1 //===--- StringConstructorCheck.cpp - clang-tidy---------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8
9 #include "StringConstructorCheck.h"
10 #include "../utils/OptionsUtils.h"
11 #include "clang/AST/ASTContext.h"
12 #include "clang/ASTMatchers/ASTMatchFinder.h"
13 #include "clang/Tooling/FixIt.h"
14
15 using namespace clang::ast_matchers;
16
17 namespace clang {
18 namespace tidy {
19 namespace bugprone {
20
21 namespace {
AST_MATCHER_P(IntegerLiteral,isBiggerThan,unsigned,N)22 AST_MATCHER_P(IntegerLiteral, isBiggerThan, unsigned, N) {
23 return Node.getValue().getZExtValue() > N;
24 }
25
26 const char DefaultStringNames[] =
27 "::std::basic_string;::std::basic_string_view";
28
29 static std::vector<StringRef>
removeNamespaces(const std::vector<StringRef> & Names)30 removeNamespaces(const std::vector<StringRef> &Names) {
31 std::vector<StringRef> Result;
32 Result.reserve(Names.size());
33 for (StringRef Name : Names) {
34 std::string::size_type ColonPos = Name.rfind(':');
35 Result.push_back(
36 Name.substr(ColonPos == std::string::npos ? 0 : ColonPos + 1));
37 }
38 return Result;
39 }
40
41 } // namespace
42
StringConstructorCheck(StringRef Name,ClangTidyContext * Context)43 StringConstructorCheck::StringConstructorCheck(StringRef Name,
44 ClangTidyContext *Context)
45 : ClangTidyCheck(Name, Context),
46 IsStringviewNullptrCheckEnabled(
47 Context->isCheckEnabled("bugprone-stringview-nullptr")),
48 WarnOnLargeLength(Options.get("WarnOnLargeLength", true)),
49 LargeLengthThreshold(Options.get("LargeLengthThreshold", 0x800000)),
50 StringNames(utils::options::parseStringList(
51 Options.get("StringNames", DefaultStringNames))) {}
52
storeOptions(ClangTidyOptions::OptionMap & Opts)53 void StringConstructorCheck::storeOptions(ClangTidyOptions::OptionMap &Opts) {
54 Options.store(Opts, "WarnOnLargeLength", WarnOnLargeLength);
55 Options.store(Opts, "LargeLengthThreshold", LargeLengthThreshold);
56 Options.store(Opts, "StringNames", DefaultStringNames);
57 }
58
registerMatchers(MatchFinder * Finder)59 void StringConstructorCheck::registerMatchers(MatchFinder *Finder) {
60 const auto ZeroExpr = expr(ignoringParenImpCasts(integerLiteral(equals(0))));
61 const auto CharExpr = expr(ignoringParenImpCasts(characterLiteral()));
62 const auto NegativeExpr = expr(ignoringParenImpCasts(
63 unaryOperator(hasOperatorName("-"),
64 hasUnaryOperand(integerLiteral(unless(equals(0)))))));
65 const auto LargeLengthExpr = expr(ignoringParenImpCasts(
66 integerLiteral(isBiggerThan(LargeLengthThreshold))));
67 const auto CharPtrType = type(anyOf(pointerType(), arrayType()));
68
69 // Match a string-literal; even through a declaration with initializer.
70 const auto BoundStringLiteral = stringLiteral().bind("str");
71 const auto ConstStrLiteralDecl = varDecl(
72 isDefinition(), hasType(constantArrayType()), hasType(isConstQualified()),
73 hasInitializer(ignoringParenImpCasts(BoundStringLiteral)));
74 const auto ConstPtrStrLiteralDecl = varDecl(
75 isDefinition(),
76 hasType(pointerType(pointee(isAnyCharacter(), isConstQualified()))),
77 hasInitializer(ignoringParenImpCasts(BoundStringLiteral)));
78 const auto ConstStrLiteral = expr(ignoringParenImpCasts(anyOf(
79 BoundStringLiteral, declRefExpr(hasDeclaration(anyOf(
80 ConstPtrStrLiteralDecl, ConstStrLiteralDecl))))));
81
82 // Check the fill constructor. Fills the string with n consecutive copies of
83 // character c. [i.e string(size_t n, char c);].
