| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This check searches for signed char -> integer conversions which might
indicate programming error, because of the misinterpretation of char
values. A signed char might store the non-ASCII characters as negative
values. The human programmer probably expects that after an integer
conversion the converted value matches with the character code
(a value from [0..255]), however, the actual value is in
[-128..127] interval.
See also:
STR34-C. Cast characters to unsigned char before converting to larger integer sizes
<https://wiki.sei.cmu.edu/confluence/display/c/STR34-C.+Cast+characters+to+unsigned+char+before+converting+to+larger+integer+sizes>
By now this check is limited to assignment / variable declarations.
If we would catch all signed char -> integer conversion, then it would
produce a lot of findings and also false positives. So I added only
this use case now, but this check can be extended with additional
use cases later.
The CERT documentation mentions another use case when the char is
used for array subscript. Next to that a third use case can be
the signed char - unsigned char comparison, which also a use case
where things happen unexpectedly because of conversion to integer.
Reviewers: alexfh, hokein, aaron.ballman
Reviewed By: aaron.ballman
Subscribers: sylvestre.ledru, whisperity, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits
Tags: #clang, #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D71174
|
| |
|
|
| |
cert-pos44-c
|
| |
|
|
|
|
| |
alias cert-pos44-c"
This reverts commit 4edf0cb0e03e31d468979d0d7dec08bd9f4f8204.
|
| |
|
|
| |
cert-pos44-c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
size() or equal length
Summary:
New checker called bugprone-not-null-terminated-result. This checker finds
function calls where it is possible to cause a not null-terminated result.
Usually the proper length of a string is `strlen(src) + 1` or equal length
of this expression, because the null terminator needs an extra space.
Without the null terminator it can result in undefined behaviour when the
string is read.
The following and their respective `wchar_t` based functions are checked:
`memcpy`, `memcpy_s`, `memchr`, `memmove`, `memmove_s`, `strerror_s`,
`strncmp`, `strxfrm`
The following is a real-world example where the programmer forgot to
increase the passed third argument, which is `size_t length`.
That is why the length of the allocated memory is not enough to hold the
null terminator.
```
static char *stringCpy(const std::string &str) {
char *result = reinterpret_cast<char *>(malloc(str.size()));
memcpy(result, str.data(), str.size());
return result;
}
```
In addition to issuing warnings, fix-it rewrites all the necessary code.
It also tries to adjust the capacity of the destination array:
```
static char *stringCpy(const std::string &str) {
char *result = reinterpret_cast<char *>(malloc(str.size() + 1));
strcpy(result, str.data());
return result;
}
```
Note: It cannot guarantee to rewrite every of the path-sensitive memory
allocations.
Reviewed By: JonasToth, aaron.ballman, whisperity, alexfh
Tags: #clang-tools-extra, #clang
Differential Revision: https://reviews.llvm.org/D45050
llvm-svn: 374707
|
| |
|
|
|
|
| |
from D64736
llvm-svn: 372706
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
detecting obvious infinite loops
Finding infinite loops is well-known to be impossible (halting problem).
However, it is possible to detect some obvious infinite loops, for example,
if the loop condition is not changed. Detecting such loops is beneficial
since the tests will hang on programs containing infinite loops so
testing-time detection may be costly in large systems. Obvious cases are
where the programmer forgets to increment/decrement the counter or
increments/decrements the wrong variable.
Differential Revision: https://reviews.llvm.org/D64736
-------
Broke some buildbots "No SOURCES given to target: obj.clangTidyBugproneModule"
llvm-svn: 372704
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
loops
Finding infinite loops is well-known to be impossible (halting problem).
However, it is possible to detect some obvious infinite loops, for example,
if the loop condition is not changed. Detecting such loops is beneficial
since the tests will hang on programs containing infinite loops so
testing-time detection may be costly in large systems. Obvious cases are
where the programmer forgets to increment/decrement the counter or
increments/decrements the wrong variable.
Differential Revision: https://reviews.llvm.org/D64736
llvm-svn: 372693
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Finds instances where variables with static storage are initialized dynamically in header files.
Reviewed By: aaron.ballman, alexfh
Patch by Charles Zhang!
