[clang-tidy] Add new check cppcoreguidelines-pro-bounds-array-to-pointer-decay

Summary:
This check flags all array to pointer decays.

Pointers should not be used as arrays. array_view is a bounds-checked,
safe alternative to using pointers to access arrays.

This rule is part of the "Bounds safety" profile of the C++ Core
Guidelines, see
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#-bounds3-no-array-to-pointer-decay

Reviewers: alexfh, sbenza, bkramer, aaron.ballman

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D13640

llvm-svn: 251358

1 files changed, 60 insertions, 0 deletions

diff --git a/clang-tools-extra/clang-tidy/cppcoreguidelines/ProBoundsArrayToPointerDecayCheck.cpp b/clang-tools-extra/clang-tidy/cppcoreguidelines/ProBoundsArrayToPointerDecayCheck.cpp
new file mode 100644
index 00000000000..514289de787
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/cppcoreguidelines/ProBoundsArrayToPointerDecayCheck.cpp
@@ -0,0 +1,60 @@
+//===--- ProBoundsArrayToPointerDecayCheck.cpp - clang-tidy----------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#include "ProBoundsArrayToPointerDecayCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang {
+namespace tidy {
+
+AST_MATCHER_P(CXXForRangeStmt, hasRangeBeginEndStmt,
+              ast_matchers::internal::Matcher<DeclStmt>, InnerMatcher) {
+  const DeclStmt *const Stmt = Node.getBeginEndStmt();
+  return (Stmt != nullptr && InnerMatcher.matches(*Stmt, Finder, Builder));
+}
+
+AST_MATCHER(Stmt, isInsideOfRangeBeginEndStmt) {
+  return stmt(hasAncestor(cxxForRangeStmt(
+                  hasRangeBeginEndStmt(hasDescendant(equalsNode(&Node))))))
+      .matches(Node, Finder, Builder);
+}
+
+void ProBoundsArrayToPointerDecayCheck::registerMatchers(MatchFinder *Finder) {
+  if (!getLangOpts().CPlusPlus)
+    return;
+
+  // The only allowed array to pointer decay
+  // 1) just before array subscription
+  // 2) inside a range-for over an array
+  // 3) if it converts a string literal to a pointer
+  Finder->addMatcher(
+      implicitCastExpr(unless(hasParent(arraySubscriptExpr())),
+                       unless(hasParent(explicitCastExpr())),
+                       unless(isInsideOfRangeBeginEndStmt()),
+                       unless(hasSourceExpression(stringLiteral())))
+          .bind("cast"),
+      this);
+}
+
+void ProBoundsArrayToPointerDecayCheck::check(
+    const MatchFinder::MatchResult &Result) {
+  const auto *MatchedCast = Result.Nodes.getNodeAs<ImplicitCastExpr>("cast");
+  if (MatchedCast->getCastKind() != CK_ArrayToPointerDecay)
+    return;
+
+  diag(MatchedCast->getExprLoc(), "do not implicitly decay an array into a "
+                                  "pointer; consider using gsl::array_view or "
+                                  "an explicit cast instead");
+}
+
+} // namespace tidy
+} // namespace clang