[-Wunsafe-buffer-usage] Group diagnostics by variable

Differential Revision: https://reviews.llvm.org/D141356

Author: jkorous-apple

clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h

@@ -31,7 +31,8 @@ class UnsafeBufferUsageHandler {
   using FixItList = llvm::SmallVectorImpl<FixItHint>;
 
   /// Invoked when an unsafe operation over raw pointers is found.
-  virtual void handleUnsafeOperation(const Stmt *Operation) = 0;
+  virtual void handleUnsafeOperation(const Stmt *Operation,
+                                     bool IsRelatedToDecl) = 0;
 
   /// Invoked when a fix is suggested against a variable.
   virtual void handleFixableVariable(const VarDecl *Variable,

clang/include/clang/Basic/DiagnosticSemaKinds.td

@@ -11778,12 +11778,16 @@ def err_loongarch_builtin_requires_la64 : Error<
   "this builtin requires target: loongarch64">;
 
 // Unsafe buffer usage diagnostics.
-def warn_unsafe_buffer_expression : Warning<
-  "unchecked operation on raw buffer in expression">,
-  InGroup<UnsafeBufferUsage>, DefaultIgnore;
 def warn_unsafe_buffer_variable : Warning<
-  "variable %0 participates in unchecked buffer operations">,
+  "%0 is an %select{unsafe pointer used for buffer access|unsafe buffer that "
+  "does not perform bounds checks}1">,
+  InGroup<UnsafeBufferUsage>, DefaultIgnore;
+def warn_unsafe_buffer_operation : Warning<
+  "%select{unsafe pointer operation|unsafe pointer arithmetic|"
+  "unsafe buffer access}0">,
   InGroup<UnsafeBufferUsage>, DefaultIgnore;
+def note_unsafe_buffer_operation : Note<
+  "used%select{| in pointer arithmetic| in buffer access}0 here">;
 def err_loongarch_builtin_requires_la32 : Error<
   "this builtin requires target: loongarch32">;
 } // end of sema component.

clang/lib/Analysis/UnsafeBufferUsage.cpp

@@ -680,17 +680,16 @@ void clang::checkUnsafeBufferUsage(const Decl *D,
   // FIXME Detect overlapping FixIts.
 
   for (const auto &G : UnsafeOps.noVar) {
-    Handler.handleUnsafeOperation(G->getBaseStmt());
+    Handler.handleUnsafeOperation(G->getBaseStmt(), /*IsRelatedToDecl=*/false);
   }
 
   for (const auto &[VD, WarningGadgets] : UnsafeOps.byVar) {
     auto FixItsIt = FixItsForVariable.find(VD);
-    if (FixItsIt != FixItsForVariable.end()) {
-      Handler.handleFixableVariable(VD, std::move(FixItsIt->second));
-    } else {
-      for (const auto &G : WarningGadgets) {
-        Handler.handleUnsafeOperation(G->getBaseStmt());
-      }
+    Handler.handleFixableVariable(VD, FixItsIt != FixItsForVariable.end()
+                                          ? std::move(FixItsIt->second)
+                                          : FixItList{});
+    for (const auto &G : WarningGadgets) {
+      Handler.handleUnsafeOperation(G->getBaseStmt(), /*IsRelatedToDecl=*/true);
     }
   }
 }

clang/lib/Sema/AnalysisBasedWarnings.cpp

@@ -2153,12 +2153,15 @@ class UnsafeBufferUsageReporter : public UnsafeBufferUsageHandler {
 public:
   UnsafeBufferUsageReporter(Sema &S) : S(S) {}
 
