shylie/llvm-project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
llvm-project/clang-tools-extra/clang-tidy/bugprone/PointerArithmeticOnPolymorphicObjectCheck.cpp
Discookie f329e3ed90
[clang-tidy] Add bugprone-pointer-arithmetic-on-polymorphic-object check (#91951) 
Finds pointer arithmetic on classes that declare a virtual function.

This check corresponds to the SEI Cert rule [CTR56-CPP: Do not use
pointer arithmetic on polymorphic
objects](https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR56-CPP.+Do+not+use+pointer+arithmetic+on+polymorphic+objects).

```cpp
struct Base {
  virtual void ~Base();
};

struct Derived : public Base {};

void foo(Base *b) {
  b += 1; // passing `Derived` to `foo()` results in UB
}
```

[Results on open-source
projects](https://codechecker-demo.eastus.cloudapp.azure.com/Default/runs?run=Discookie-ctr56-with-classnames).
Most of the Qtbase reports are from having a `virtual override`
declaration, and the LLVM reports are true positives, as far as I can
tell.
2024-07-04 13:44:31 +00:00

82 lines
3.2 KiB
C++
Raw Blame History

//===--- PointerArithmeticOnPolymorphicObjectCheck.cpp - clang-tidy--------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "PointerArithmeticOnPolymorphicObjectCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
using namespace clang::ast_matchers;
namespace clang::tidy::bugprone {
namespace {
AST_MATCHER(CXXRecordDecl, isAbstract) { return Node.isAbstract(); }
AST_MATCHER(CXXRecordDecl, isPolymorphic) { return Node.isPolymorphic(); }
} // namespace
PointerArithmeticOnPolymorphicObjectCheck::
PointerArithmeticOnPolymorphicObjectCheck(StringRef Name,
ClangTidyContext *Context)
: ClangTidyCheck(Name, Context),
IgnoreInheritedVirtualFunctions(
Options.get("IgnoreInheritedVirtualFunctions", false)) {}
void PointerArithmeticOnPolymorphicObjectCheck::storeOptions(
ClangTidyOptions::OptionMap &Opts) {
Options.store(Opts, "IgnoreInheritedVirtualFunctions",
IgnoreInheritedVirtualFunctions);
}
void PointerArithmeticOnPolymorphicObjectCheck::registerMatchers(
MatchFinder *Finder) {
const auto PolymorphicPointerExpr =
expr(hasType(hasCanonicalType(pointerType(pointee(hasCanonicalType(
hasDeclaration(cxxRecordDecl(unless(isFinal()), isPolymorphic())
.bind("pointee"))))))))
.bind("pointer");
const auto PointerExprWithVirtualMethod =
expr(hasType(hasCanonicalType(
pointerType(pointee(hasCanonicalType(hasDeclaration(
cxxRecordDecl(
unless(isFinal()),
anyOf(hasMethod(isVirtualAsWritten()), isAbstract()))
.bind("pointee"))))))))
.bind("pointer");
const auto SelectedPointerExpr = IgnoreInheritedVirtualFunctions
? PointerExprWithVirtualMethod
: PolymorphicPointerExpr;
const auto ArraySubscript = arraySubscriptExpr(hasBase(SelectedPointerExpr));
const auto BinaryOperators =
binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
hasEitherOperand(SelectedPointerExpr));
const auto UnaryOperators = unaryOperator(
hasAnyOperatorName("++", "--"), hasUnaryOperand(SelectedPointerExpr));
Finder->addMatcher(ArraySubscript, this);
Finder->addMatcher(BinaryOperators, this);
Finder->addMatcher(UnaryOperators, this);
}
void PointerArithmeticOnPolymorphicObjectCheck::check(
const MatchFinder::MatchResult &Result) {
const auto *PointerExpr = Result.Nodes.getNodeAs<Expr>("pointer");
const auto *PointeeDecl = Result.Nodes.getNodeAs<CXXRecordDecl>("pointee");
diag(PointerExpr->getBeginLoc(),
"pointer arithmetic on polymorphic object of type %0 can result in "
"undefined behavior if the dynamic type differs from the pointer type")
<< PointeeDecl << PointerExpr->getSourceRange();
}
} // namespace clang::tidy::bugprone
Reference in New Issue View Git Blame Copy Permalink