Differential Revision: https://reviews.llvm.org/D62829
llvm-svn: 369568
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Checks if any calls to posix functions (except posix_openpt) expect negative return values.
These functions return either 0 on success or an errno on failure, which is positive only.
Reviewers: JonasToth, gribozavr, alexfh, hokein
Reviewed By: gribozavr
Subscribers: Eugene.Zelenko, lebedev.ri, llozano, george.burgess.iv, xazax.hun, srhines, mgorny, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D63623
Patch by Jian Cai.
llvm-svn: 365007
|
| |
|
|
| |
llvm-svn: 361138
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a check for detecting if/else if/else chains where two or more
branches are Type I clones of each other (that is, they contain identical code)
and for detecting switch statements where two or more consecutive branches are
Type I clones of each other.
Patch by Donát Nagy!
Differential Revision: https://reviews.llvm.org/D54757
llvm-svn: 360779
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This check searches for copy assignment operators which might not handle self-assignment properly. There are three patterns of
handling a self assignment situation: self check, copy-and-swap or the less common copy-and-move. The new check warns if none of
these patterns is found in a user defined implementation.
See also:
OOP54-CPP. Gracefully handle self-copy assignment
https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP54-CPP.+Gracefully+handle+self-copy+assignment
Reviewers: JonasToth, alexfh, hokein, aaron.ballman
Subscribers: riccibruno, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits
Tags: #clang, #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D60507
llvm-svn: 360540
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to reflect the new license.
We understand that people may be surprised that we're moving the header
entirely to discuss the new license. We checked this carefully with the
Foundation's lawyer and we believe this is the correct approach.
Essentially, all code in the project is now made available by the LLVM
project under our new license, so you will see that the license headers
include that license only. Some of our contributors have contributed
code under our old license, and accordingly, we have retained a copy of
our old license notice in the top-level files in each project and
repository.
llvm-svn: 351636
|
| |
|
|
|
|
|
| |
The patch broke on buildbot with assertion-failure. Revert until this
is figured out.
llvm-svn: 348344
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Implement a check for detecting if/else if/else chains where two or more
branches are Type I clones of each other (that is, they contain identical code)
and for detecting switch statements where two or more consecutive branches are
Type I clones of each other.
Patch by donat.nagy.
Reviewers: alexfh, hokein, aaron.ballman, JonasToth
Reviewed By: JonasToth
Subscribers: MTC, lebedev.ri, whisperity, xazax.hun, Eugene.Zelenko, mgorny, rnkovacs, dkrupp, Szelethus, gamesh411, cfe-commits
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D54757
llvm-svn: 348343
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new checker searches for those for loops which has a loop variable with a "too small" type which means this type can't represent all values which are part of the iteration range.
For example:
```
int main() {
long size = 300000;
for( short int i = 0; i < size; ++i) {}
}
```
The short type leads to infinite loop here because it can't store all values in the `[0..size]` interval. In a real use case, size means a container's size which depends on the user input. Which means for small amount of objects the algorithm works, but with a larger user input the software will freeze.
The idea of the checker comes from the LibreOffice project, where the same check was implemented as a clang compiler plugin, called `LoopVarTooSmall` (LLVM licensed).
The idea is the same behind this check, but the code is different because of the different framework.
Patch by ztamas.
Reviewers: alexfh, hokein, aaron.ballman, JonasToth, xazax.hun, whisperity
Reviewed By: JonasToth, whisperity
Differential Revision: https://reviews.llvm.org/D53974
llvm-svn: 346665
|
| |
|
|
|
|
|
|
| |
strlen(), size() or equal length"
This reverts commit r344374.
llvm-svn: 344442
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
size() or equal length
New checker called bugprone-not-null-terminated-result. This check finds function calls where it is possible to cause a not null-terminated result. Usually the proper length of a string is strlen(src) + 1 or equal length of this expression, because the null terminator needs an extra space. Without the null terminator it can result in undefined behaviour when the string is read.
