[clang] Introduce -fstrict-flex-arrays=<n> for stricter handling of flexible arrays

Some code [0] consider that trailing arrays are flexible, whatever their size.
Support for these legacy code has b

[clang] Introduce -fstrict-flex-arrays=<n> for stricter handling of flexible arrays

Some code [0] consider that trailing arrays are flexible, whatever their size.
Support for these legacy code has been introduced in
f8f632498307d22e10fab0704548b270b15f1e1e but it prevents evaluation of
__builtin_object_size and __builtin_dynamic_object_size in some legit cases.

Introduce -fstrict-flex-arrays=<n> to have stricter conformance when it is
desirable.

n = 0: current behavior, any trailing array member is a flexible array. The default.
n = 1: any trailing array member of undefined, 0 or 1 size is a flexible array member
n = 2: any trailing array member of undefined or 0 size is a flexible array member

This takes into account two specificities of clang: array bounds as macro id
disqualify FAM, as well as non standard layout.

Similar patch for gcc discuss here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836

[0] https://docs.freebsd.org/en/books/developers-handbook/sockets/#sockets-essential-functions

show more ...

Revert "[Sema] Fix -Warray-bounds false negative when casting an out-of-bounds array item"

This reverts commit e48f444751cf781c42934b242b81f549da77bad0.

thakis noticed false reports, so reverting t

Revert "[Sema] Fix -Warray-bounds false negative when casting an out-of-bounds array item"

This reverts commit e48f444751cf781c42934b242b81f549da77bad0.

thakis noticed false reports, so reverting this change for now until
those can be sorted out.

See https://reviews.llvm.org/D71714

show more ...

[Sema] Fix -Warray-bounds false negative when casting an out-of-bounds array item

Patch by Ilya Mirsky!

Fixes: http://llvm.org/PR44343

Reviewed By: rsmith

Differential Revision: https://reviews.l

[Sema] Fix -Warray-bounds false negative when casting an out-of-bounds array item

Patch by Ilya Mirsky!

Fixes: http://llvm.org/PR44343

Reviewed By: rsmith

Differential Revision: https://reviews.llvm.org/D71714

show more ...

[clang] Pass the NamedDecl* instead of the DeclarationName into many diagnostics.

Background:
-----------
There are two related argument types which can be sent into a diagnostic to
display the name

[clang] Pass the NamedDecl* instead of the DeclarationName into many diagnostics.

Background:
-----------
There are two related argument types which can be sent into a diagnostic to
display the name of an entity: DeclarationName (ak_declarationname) or
NamedDecl* (ak_nameddecl) (there is also ak_identifierinfo for
IdentifierInfo*, but we are not concerned with it here).

A DeclarationName in a diagnostic will just be streamed to the output,
which will directly result in a call to DeclarationName::print.

A NamedDecl* in a diagnostic will also ultimately result in a call to
DeclarationName::print, but with two customisation points along the way:

The first customisation point is NamedDecl::getNameForDiagnostic which is
overloaded by FunctionDecl, ClassTemplateSpecializationDecl and
VarTemplateSpecializationDecl to print the template arguments, if any.

The second customisation point is NamedDecl::printName. By default it just
streams the stored DeclarationName into the output but it can be customised
to provide a user-friendly name for an entity. It is currently overloaded by
DecompositionDecl and MSGuidDecl.

What this patch does:
---------------------
For many diagnostics a DeclarationName is used instead of the NamedDecl*.
This bypasses the two customisation points mentioned above. This patches fix
this for diagnostics in Sema.cpp, SemaCast.cpp, SemaChecking.cpp, SemaDecl.cpp,
SemaDeclAttr.cpp, SemaDecl.cpp, SemaOverload.cpp and SemaStmt.cpp.

I have only modified diagnostics where I could construct a test-case which
demonstrates that the change is appropriate (either with this patch or the next
one).

Reviewed By: erichkeane, aaron.ballman

Differential Revision: https://reviews.llvm.org/D84656

show more ...

[Sema] Don't check for array bounds when the types in the base expression are dependent

Bail-out of CheckArrayAccess when the types of the base expression before
and after eventual casts are depende

[Sema] Don't check for array bounds when the types in the base expression are dependent

Bail-out of CheckArrayAccess when the types of the base expression before
and after eventual casts are dependent. We will get another chance to check
for array bounds during instantiation. Fixes PR41087.

Differential Revision: https://reviews.llvm.org/D59776

Reviewed By: efriedma

llvm-svn: 356957

show more ...

[Sema] Diagnose array access preceding the array bounds even when the base type is incomplete.

When the type of the base expression after IgnoreParenCasts is incomplete,
it is still possible to diag

[Sema] Diagnose array access preceding the array bounds even when the base type is incomplete.

When the type of the base expression after IgnoreParenCasts is incomplete,
it is still possible to diagnose an array access which precedes the array
bounds.

This is a follow-up on D55862 which added an early return when the type of
the base expression after IgnoreParenCasts was incomplete.

Differential Revision: https://reviews.llvm.org/D56050

Reviewed By: efriedma

llvm-svn: 350622

show more ...

[Sema] Don't try to account for the size of an incomplete type in CheckArrayAccess

When checking that the array access is not out-of-bounds in CheckArrayAccess
it is possible that the type of the ba

[Sema] Don't try to account for the size of an incomplete type in CheckArrayAccess

When checking that the array access is not out-of-bounds in CheckArrayAccess
it is possible that the type of the base expression after IgnoreParenCasts is
incomplete, even though the type of the base expression before IgnoreParenCasts
is complete. In this case we have no information about whether the array access
is out-of-bounds and we should just bail-out instead. This fixes PR39746 which
was caused by trying to obtain the size of an incomplete type.

