[clang-tidy] Improve check cert-dcl58-cpp.

Detect template specializations that should be handled specially.
In some cases it is allowed to extend the `std` namespace with
template specializations.

Reviewed By: aaron.ballman

Differential Revision: https://reviews.llvm.org/D129353

Author: balazske

clang-tools-extra/clang-tidy/cert/DontModifyStdNamespaceCheck.cpp

@@ -9,37 +9,126 @@
 #include "DontModifyStdNamespaceCheck.h"
 #include "clang/AST/ASTContext.h"
 #include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchersInternal.h"
 
+using namespace clang;
 using namespace clang::ast_matchers;
 
+namespace {
+
+AST_POLYMORPHIC_MATCHER_P(
+    hasAnyTemplateArgumentIncludingPack,
+    AST_POLYMORPHIC_SUPPORTED_TYPES(ClassTemplateSpecializationDecl,
+                                    TemplateSpecializationType, FunctionDecl),
+    clang::ast_matchers::internal::Matcher<TemplateArgument>, InnerMatcher) {
+  ArrayRef<TemplateArgument> Args =
+      clang::ast_matchers::internal::getTemplateSpecializationArgs(Node);
+  for (const auto &Arg : Args) {
+    if (Arg.getKind() != TemplateArgument::Pack)
+      continue;
+    ArrayRef<TemplateArgument> PackArgs = Arg.getPackAsArray();
+    if (matchesFirstInRange(InnerMatcher, PackArgs.begin(), PackArgs.end(),
+                            Finder, Builder) != PackArgs.end())
+      return true;
+  }
+  return matchesFirstInRange(InnerMatcher, Args.begin(), Args.end(), Finder,
+                             Builder) != Args.end();
+}
+
+} // namespace
+
 namespace clang {
 namespace tidy {
 namespace cert {
 
 void DontModifyStdNamespaceCheck::registerMatchers(MatchFinder *Finder) {
-  Finder->addMatcher(
-      namespaceDecl(unless(isExpansionInSystemHeader()),
-                    hasAnyName("std", "posix"),
-                    has(decl(unless(anyOf(
-                        functionDecl(isExplicitTemplateSpecialization()),
-                        cxxRecordDecl(isExplicitTemplateSpecialization()))))))
-          .bind("nmspc"),
-      this);
-}
+  auto HasStdParent =
+      hasDeclContext(namespaceDecl(hasAnyName("std", "posix"),
+                                   unless(hasParent(namespaceDecl())))
+                         .bind("nmspc"));
+  auto UserDefinedType = qualType(
+      hasUnqualifiedDesugaredType(tagType(unless(hasDeclaration(tagDecl(
+          hasAncestor(namespaceDecl(hasAnyName("std", "posix"),
+                                    unless(hasParent(namespaceDecl()))))))))));
+  auto HasNoProgramDefinedTemplateArgument = unless(
+      hasAnyTemplateArgumentIncludingPack(refersToType(UserDefinedType)));
+  auto InsideStdClassOrClassTemplateSpecialization = hasDeclContext(
+      anyOf(cxxRecordDecl(HasStdParent),
+            classTemplateSpecializationDecl(
+                HasStdParent, HasNoProgramDefinedTemplateArgument)));
 
-void DontModifyStdNamespaceCheck::check(
-    const MatchFinder::MatchResult &Result) {
-  const auto *N = Result.Nodes.getNodeAs<NamespaceDecl>("nmspc");
+  // Try to follow exactly CERT rule DCL58-CPP (this text is taken from C++
+  // standard into the CERT rule):
+  // "
+  // 1 The behavior of a C++ program is undefined if it adds declarations or
+  // definitions to namespace std or to a namespace within namespace std unless
+  // otherwise specified. A program may add a template specialization for any
+  // standard library template to namespace std only if the declaration depends
+  // on a user-defined type and the specialization meets the standard library
+  // requirements for the original template and is not explicitly prohibited. 2
+  // The behavior of a C++ program is undefined if it declares — an explicit
+  // specialization of any member function of a standard library class template,
+  // or — an explicit specialization of any member function template of a
+  // standard library class or class template, or — an explicit or partial
+  // specialization of any member class template of a standard library class or
+  // class template.
+  // "
+  // The "standard library requirements" and explicit prohibition are not
+  // checked.
 
-  // Only consider top level namespaces.
-  if (N->getParent() != Result.Context->getTranslationUnitDecl())
-    return;
+  auto BadNonTemplateSpecializationDecl =
+      decl(unless(anyOf(functionDecl(isExplicitTemplateSpecialization()),
+                        varDecl(isExplicitTemplateSpecialization()),
+                        cxxRecordDecl(isExplicitTemplateSpecialization()))),
+           HasStdParent);
+  auto BadClassTemplateSpec = classTemplateSpecializationDecl(
+      HasNoProgramDefinedTemplateArgument, HasStdParent);
+  auto BadInnerClassTemplateSpec = classTemplateSpecializationDecl(
+      InsideStdClassOrClassTemplateSpecialization);
+  auto BadFunctionTemplateSpec =
+      functionDecl(unless(cxxMethodDecl()), isExplicitTemplateSpecialization(),
+                   HasNoProgramDefinedTemplateArgument, HasStdParent);
+  auto BadMemberFunctionSpec =
+      cxxMethodDecl(isExplicitTemplateSpecialization(),
+                    InsideStdClassOrClassTemplateSpecialization);
 
