caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
890c4bece26e005cd9fa5511fe0efa7307794de5
clang-p2996/clang/test/SemaCXX/warn-unsafe-buffer-usage-function-attr.cpp
Dana Jansens a518ed2d81 Respect the [[clang::unsafe_buffer_usage]] attribute for field and constructor initializers (#91991) 
CXXCtorInitializers are not statements , but they point to an
initializer expression which is. When visiting a FunctionDecl, also
walk through any constructor initializers and run the warning
checks/matchers against their initializer expressions. This catches
warnings for initializing fields and calling other constructors, such
as:
    
struct C {
  C(P* Ptr) : AnUnsafeCtor(Ptr) {}
}

Field initializers can be found by traversing CXXDefaultInitExprs. This
catches warnings in places such as:
    
struct C {
  P* Ptr;
  AnUnsafeCtor U{Ptr};
};

We add tests for explicit construction, for field initialization, base
class constructor calls, delegated constructor calls, and aggregate
initialization.

Note that aggregate initialization is not fully covered where a field
specifies an initializer and it's not overridden in the aggregate initialization,
such as in:

struct AggregateViaValueInit {
    UnsafeMembers f1;
    // FIXME: A construction of this class does initialize the field
    // through this initializer, so it should warn. Ideally it should
    // also point to where the site of the construction is in
    // testAggregateViaValueInit().
    UnsafeMembers f2{3};
};

void testAggregateViaValueInit() {
    auto A = AggregateViaValueInit();
};

There are 3 tests for different types of aggregate initialization with
FIXMEs documenting this future work.

One attempt to fix this involved returning true from
MatchDescendantVisitor::shouldVisitImplicitCode(), however, it breaks expectations
for field in-class initializers by moving the SourceLocation, possibly
to inside the implicit ctor instead of on the line where the field
initialization happens.

struct C {
  P* Ptr;
  AnUnsafeCtor U{Ptr};  // expected-warning{{this is never seen then}}
};

Tests are also added for std::span(ptr, size) constructor being called
from a field initializer and a constructor initializer.