Differential Revision: https://reviews.llvm.org/D55862

Reviewed By: efriedma

llvm-svn: 349811

show more ...

Improve -Warray-bounds to handle multiple array extents rather than only handling the top-most array extent.

Patch by Bevin Hansson.

llvm-svn: 330759

[Sema] Detect more array index out of bounds when C++ overloaded operators are used

Differential Revision: https://reviews.llvm.org/D30192

llvm-svn: 296477

Have Sema::ActOnStartOfFunctionDef return the declaration that was passed it.

This fixes the missing warning here:

struct S {
template <typename T>
void meth() {
char arr[3];

Have Sema::ActOnStartOfFunctionDef return the declaration that was passed it.

This fixes the missing warning here:

struct S {
template <typename T>
void meth() {
char arr[3];
arr[4] = 0; // warning: array index 4 is past the end of the array
}
};

template <typename T>
void func() {
char arr[3];
arr[4] = 0; // no warning
}

llvm-svn: 170180

show more ...

Fix a couple bugs in the way we handle array indexes in array bounds checking. Specifically, make sure we don't ignore explicit casts in indexes, and make sure we use unsigned extension/comparisons

Fix a couple bugs in the way we handle array indexes in array bounds checking. Specifically, make sure we don't ignore explicit casts in indexes, and make sure we use unsigned extension/comparisons on indexes. Fixes <rdar://problem/10916006>.

llvm-svn: 151569

show more ...

Revert various template unreachability code I committed accidentally.

r148774, r148775, r148776, r148777

llvm-svn: 148780

Simple hack to do unreachable code analysis on template patterns.

llvm-svn: 148774

Suppress -Warray-bounds for classes (not just structs) where the last field is
a 1-length character array.

llvm-svn: 145445

Merge branch 'yo-dawg-i-herd-u-like-arrays'

llvm-svn: 145421

Wordsmith the -Warray-bounds diagnostic text a bit

llvm-svn: 145116

Fix regression of -Warray-bounds involving varargs functions [PR 11007].

llvm-svn: 140584

Let -Warray-bounds handle casted array types without false positives.

Fixes PR10771.

llvm-svn: 139990

Perform array bounds checking in more situations and properly handle special
case situations with the unary operators & and *. Also extend the array bounds
checking to work with pointer arithmetic; t

Perform array bounds checking in more situations and properly handle special
case situations with the unary operators & and *. Also extend the array bounds
checking to work with pointer arithmetic; the pointer arithemtic checking can
be turned on using -Warray-bounds-pointer-arithmetic.

The changes to where CheckArrayAccess gets called is based on some trial &
error and a bunch of digging through source code and gdb backtraces in order
to have the check performed under as many situations as possible (such as for
variable initializers, arguments to function calls, and within conditional in
addition to the simpler cases of the operands to binary and unary operator)
while not being called--and triggering warnings--more than once for a given
ArraySubscriptExpr.

llvm-svn: 136997

show more ...

Flesh out the -Warray-bounds detection of C89 tail-padded one-element
arrays. This now suppresses the warning only in the case of
a one-element array as the last field in a struct where the array siz

Flesh out the -Warray-bounds detection of C89 tail-padded one-element
arrays. This now suppresses the warning only in the case of
a one-element array as the last field in a struct where the array size
is a literal '1' rather than any macro expansion or template parameter.

This doesn't distinguish between the language standard in use to allow
code which dates from C89 era to compile without the warning even in C99
and C++ builds. We could add a separate warning (under a different flag)
with fixit hints to switch to a flexible array, but its not clear that
this would be desirable. Much of the code using this idiom is striving
for maximum portability.

Tests were also fleshed out a bit, and the diagnostic itself tweaked to
be more pretty w.r.t. single elment arrays. This is more ugly than
I would like due to APInt's not being supported by the diagnostic
rendering engine.

A pseudo-patch for this was proposed by Nicola Gigante, but I reworked
it both for several correctness issues and for code style.

Sorry this was so long in coming.

llvm-svn: 136965

show more ...

disable array bounds overflow warning for cases where an array
has a single element. This disables the warning in cases where
there is a clear bug, but this is really rare (who uses arrays
with one

disable array bounds overflow warning for cases where an array
has a single element. This disables the warning in cases where
there is a clear bug, but this is really rare (who uses arrays
with one element?) and it also silences a large class of false
positive issues with C89 code that is using tail padding in structs.

A better version of this patch would detect when an array is in
a tail position in a struct, but at least patch fixes the huge
false positives that are hitting postgres and other code.

llvm-svn: 136724

show more ...

Revert r136046 while fixing handling of e.g. &foo[index_one_past_size]

llvm-svn: 136113

Expand array bounds checking to work in the presence of unary & and *,
and to work with pointer arithmetic in addition to array indexing.

The new pointer arithmetic porition of the array bounds chec

Expand array bounds checking to work in the presence of unary & and *,
and to work with pointer arithmetic in addition to array indexing.

The new pointer arithmetic porition of the array bounds checking can be
turned on by -Warray-bounds-pointer-arithmetic (and is off by default).

llvm-svn: 136046

show more ...

Teach CFGBuilder that the 'default' branch of a switch statement is dead if all enum values in a switch conditioned are handled.

llvm-svn: 127727

Correctly handle nested switch statements in CFGBuilder when on switch statement has a condition that evaluates to a constant.

llvm-svn: 126977