The following function calls are checked:
memcpy, wmemcpy, memcpy_s, wmemcpy_s, memchr, wmemchr, memmove, wmemmove, memmove_s, wmemmove_s, memset, wmemset, strerror_s, strncmp, wcsncmp, strxfrm, wcsxfrm
The following is a real-world example where the programmer forgot to increase the passed third argument, which is size_t length. That is why the length of the allocated memory is problematic too.
static char *StringCpy(const std::string &str) {
char *result = reinterpret_cast<char *>(malloc(str.size()));
memcpy(result, str.data(), str.size());
return result;
}
After running the tool fix-it rewrites all the necessary code according to the given options. If it is necessary, the buffer size will be increased to hold the null terminator.
static char *StringCpy(const std::string &str) {
char *result = reinterpret_cast<char *>(malloc(str.size() + 1));
strcpy(result, str.data());
return result;
}
Patch by Charusso.
Differential ID: https://reviews.llvm.org/D45050
llvm-svn: 344374
|
| |
|
|
|
|
|
|
|
|
|
| |
Finds functions which may throw an exception directly or indirectly, but they
should not: Destructors, move constructors, move assignment operators, the
main() function, swap() functions, functions marked with throw() or noexcept
and functions given as option to the checker.
Differential Revision: https://reviews.llvm.org/D33537
llvm-svn: 336997
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Checks for narrowing conversions, e.g.
int i = 0;
i += 0.1;
This has what some might consider false positives for:
i += ceil(d);
Reviewers: alexfh, hokein
Subscribers: srhines, nemanjai, mgorny, JDevlieghere, xazax.hun, kbarton
Differential Revision: https://reviews.llvm.org/D38455
llvm-svn: 333066
|
| |
|
|
|
|
|
|
| |
Patch by: Daniel Kolozsvari!
Differential Revision: https://reviews.llvm.org/D33844
llvm-svn: 332223
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
overridden parent's.
class A {...int virtual foo() {...}...};
class B: public A {...int foo() override {...}...};
class C: public B {...int foo() override {... A::foo()...}};
^^^^^^^^ warning: qualified name A::foo refers to a member overridden in subclass; did you mean 'B'? [bugprone-parent-virtual-call]
Differential Revision: https://reviews.llvm.org/D44295
llvm-svn: 329448
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Detects function calls where the return value is unused.
Checked functions can be configured.
Reviewers: alexfh, aaron.ballman, ilya-biryukov, hokein
Reviewed By: alexfh, aaron.ballman
Subscribers: hintonda, JonasToth, Eugene.Zelenko, mgorny, xazax.hun, cfe-commits
Tags: #clang-tools-extra
Patch by Kalle Huttunen!
Differential Revision: https://reviews.llvm.org/D41655
llvm-svn: 327833
|
| |
|
|
|
|
| |
--check_class_name=UnusedRAIICheck
llvm-svn: 327610
|
| |
|
|
| |
llvm-svn: 327608
|
| |
|
|
| |
llvm-svn: 327607
|
| |
|
|
| |
llvm-svn: 327606
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
clang-tidy/rename_check.py {misc,bugprone}-suspicious-semicolon
clang-tidy/rename_check.py {misc,bugprone}-suspicious-string-compare
clang-tidy/rename_check.py {misc,bugprone}-swapped-arguments
clang-tidy/rename_check.py {misc,bugprone}-undelegated-constructor --check_class_name UndelegatedConstructor
Reviewers: hokein, sammccall, aaron.ballman
Subscribers: klimek, mgorny, xazax.hun, cfe-commits
Differential Revision: https://reviews.llvm.org/D43870
llvm-svn: 326386
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
clang-tidy/rename_check.py {misc,bugprone}-string-integer-assignment
clang-tidy/rename_check.py {misc,bugprone}-string-literal-with-embedded-nul
clang-tidy/rename_check.py {misc,bugprone}-suspicious-enum-usage
clang-tidy/rename_check.py {misc,bugprone}-suspicious-missing-comma
Reviewers: hokein, sammccall, aaron.ballman
Subscribers: klimek, cfe-commits, mgorny
Differential Revision: https://reviews.llvm.org/D43868
llvm-svn: 326384
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
rename_check.py {misc,bugprone}-forwarding-reference-overload