Issue #80482
2024-10-30 14:30:53 -04:00

248 lines
7.4 KiB
C++
Raw Blame History

// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage \
// RUN: -fsafe-buffer-usage-suggestions -verify %s
[[clang::unsafe_buffer_usage]]
void deprecatedFunction3();
void deprecatedFunction4(int z);
void someFunction();
[[clang::unsafe_buffer_usage]]
void overloading(int* x);
void overloading(char c[]);
void overloading(int* x, int size);
[[clang::unsafe_buffer_usage]]
void deprecatedFunction4(int z);
void caller(int z, int* x, int size, char c[]) {
deprecatedFunction3(); // expected-warning{{function introduces unsafe buffer manipulation}}
deprecatedFunction4(z); // expected-warning{{function introduces unsafe buffer manipulation}}
someFunction();
overloading(x); // expected-warning{{function introduces unsafe buffer manipulation}}
overloading(x, size);
overloading(c);
}
[[clang::unsafe_buffer_usage]]
void overloading(char c[]);
// Test variadics
[[clang::unsafe_buffer_usage]]
void testVariadics(int *ptr, ...);
template<typename T, typename... Args>
[[clang::unsafe_buffer_usage]]
T adder(T first, Args... args);
template <typename T>
void foo(T t) {}
template<>
[[clang::unsafe_buffer_usage]]
void foo<int *>(int *t) {}
void caller1(int *p, int *q) {
testVariadics(p, q); // expected-warning{{function introduces unsafe buffer manipulation}}
adder(p, q); // expected-warning{{function introduces unsafe buffer manipulation}}
int x;
foo(x);
foo(&x); // expected-warning{{function introduces unsafe buffer manipulation}}
}
// Test virtual functions
class BaseClass {
public:
[[clang::unsafe_buffer_usage]]
virtual void func() {}
virtual void func1() {}
};
class DerivedClass : public BaseClass {
public:
void func() {}
[[clang::unsafe_buffer_usage]]
void func1() {}
};
void testInheritance() {
DerivedClass DC;
DC.func();
DC.func1(); // expected-warning{{function introduces unsafe buffer manipulation}}
BaseClass *BC;
BC->func(); // expected-warning{{function introduces unsafe buffer manipulation}}
BC->func1();
BC = &DC;
BC->func(); // expected-warning{{function introduces unsafe buffer manipulation}}
BC->func1();
}
class UnsafeMembers {
public:
UnsafeMembers() {}
[[clang::unsafe_buffer_usage]]
UnsafeMembers(int) {}
[[clang::unsafe_buffer_usage]]
explicit operator int() { return 0; }
[[clang::unsafe_buffer_usage]]
void Method() {}
[[clang::unsafe_buffer_usage]]
void operator()() {}
[[clang::unsafe_buffer_usage]]
int operator+(UnsafeMembers) { return 0; }
};
template <class... Vs>
int testFoldExpression(Vs&&... v) {
return (... + v); // expected-warning{{function introduces unsafe buffer manipulation}}
}
struct HoldsUnsafeMembers {
HoldsUnsafeMembers()
: FromCtor(3), // expected-warning{{function introduces unsafe buffer manipulation}}
FromCtor2{3} // expected-warning{{function introduces unsafe buffer manipulation}}
{}
[[clang::unsafe_buffer_usage]]
HoldsUnsafeMembers(int i)
: FromCtor(i), // expected-warning{{function introduces unsafe buffer manipulation}}
FromCtor2{i} // expected-warning{{function introduces unsafe buffer manipulation}}
{}
HoldsUnsafeMembers(float f)
: HoldsUnsafeMembers(0) {} // expected-warning{{function introduces unsafe buffer manipulation}}
UnsafeMembers FromCtor;
UnsafeMembers FromCtor2;
UnsafeMembers FromField{3}; // expected-warning 2{{function introduces unsafe buffer manipulation}}
};
struct SubclassUnsafeMembers : public UnsafeMembers {
SubclassUnsafeMembers()
: UnsafeMembers(3) // expected-warning{{function introduces unsafe buffer manipulation}}
{}
[[clang::unsafe_buffer_usage]]
SubclassUnsafeMembers(int i)
: UnsafeMembers(i) // expected-warning{{function introduces unsafe buffer manipulation}}
{}
};
// https://github.com/llvm/llvm-project/issues/80482
void testClassMembers() {
UnsafeMembers(3); // expected-warning{{function introduces unsafe buffer manipulation}}
(void)static_cast<int>(UnsafeMembers()); // expected-warning{{function introduces unsafe buffer manipulation}}
UnsafeMembers().Method(); // expected-warning{{function introduces unsafe buffer manipulation}}
UnsafeMembers()(); // expected-warning{{function introduces unsafe buffer manipulation}}
testFoldExpression(UnsafeMembers(), UnsafeMembers());
HoldsUnsafeMembers();
HoldsUnsafeMembers(3); // expected-warning{{function introduces unsafe buffer manipulation}}
SubclassUnsafeMembers();
SubclassUnsafeMembers(3); // expected-warning{{function introduces unsafe buffer manipulation}}
}
// Not an aggregate, so its constructor is not implicit code and will be
// visited/checked for warnings.
struct NotCalledHoldsUnsafeMembers {
NotCalledHoldsUnsafeMembers()
: FromCtor(3), // expected-warning{{function introduces unsafe buffer manipulation}}
FromCtor2{3} // expected-warning{{function introduces unsafe buffer manipulation}}
{}
UnsafeMembers FromCtor;
UnsafeMembers FromCtor2;
UnsafeMembers FromField{3}; // expected-warning{{function introduces unsafe buffer manipulation}}
};
// An aggregate, so its constructor is implicit code. Since it's not called, it
// is never generated.
struct AggregateUnused {
UnsafeMembers f1;
// While this field would trigger the warning during initialization, since
// it's unused, there's no code generated that does the initialization, so
// no warning.
UnsafeMembers f2{3};
};
struct AggregateExplicitlyInitializedSafe {
UnsafeMembers f1;
// The warning is not fired as the field is always explicltly initialized
// elsewhere. This initializer is never used.
UnsafeMembers f2{3};
};
void testAggregateExplicitlyInitializedSafe() {
AggregateExplicitlyInitializedSafe A{
.f2 = UnsafeMembers(), // A safe constructor.
};
}
struct AggregateExplicitlyInitializedUnsafe {
UnsafeMembers f1;
// The warning is not fired as the field is always explicltly initialized
// elsewhere. This initializer is never used.
UnsafeMembers f2{3};
};
void testAggregateExplicitlyInitializedUnsafe() {
AggregateExplicitlyInitializedUnsafe A{
.f2 = UnsafeMembers(3), // expected-warning{{function introduces unsafe buffer manipulation}}
};
}
struct AggregateViaAggregateInit {
UnsafeMembers f1;
// FIXME: A construction of this class does initialize the field through
// this initializer, so it should warn. Ideally it should also point to
// where the site of the construction is in testAggregateViaAggregateInit().
UnsafeMembers f2{3};
};
void testAggregateViaAggregateInit() {
AggregateViaAggregateInit A{};
};
struct AggregateViaValueInit {
UnsafeMembers f1;
// FIXME: A construction of this class does initialize the field through
// this initializer, so it should warn. Ideally it should also point to
// where the site of the construction is in testAggregateViaValueInit().
UnsafeMembers f2{3};
};
void testAggregateViaValueInit() {
auto A = AggregateViaValueInit();
};
struct AggregateViaDefaultInit {
UnsafeMembers f1;
// FIXME: A construction of this class does initialize the field through
// this initializer, so it should warn. Ideally it should also point to
// where the site of the construction is in testAggregateViaValueInit().
UnsafeMembers f2{3};
};
void testAggregateViaDefaultInit() {
AggregateViaDefaultInit A;
};
Reference in New Issue View Git Blame Copy Permalink