the default list of handle classes in
`bugprone-dangling-handle`, allowing clang-tidy to catch e.g. the
following:
```cpp
span<int> f() {
// All these return values will dangle.
array<int, 1> A;
return {A};
vector<int> Array;
return {Array};
}
```
This check will now work out of the box with other containers that have a
`contains` method, such as `folly::F14` or Abseil containers.
It will also work with strings, which are basically just weird containers.
`std::string` and `std::string_view` will have a `contains` method starting with
C++23. `llvm::StringRef` and `folly::StringPiece` are examples of existing
implementations with a `contains` method.
clang-rename has largely been superseded by clangd and this project
hasn't received much attention in many years. Further, our
documentation on it still claims it's in very early stages of
development despite being ~10 years old. One of the primary people
driving the tool has mentioned that they don't believe there is a
reason to continue to support it unless it's still being actively
used (https://reviews.llvm.org/D148439#4303202) and I've found no
evidence to suggest that is the case.
Original RFC:
https://discourse.llvm.org/t/rfc-time-to-deprecate-remove-clang-rename/70707
The incompleted C-Array in parameter does not own memory. Instead, It is
equivalent to pointer.
So we should not use `std::array` as recommended modern C++ replacement,
but use `std::vector` and `std::span` in C++20
Improved `bugprone-sizeof-expression` check to find suspicious pointer
arithmetic calculations where the pointer is offset by an `alignof()`,
`offsetof()`, or `sizeof()` expression.
Pointer arithmetic expressions implicitly scale the offset added to or
subtracted from the address by the size of the pointee type. Using an
offset expression that is already scaled by the size of the underlying
type effectively results in a squared offset, which is likely an invalid
pointer that points beyond the end of the intended array.
```c
void printEveryEvenIndexElement(int *Array, size_t N) {
int *P = Array;
while (P <= Array + N * sizeof(int)) { // Suspicious pointer arithmetics using sizeof()!
printf("%d ", *P);
P += 2 * sizeof(int); // Suspicious pointer arithmetics using sizeof()!
}
}
```
---------
Co-authored-by: Whisperity <whisperity@gmail.com>
With the `isDefinition` matcher, the analysis and diagnostics will be
constrained to definitions only. Previously forward declarations were
diagnosed as well.
Fixes#107590
Previously, whenever a replacement was generated by the analysis, a
diagnostic was generated. This became an issue when a call to
`std::min` or `std::max` consisted only of an initializer list with at
least one argument to the list requiring a type cast.
In this case, a single replacement that added a `static_cast` was
created,
that resulted in a diagnostic being issued but with no nested call
to `std::min` or `std::max`.
Instead, explicitly track if a nested call was detected and only emit a
diagnostic if this is the case.
Fixes#107594
Previously, when checking if a `TemplateSpecializationType` is either
`enable_if` or `enable_if_t`, the AST matcher would call
`getTemplateName`, `getASTemplateDecl` and `getTemplatedDecl` in
succession to check the `NamedDecl` returned from `getTemplatedDecl` is
an `std::enable_if[_t]`. In the linked issue, the pointer returned by
`getTemplatedDecl` is a `nullptr` that is unconditionally accessed,
resulting in a crash. Instead, the checking is done on the
`TemplateDecl`
returned by `getASTemplateDecl`.
Fixes#106333
Fixes: #108049
cert-flp30-c only provides non-compliant example with normal loop.
Essentially it wants to avoid that floating point variables are used as
loop counters which are checked in condition expr and modified in
increment expr.
This patch wants to give more precise matcheres to identify this cases.
Fixes: #82970
Detecting dependiences with `varDecl` is too strict. It will ignore the
`bingingDecl`.
This patch wants to use `valueDecl` to match more cases including
`bingingDecl`.
Describe how the issue that is diagnosed by this check can be resolved.
Namely, by adding an overload for the xvalue case (`&&` parameter).
Fixes#107600