84 Finder->addMatcher(
85 cxxConstructExpr(
86 hasDeclaration(cxxMethodDecl(hasName("basic_string"))),
87 hasArgument(0, hasType(qualType(isInteger()))),
88 hasArgument(1, hasType(qualType(isInteger()))),
89 anyOf(
90 // Detect the expression: string('x', 40);
91 hasArgument(0, CharExpr.bind("swapped-parameter")),
92 // Detect the expression: string(0, ...);
93 hasArgument(0, ZeroExpr.bind("empty-string")),
94 // Detect the expression: string(-4, ...);
95 hasArgument(0, NegativeExpr.bind("negative-length")),
96 // Detect the expression: string(0x1234567, ...);
97 hasArgument(0, LargeLengthExpr.bind("large-length"))))
98 .bind("constructor"),
99 this);
100
101 // Check the literal string constructor with char pointer and length
102 // parameters. [i.e. string (const char* s, size_t n);]
103 Finder->addMatcher(
104 cxxConstructExpr(
105 hasDeclaration(cxxConstructorDecl(ofClass(
106 cxxRecordDecl(hasAnyName(removeNamespaces(StringNames)))))),
107 hasArgument(0, hasType(CharPtrType)),
108 hasArgument(1, hasType(isInteger())),
109 anyOf(
110 // Detect the expression: string("...", 0);
111 hasArgument(1, ZeroExpr.bind("empty-string")),
112 // Detect the expression: string("...", -4);
113 hasArgument(1, NegativeExpr.bind("negative-length")),
114 // Detect the expression: string("lit", 0x1234567);
115 hasArgument(1, LargeLengthExpr.bind("large-length")),
116 // Detect the expression: string("lit", 5)
117 allOf(hasArgument(0, ConstStrLiteral.bind("literal-with-length")),
118 hasArgument(1, ignoringParenImpCasts(
119 integerLiteral().bind("int"))))))
120 .bind("constructor"),
121 this);
122
123 // Check the literal string constructor with char pointer.
124 // [i.e. string (const char* s);]
125 Finder->addMatcher(
126 traverse(
127 TK_AsIs,
128 cxxConstructExpr(
129 hasDeclaration(cxxConstructorDecl(ofClass(anyOf(
130 cxxRecordDecl(hasName("basic_string_view"))
131 .bind("basic_string_view_decl"),
132 cxxRecordDecl(hasAnyName(removeNamespaces(StringNames))))))),
133 hasArgument(0, expr().bind("from-ptr")),
134 // do not match std::string(ptr, int)
135 // match std::string(ptr, alloc)
136 // match std::string(ptr)
137 anyOf(hasArgument(1, unless(hasType(isInteger()))),
138 argumentCountIs(1)))
139 .bind("constructor")),
140 this);
141 }
142
check(const MatchFinder::MatchResult & Result)143 void StringConstructorCheck::check(const MatchFinder::MatchResult &Result) {
144 const ASTContext &Ctx = *Result.Context;
145 const auto *E = Result.Nodes.getNodeAs<CXXConstructExpr>("constructor");
146 assert(E && "missing constructor expression");
147 SourceLocation Loc = E->getBeginLoc();
148
149 if (Result.Nodes.getNodeAs<Expr>("swapped-parameter")) {
150 const Expr *P0 = E->getArg(0);
151 const Expr *P1 = E->getArg(1);
152 diag(Loc, "string constructor parameters are probably swapped;"
153 " expecting string(count, character)")
154 << tooling::fixit::createReplacement(*P0, *P1, Ctx)
155 << tooling::fixit::createReplacement(*P1, *P0, Ctx);
156 } else if (Result.Nodes.getNodeAs<Expr>("empty-string")) {
157 diag(Loc, "constructor creating an empty string");
158 } else if (Result.Nodes.getNodeAs<Expr>("negative-length")) {
159 diag(Loc, "negative value used as length parameter");
160 } else if (Result.Nodes.getNodeAs<Expr>("large-length")) {
161 if (WarnOnLargeLength)
162 diag(Loc, "suspicious large length parameter");
163 } else if (Result.Nodes.getNodeAs<Expr>("literal-with-length")) {
164 const auto *Str = Result.Nodes.getNodeAs<StringLiteral>("str");
165 const auto *Lit = Result.Nodes.getNodeAs<IntegerLiteral>("int");
166 if (Lit->getValue().ugt(Str->getLength())) {
167 diag(Loc, "length is bigger than string literal size");
168 }
169 } else if (const auto *Ptr = Result.Nodes.getNodeAs<Expr>("from-ptr")) {
170 Expr::EvalResult ConstPtr;
171 if (!Ptr->isInstantiationDependent() &&
172 Ptr->EvaluateAsRValue(ConstPtr, Ctx) &&
173 ((ConstPtr.Val.isInt() && ConstPtr.Val.getInt().isZero()) ||
174 (ConstPtr.Val.isLValue() && ConstPtr.Val.isNullPointer()))) {
175 if (IsStringviewNullptrCheckEnabled &&
176 Result.Nodes.getNodeAs<CXXRecordDecl>("basic_string_view_decl")) {
177 // Filter out `basic_string_view` to avoid conflicts with
178 // `bugprone-stringview-nullptr`
179 return;
180 }
181 diag(Loc, "constructing string from nullptr is undefined behaviour");
182 }
183 }
184 }
185
186 } // namespace bugprone
187 } // namespace tidy
188 } // namespace clang
189