-  void handleUnsafeOperation(const Stmt *Operation) override {
+  void handleUnsafeOperation(const Stmt *Operation,
+                             bool IsRelatedToDecl) override {
     SourceLocation Loc;
     SourceRange Range;
+    unsigned MsgParam = 0;
     if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) {
       Loc = ASE->getBase()->getExprLoc();
       Range = ASE->getBase()->getSourceRange();
+      MsgParam = 2;
     } else if (const auto *BO = dyn_cast<BinaryOperator>(Operation)) {
       BinaryOperator::Opcode Op = BO->getOpcode();
       if (Op == BO_Add || Op == BO_AddAssign || Op == BO_Sub ||
@@ -2170,27 +2173,35 @@ class UnsafeBufferUsageReporter : public UnsafeBufferUsageHandler {
           Loc = BO->getRHS()->getExprLoc();
           Range = BO->getRHS()->getSourceRange();
         }
+        MsgParam = 1;
       }
     } else if (const auto *UO = dyn_cast<UnaryOperator>(Operation)) {
       UnaryOperator::Opcode Op = UO->getOpcode();
       if (Op == UO_PreInc || Op == UO_PreDec || Op == UO_PostInc ||
           Op == UO_PostDec) {
         Loc = UO->getSubExpr()->getExprLoc();
         Range = UO->getSubExpr()->getSourceRange();
+        MsgParam = 1;
       }
     } else {
       Loc = Operation->getBeginLoc();
       Range = Operation->getSourceRange();
     }
-    S.Diag(Loc, diag::warn_unsafe_buffer_expression) << Range;
+    if (IsRelatedToDecl)
+      S.Diag(Loc, diag::note_unsafe_buffer_operation) << MsgParam << Range;
+    else
+      S.Diag(Loc, diag::warn_unsafe_buffer_operation) << MsgParam << Range;
   }
 
+  // FIXME: rename to handleUnsafeVariable
   void handleFixableVariable(const VarDecl *Variable,
                              FixItList &&Fixes) override {
     const auto &D =
-        S.Diag(Variable->getBeginLoc(), diag::warn_unsafe_buffer_variable);
-    D << Variable << Variable->getSourceRange();
-    for (const auto &F: Fixes)
+        S.Diag(Variable->getLocation(), diag::warn_unsafe_buffer_variable);
+    D << Variable;
+    D << (Variable->getType()->isPointerType() ? 0 : 1);
+    D << Variable->getSourceRange();
+    for (const auto &F : Fixes)
       D << F;
   }
 };
@@ -2489,7 +2500,7 @@ void clang::sema::AnalysisBasedWarnings::IssueWarnings(
         checkThrowInNonThrowingFunc(S, FD, AC);
 
   // Emit unsafe buffer usage warnings and fixits.
-  if (!Diags.isIgnored(diag::warn_unsafe_buffer_expression, D->getBeginLoc()) ||
+  if (!Diags.isIgnored(diag::warn_unsafe_buffer_operation, D->getBeginLoc()) ||
       !Diags.isIgnored(diag::warn_unsafe_buffer_variable, D->getBeginLoc())) {
     UnsafeBufferUsageReporter R(S);
     checkUnsafeBufferUsage(D, R);

