clang-tools 23.0.0git
StringConstructorCheck.cpp
Go to the documentation of this file.
1//===----------------------------------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "StringConstructorCheck.h"
10#include "../utils/OptionsUtils.h"
11#include "clang/AST/ASTContext.h"
12#include "clang/ASTMatchers/ASTMatchFinder.h"
13#include "clang/Tooling/FixIt.h"
14
15using namespace clang::ast_matchers;
16
17namespace clang::tidy::bugprone {
18
19namespace {
20AST_MATCHER_P(IntegerLiteral, isBiggerThan, unsigned, N) {
21 return Node.getValue().getZExtValue() > N;
22}
23} // namespace
24
25static const char DefaultStringNames[] =
26 "::std::basic_string;::std::basic_string_view";
27
28static std::vector<StringRef>
29removeNamespaces(const std::vector<StringRef> &Names) {
30 std::vector<StringRef> Result;
31 Result.reserve(Names.size());
32 for (const StringRef Name : Names) {
33 const std::string::size_type ColonPos = Name.rfind(':');
34 Result.push_back(
35 Name.substr(ColonPos == std::string::npos ? 0 : ColonPos + 1));
36 }
37 return Result;
38}
39
40StringConstructorCheck::StringConstructorCheck(StringRef Name,
41 ClangTidyContext *Context)
42 : ClangTidyCheck(Name, Context),
43 IsStringviewNullptrCheckEnabled(
44 Context->isCheckEnabled("bugprone-stringview-nullptr")),
45 WarnOnLargeLength(Options.get("WarnOnLargeLength", true)),
46 LargeLengthThreshold(Options.get("LargeLengthThreshold", 0x800000)),
47 StringNames(utils::options::parseStringList(
48 Options.get("StringNames", DefaultStringNames))) {}
49
50void StringConstructorCheck::storeOptions(ClangTidyOptions::OptionMap &Opts) {
51 Options.store(Opts, "WarnOnLargeLength", WarnOnLargeLength);
52 Options.store(Opts, "LargeLengthThreshold", LargeLengthThreshold);
53 Options.store(Opts, "StringNames", DefaultStringNames);
54}
55
56void StringConstructorCheck::registerMatchers(MatchFinder *Finder) {
57 const auto ZeroExpr = expr(ignoringParenImpCasts(integerLiteral(equals(0))));
58 const auto CharExpr = expr(ignoringParenImpCasts(characterLiteral()));
59 const auto NegativeExpr = expr(ignoringParenImpCasts(
60 unaryOperator(hasOperatorName("-"),
61 hasUnaryOperand(integerLiteral(unless(equals(0)))))));
62 const auto LargeLengthExpr = expr(ignoringParenImpCasts(
63 integerLiteral(isBiggerThan(LargeLengthThreshold))));
64 const auto CharPtrType = type(anyOf(pointerType(), arrayType()));
65
66 // Match a string-literal; even through a declaration with initializer.
67 const auto BoundStringLiteral = stringLiteral().bind("str");
68 const auto ConstStrLiteralDecl = varDecl(
69 isDefinition(), hasType(constantArrayType()), hasType(isConstQualified()),
70 hasInitializer(ignoringParenImpCasts(BoundStringLiteral)));
71 const auto ConstPtrStrLiteralDecl = varDecl(
72 isDefinition(),
73 hasType(pointerType(pointee(isAnyCharacter(), isConstQualified()))),
74 hasInitializer(ignoringParenImpCasts(BoundStringLiteral)));
75 const auto ConstStrLiteral = expr(ignoringParenImpCasts(anyOf(
76 BoundStringLiteral, declRefExpr(hasDeclaration(anyOf(
77 ConstPtrStrLiteralDecl, ConstStrLiteralDecl))))));
78
79 // Check the fill constructor. Fills the string with n consecutive copies of
80 // character c. [i.e string(size_t n, char c);].
