[-Wunsafe-buffer-usage] Fixits for assignments to array subscript expressions

ziqingluo-90 · ziqingluo-90 · commit cd2652963b6b · 2023-02-23T15:02:46.000-08:00
Let generate fix-its to make assignments' left-hand side of the form `dre[e]` safe if `e` is known to be non-negative. Commit on behalf of jkorous (Jan Korous) Reviewed by: NoQ (Artem Dergachev) Differential revision: https://reviews.llvm.org/D142794
diff --git a/clang/lib/Analysis/UnsafeBufferUsage.cpp b/clang/lib/Analysis/UnsafeBufferUsage.cpp
@@ -129,11 +129,19 @@ AST_MATCHER_P(CastExpr, castSubExpr, internal::Matcher<Expr>, innerMatcher) {
 
 // Returns a matcher that matches any expression 'e' such that `innerMatcher`
 // matches 'e' and 'e' is in an Unspecified Lvalue Context.
-static internal::Matcher<Stmt>
-isInUnspecifiedLvalueContext(internal::Matcher<Expr> innerMatcher) {
-  return implicitCastExpr(hasCastKind(CastKind::CK_LValueToRValue),
-                          castSubExpr(innerMatcher));
-  // FIXME: add assignmentTo context...
+static auto isInUnspecifiedLvalueContext(internal::Matcher<Expr> innerMatcher) {
+// clang-format off
+  return
+    expr(anyOf(
+      implicitCastExpr(
+        hasCastKind(CastKind::CK_LValueToRValue),
+        castSubExpr(innerMatcher)),
+      binaryOperator(
+        hasAnyOperatorName("="),
+        hasLHS(innerMatcher)
+      )
+    ));
+// clang-format off
 }
 } // namespace clang::ast_matchers
 
diff --git a/clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-assign-to-array-subscr-on-ptr.cpp b/clang/test/SemaCXX/warn-unsafe-buffer-usage-fixits-assign-to-array-subscr-on-ptr.cpp
@@ -0,0 +1,16 @@
+// RUN: %clang_cc1 -std=c++20 -Wunsafe-buffer-usage -fdiagnostics-parseable-fixits %s 2>&1 | FileCheck %s
+
+// TODO cases where we don't want fixits
+
+// The Fix-It for unsafe operation is trivially empty.
+// In order to test that our machinery recognizes that we can test if the variable declaration gets a Fix-It.
+// If the operation wasn't handled propertly the declaration won't get Fix-It.
+// By testing presence of the declaration Fix-It we indirectly test presence of the trivial Fix-It for its operations.
+void test() {
+  int *p = new int[10];
+  // CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:3-[[@LINE-1]]:11}:"std::span<int> p"
+  // CHECK: fix-it:"{{.*}}":{[[@LINE-2]]:12-[[@LINE-2]]:12}:"{"
+  // CHECK: fix-it:"{{.*}}":{[[@LINE-3]]:23-[[@LINE-3]]:23}:", 10}"
+  p[5] = 1;
+  // CHECK-NOT: fix-it:
+}