clang/test/SemaCXX/unsafe-buffer-usage-diag-type.cpp

@@ -0,0 +1,108 @@
+// RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage -verify %s
+
+namespace localVar {
+void testRefersPtrLocalVarDecl(int i) {
+  int * ptr;    // expected-warning{{'ptr' is an unsafe pointer used for buffer access}}
+  ptr + i;      // expected-note{{used in pointer arithmetic here}}
+  ptr[i];       // expected-note{{used in buffer access here}}
+}
+
+void testRefersArrayLocalVarDecl(int i) {
+  int array[i];   // expected-warning{{'array' is an unsafe buffer that does not perform bounds}}
+  array[i/2];     // expected-note{{used in buffer access here}}
+}
+}
+
+namespace globalVar {
+int * ptr;      // expected-warning{{'ptr' is an unsafe pointer used for buffer access}}
+void testRefersPtrGlobalVarDecl(int i) {
+  ptr + i;      // expected-note{{used in pointer arithmetic here}}
+  ptr[i];       // expected-note{{used in buffer access here}}
+}
+
+int array[10];     // expected-warning{{'array' is an unsafe buffer that does not perform bounds}}
+void testRefersArrayGlobalVarDecl(int i) {
+  array[i/2];     // expected-note{{used in buffer access here}}
+}
+}
+
+namespace functionParm {
+void testRefersPtrParmVarDecl(int * ptr) {
+                // expected-warning@-1{{'ptr' is an unsafe pointer used for buffer access}}
+  ptr + 5;      // expected-note{{used in pointer arithmetic here}}
+  ptr[5];       // expected-note{{used in buffer access here}}
+}
+
+// FIXME: shall we explain the array to pointer decay to make the warning more understandable?
+void testRefersArrayParmVarDecl(int array[10]) {
+                // expected-warning@-1{{'array' is an unsafe pointer used for buffer access}}
+  array[2];     // expected-note{{used in buffer access here}}
+}
+}
+
+namespace structField {
+struct Struct1 {
+  int * ptr;      // FIXME: per-declaration warning aggregated at the struct definition?
+};
+
+void testRefersPtrStructFieldDecl(int i) {
+  Struct1 s1;
+  s1.ptr + i;     // expected-warning{{unsafe pointer arithmetic}}
+  s1.ptr[i];      // expected-warning{{unsafe buffer access}}
+}
+
+struct Struct2 {
+  int array[10];  // FIXME: per-declaration warning aggregated at the struct definition?
+};
+
+void testRefersArrayStructFieldDecl(int i) {
+  Struct2 s2;
+  s2.array[i/2];  // expected-warning{{unsafe buffer access}}
+}
+}
+
+namespace structFieldFromMethod {
+struct Struct1 {
+  int * ptr;      // FIXME: per-declaration warning aggregated at the struct definition
+
+  void testRefersPtrStructFieldDecl(int i) {
+    ptr + i;     // expected-warning{{unsafe pointer arithmetic}}
+    ptr[i];      // expected-warning{{unsafe buffer access}}
+  }
+};
+
+struct Struct2 {
+  int array[10];  // FIXME: per-declaration warning aggregated at the struct definition
+
+  void testRefersArrayStructFieldDecl(int i) {
+    Struct2 s2;
+    s2.array[i/2];  // expected-warning{{unsafe buffer access}}
+  }
+};
+}
+
+namespace staticStructField {
+struct Struct1 {
+  static int * ptr;      // expected-warning{{'ptr' is an unsafe pointer used for buffer access}}
+};
+
+void testRefersPtrStructFieldDecl(int i) {
+  Struct1::ptr + i;      // expected-note{{used in pointer arithmetic here}}
+  Struct1::ptr[i];       // expected-note{{used in buffer access here}}
+}
+
+struct Struct2 {
+  static int array[10];     // expected-warning{{'array' is an unsafe buffer that does not perform bounds}}
+};
+
+void testRefersArrayStructFieldDecl(int i) {
+  Struct2::array[i/2];     // expected-note{{used in buffer access here}}
+}
+}
+
+int * return_ptr();
+
+void testNoDeclRef(int i) {
+  return_ptr() + i;   // expected-warning{{unsafe pointer arithmetic}}
+  return_ptr()[i];    // expected-warning{{unsafe buffer access}}
+}

clang/test/SemaCXX/warn-unsafe-buffer-usage-source-ranges.cpp

@@ -3,47 +3,46 @@
 void foo(int i) {
   int * ptr;
 
-
   ptr++;
-  // CHECK-DAG: {7:3-7:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   ptr--;
-  // CHECK-DAG: {9:3-9:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   ++ptr;
-  // CHECK-DAG: {11:5-11:8}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:5-[[@LINE-1]]:8}
   --ptr;
-  // CHECK-DAG: {13:5-13:8}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:5-[[@LINE-1]]:8}
 
 
   ptr + 1;
-  // CHECK-DAG: {17:3-17:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   2 + ptr;
-  // CHECK-DAG: {19:7-19:10}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:7-[[@LINE-1]]:10}
   ptr + i;
-  // CHECK-DAG: {21:3-21:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   i + ptr;
-  // CHECK-DAG: {23:7-23:10}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:7-[[@LINE-1]]:10}
 
 
   ptr - 3;
-  // CHECK-DAG: {27:3-27:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   ptr - i;
-  // CHECK-DAG: {29:3-29:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
 
 
   ptr += 4;
-  // CHECK-DAG: {33:3-33:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   ptr += i;
-  // CHECK-DAG: {35:3-35:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
 
 
   ptr -= 5;
-  // CHECK-DAG: {39:3-39:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   ptr -= i;
-  // CHECK-DAG: {41:3-41:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
 
 
   ptr[5];
-  // CHECK-DAG: {45:3-45:6}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:3-[[@LINE-1]]:6}
   5[ptr];
-  // CHECK-DAG: {47:5-47:8}{{.*}}[-Wunsafe-buffer-usage]
+  // CHECK-DAG: {[[@LINE-1]]:5-[[@LINE-1]]:8}
 }