-  diag(N->getLocation(),
-       "modification of %0 namespace can result in undefined behavior")
-      << N;
+  Finder->addMatcher(decl(anyOf(BadNonTemplateSpecializationDecl,
+                                BadClassTemplateSpec, BadInnerClassTemplateSpec,
+                                BadFunctionTemplateSpec, BadMemberFunctionSpec),
+                          unless(isExpansionInSystemHeader()))
+                         .bind("decl"),
+                     this);
 }
-
 } // namespace cert
 } // namespace tidy
 } // namespace clang
+
+static const NamespaceDecl *getTopLevelLexicalNamespaceDecl(const Decl *D) {
+  const NamespaceDecl *LastNS = nullptr;
+  while (D) {
+    if (const auto *NS = dyn_cast<NamespaceDecl>(D))
+      LastNS = NS;
+    D = dyn_cast_or_null<Decl>(D->getLexicalDeclContext());
+  }
+  return LastNS;
+}
+
+void clang::tidy::cert::DontModifyStdNamespaceCheck::check(
+    const MatchFinder::MatchResult &Result) {
+  const auto *D = Result.Nodes.getNodeAs<Decl>("decl");
+  const auto *NS = Result.Nodes.getNodeAs<NamespaceDecl>("nmspc");
+  if (!D || !NS)
+    return;
+
+  diag(D->getLocation(),
+       "modification of %0 namespace can result in undefined behavior")
+      << NS;
+  // 'NS' is not always the namespace declaration that lexically contains 'D',
+  // try to find such a namespace.
+  if (const NamespaceDecl *LexNS = getTopLevelLexicalNamespaceDecl(D)) {
+    assert(NS->getCanonicalDecl() == LexNS->getCanonicalDecl() &&
+           "Mismatch in found namespace");
+    diag(LexNS->getLocation(), "%0 namespace opened here", DiagnosticIDs::Note)
+        << LexNS;
+  }
+}

clang-tools-extra/docs/ReleaseNotes.rst

@@ -183,6 +183,11 @@ Changes in existing checks
 
   - Don't emit an erroneous warning on self-moves.
 
+- Improved :doc:`cert-dcl58-cpp
+  <clang-tidy/checks/cert/dcl58-cpp>` check.
+
+  The check now detects explicit template specializations that are handled specially.
+
 - Made :doc:`cert-oop57-cpp <clang-tidy/checks/cert/oop57-cpp>` more sensitive
   by checking for an arbitrary expression in the second argument of ``memset``.
 

clang-tools-extra/docs/clang-tidy/checks/cert/dcl58-cpp.rst

@@ -6,15 +6,54 @@ cert-dcl58-cpp
 Modification of the ``std`` or ``posix`` namespace can result in undefined
 behavior.
 This check warns for such modifications.
+The ``std`` (or ``posix``) namespace is allowed to be extended with (class or
+function) template specializations that depend on an user-defined type (a type
+that is not defined in the standard system headers).
+
+The check detects the following (user provided) declarations in namespace ``std`` or ``posix``:
+
+- Anything that is not a template specialization.
+- Explicit specializations of any standard library function template or class template, if it does not have any user-defined type as template argument.
+- Explicit specializations of any member function of a standard library class template.
+- Explicit specializations of any member function template of a standard library class or class template.
+- Explicit or partial specialization of any member class template of a standard library class or class template.
 
 Examples:
 
 .. code-block:: c++
 
   namespace std {
-    int x; // May cause undefined behavior.
+    int x; // warning: modification of 'std' namespace can result in undefined behavior [cert-dcl58-cpp]
   }
 
+  namespace posix::a { // warning: modification of 'posix' namespace can result in undefined behavior
+  }
+
+  template <>
+  struct ::std::hash<long> { // warning: modification of 'std' namespace can result in undefined behavior
+    unsigned long operator()(const long &K) const {
+      return K;
+    }
+  };
+
+  struct MyData { long data; };
+
+  template <>
+  struct ::std::hash<MyData> { // no warning: specialization with user-defined type
+    unsigned long operator()(const MyData &K) const {
+      return K.data;
+    }
+  };
+
+  namespace std {
+    template <>
+    void swap<bool>(bool &a, bool &b); // warning: modification of 'std' namespace can result in undefined behavior
+
+    template <>
+    bool less<void>::operator()<MyData &&, MyData &&>(MyData &&, MyData &&) const { // warning: modification of 'std' namespace can result in undefined behavior
+      return true;
+    }
+  }
 
 This check corresponds to the CERT C++ Coding Standard rule
 `DCL58-CPP. Do not modify the standard namespaces

clang-tools-extra/test/clang-tidy/checkers/Inputs/Headers/system-header-simulation.h

@@ -18,7 +18,60 @@ using false_type = bool_constant<false>;
 template<class T>
 struct is_error_code_enum : false_type {};
 
-template<class T>
+template <class T>
 void swap(T &a, T &b);
+
+enum class io_errc {
+  stream = 1,
+};
+
+template <class... Types>
+class tuple;
+
+template <typename T = void>
+class less;
+
+template <>
+class less<void> {
+public:
+  template <typename T, typename U>
+  bool operator()(T &&Lhs, U &&Rhs) const {
+    return static_cast<T &&>(Lhs) < static_cast<U &&>(Rhs);
+  }
+  template <typename A, typename B = int>
+  struct X {};
+};
+
+template <class Key>
+struct hash;
+
+template <class T>
+class numeric_limits;
+
+struct Outer {
+  struct Inner {};
+};
+
+namespace detail {
+struct X {};
+} // namespace detail
+
+} // namespace std
+
+// Template specializations that are in a system-header file.
+// The purpose is to test cert-dcl58-cpp (no warnings here).
+namespace std {
+template <>
+void swap<short>(short &, short &){};
+
+template <>
+struct is_error_code_enum<short> : true_type {};
+
+template <>
+bool less<void>::operator()<short &&, short &&>(short &&, short &&) const {
+  return false;
 }
 
+template <>
+struct less<void>::X<short> {};
+} // namespace std