rename_check.py {misc,bugprone}-macro-repeated-side-effects
rename_check.py {misc,bugprone}-lambda-function-name
rename_check.py {misc,bugprone}-misplaced-widening-cast
Reviewers: hokein, sammccall, aaron.ballman
Reviewed By: aaron.ballman
Subscribers: klimek, cfe-commits, mgorny
Differential Revision: https://reviews.llvm.org/D43867
llvm-svn: 326327
|
| |
|
|
|
|
|
|
| |
Patch by: Kristof Umann
Differential Revision: https://reviews.llvm.org/D43120
llvm-svn: 325222
|
| |
|
|
|
|
|
|
| |
More specifically,
clang-tidy/rename_check.py misc-incorrect-roundings \
bugprone-incorrect-roundings --check_class_name IncorrectRoundings
llvm-svn: 323768
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
clang_tidy/rename_check.py misc-assert-side-effect bugprone-assert-side-effect
clang_tidy/rename_check.py misc-bool-pointer-implicit-conversion bugprone-bool-pointer-implicit-conversion
clang_tidy/rename_check.py misc-fold-init-type bugprone-fold-init-type
clang_tidy/rename_check.py misc-forward-declaration-namespace bugprone-forward-declaration-namespace
clang_tidy/rename_check.py misc-inaccurate-erase bugprone-inaccurate-erase
clang_tidy/rename_check.py misc-move-forwarding-reference bugprone-move-forwarding-reference
clang_tidy/rename_check.py misc-multiple-statement-macro bugprone-multiple-statement-macro
clang_tidy/rename_check.py misc-use-after-move bugprone-use-after-move
clang_tidy/rename_check.py misc-virtual-near-miss bugprone-virtual-near-miss
Manually fixed a reference to UseAfterMoveCheck in the hicpp module.
Manually fixed header guards.
Reviewers: hokein
Reviewed By: hokein
Subscribers: nemanjai, mgorny, javed.absar, xazax.hun, kbarton, cfe-commits
Differential Revision: https://reviews.llvm.org/D40426
llvm-svn: 318950
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: hokein
Reviewed By: hokein
Subscribers: mgorny, xazax.hun, cfe-commits
Differential Revision: https://reviews.llvm.org/D40389
llvm-svn: 318941
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: + manually convert the unit test to lit test.
Reviewers: hokein
Reviewed By: hokein
Subscribers: mgorny, xazax.hun, cfe-commits
Differential Revision: https://reviews.llvm.org/D40392
llvm-svn: 318926
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Rename misc-string-constructor to bugprone-string-constructor +
manually update the lenght of '==='s in the doc file.
Reviewers: hokein, xazax.hun
Reviewed By: hokein, xazax.hun
Subscribers: mgorny, xazax.hun, cfe-commits
Differential Revision: https://reviews.llvm.org/D40388
llvm-svn: 318916
|
| |
|
|
|
|
|
|
|
|
| |
A possible error is to write `malloc(strlen(s+1))` instead of
`malloc(strlen(s)+1)`. Unfortunately the former is also valid syntactically,
but allocates less memory by two bytes (if s` is at least one character long,
undefined behavior otherwise) which may result in overflow cases. This check
detects such cases and also suggests the fix for them.
llvm-svn: 318906
|
| |
|
|
| |
llvm-svn: 318523
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Finds copy constructors where the constructor don't call
the copy constructor of the base class.
```
class X : public Copyable {
X(const X &other) {} // Copyable(other) is missing
};
```
Differential Revision: https://reviews.llvm.org/D33722
llvm-svn: 318522
|
| |
|
|
|
|
|
|
| |
Patch by: Reka Nikolett Kovacs
Differential Revision: https://reviews.llvm.org/D35932
llvm-svn: 310589
|
| |
|
|
|
|
|
|
| |
Patch by: Reka Nikolett Kovacs
Differential Revision: https://reviews.llvm.org/D35051
llvm-svn: 308021
|
|
|
Created new module bugprone and placed the check in that.
Finds memset() calls with potential mistakes in their arguments.
Replaces and extends the existing google-runtime-memset-zero-length check.
Cases covered:
* Fill value is a character '0'. Integer 0 might have been intended.
* Fill value is out of char range and gets truncated.
* Byte count is zero. Potentially swapped with the fill value argument.
Patch by: Reka Nikolett Kovacs
Differential Revision: https://reviews.llvm.org/D32700
llvm-svn: 308020
|