81 Finder->addMatcher(
82 cxxConstructExpr(
83 hasDeclaration(cxxMethodDecl(hasName("basic_string"))),
84 anyOf(argumentCountIs(2), argumentCountIs(3)),
85 hasArgument(0, hasType(qualType(isInteger()))),
86 hasArgument(1, hasType(qualType(isInteger()))),
87 anyOf(
88 // Detect the expression: string('x', 40);
89 hasArgument(0, CharExpr.bind("swapped-parameter")),
90 // Detect the expression: string(0, ...);
91 hasArgument(0, ZeroExpr.bind("empty-string")),
92 // Detect the expression: string(-4, ...);
93 hasArgument(0, NegativeExpr.bind("negative-length")),
94 // Detect the expression: string(0x1234567, ...);
95 hasArgument(0, LargeLengthExpr.bind("large-length"))))
96 .bind("constructor"),
97 this);
98
99 // Check the literal string constructor with char pointer and length
100 // parameters. [i.e. string (const char* s, size_t n);]
101 Finder->addMatcher(
102 cxxConstructExpr(
103 hasDeclaration(cxxConstructorDecl(ofClass(
104 cxxRecordDecl(hasAnyName(removeNamespaces(StringNames)))))),
105 anyOf(argumentCountIs(2),
106 allOf(argumentCountIs(3),
107 hasArgument(2, unless(hasType(qualType(isInteger())))))),
108 hasArgument(0, hasType(CharPtrType)),
109 hasArgument(1, hasType(isInteger())),
110 anyOf(
111 // Detect the expression: string("...", 0);
112 hasArgument(1, ZeroExpr.bind("empty-string")),
113 // Detect the expression: string("...", -4);
114 hasArgument(1, NegativeExpr.bind("negative-length")),
115 // Detect the expression: string("lit", 0x1234567);
116 hasArgument(1, LargeLengthExpr.bind("large-length")),
117 // Detect the expression: string("lit", 5)
118 allOf(hasArgument(0, ConstStrLiteral.bind("literal-with-length")),
119 hasArgument(1, ignoringParenImpCasts(
120 integerLiteral().bind("length"))))))
121 .bind("constructor"),
122 this);
123
124 // Check the literal string constructor with char pointer, start position and
125 // length parameters. [i.e. string (const char* s, size_t pos, size_t count);]
126 Finder->addMatcher(
127 cxxConstructExpr(
128 hasDeclaration(cxxConstructorDecl(ofClass(
129 cxxRecordDecl(hasAnyName(removeNamespaces(StringNames)))))),
130 anyOf(argumentCountIs(3), argumentCountIs(4)),
131 hasArgument(0, hasType(CharPtrType)),
132 hasArgument(1, hasType(qualType(isInteger()))),
133 hasArgument(2, hasType(qualType(isInteger()))),
134 anyOf(
135 // Detect the expression: string("...", 1, 0);
136 hasArgument(2, ZeroExpr.bind("empty-string")),
137 // Detect the expression: string("...", -4, 1);
138 hasArgument(1, NegativeExpr.bind("negative-pos")),
139 // Detect the expression: string("...", 0, -4);
140 hasArgument(2, NegativeExpr.bind("negative-length")),
141 // Detect the expression: string("lit", 0, 0x1234567);
142 hasArgument(2, LargeLengthExpr.bind("large-length")),
143 // Detect the expression: string("lit", 1, 5)
144 allOf(hasArgument(0, ConstStrLiteral.bind("literal-with-length")),
145 hasArgument(
146 1, ignoringParenImpCasts(integerLiteral().bind("pos"))),
147 hasArgument(2, ignoringParenImpCasts(
148 integerLiteral().bind("length"))))))
149 .bind("constructor"),
150 this);
151
152 // Check the literal string constructor with char pointer.
153 // [i.e. string (const char* s);]
154 Finder->addMatcher(
155 traverse(
156 TK_AsIs,
157 cxxConstructExpr(
158 hasDeclaration(cxxConstructorDecl(ofClass(anyOf(
159 cxxRecordDecl(hasName("basic_string_view"))
160 .bind("basic_string_view_decl"),
161 cxxRecordDecl(hasAnyName(removeNamespaces(StringNames))))))),
162 hasArgument(0, expr().bind("from-ptr")),
163 // do not match std::string(ptr, int)
164 // match std::string(ptr, alloc)
165 // match std::string(ptr)
166 anyOf(hasArgument(1, unless(hasType(isInteger()))),
167 argumentCountIs(1)))
168 .bind("constructor")),
169 this);
170}
171
172void StringConstructorCheck::check(const MatchFinder::MatchResult &Result) {
173 const ASTContext &Ctx = *Result.Context;
174 const auto *E = Result.Nodes.getNodeAs<CXXConstructExpr>("constructor");
175 assert(E && "missing constructor expression");
176 const SourceLocation Loc = E->getBeginLoc();
177
178 if (Result.Nodes.getNodeAs<Expr>("swapped-parameter")) {
179 const Expr *P0 = E->getArg(0);
180 const Expr *P1 = E->getArg(1);
181 diag(Loc, "string constructor parameters are probably swapped;"
182 " expecting string(count, character)")
183 << tooling::fixit::createReplacement(*P0, *P1, Ctx)
184 << tooling::fixit::createReplacement(*P1, *P0, Ctx);
185 } else if (Result.Nodes.getNodeAs<Expr>("empty-string")) {
186 diag(Loc, "constructor creating an empty string");
187 } else if (Result.Nodes.getNodeAs<Expr>("negative-length")) {
188 diag(Loc, "negative value used as length parameter");
189 } else if (Result.Nodes.getNodeAs<Expr>("negative-pos")) {
190 diag(Loc, "negative value used as position of the "
191 "first character parameter");
192 } else if (Result.Nodes.getNodeAs<Expr>("large-length")) {
193 if (WarnOnLargeLength)
194 diag(Loc, "suspicious large length parameter");
195 } else if (Result.Nodes.getNodeAs<Expr>("literal-with-length")) {
196 const auto *Str = Result.Nodes.getNodeAs<StringLiteral>("str");
197 const auto *Length = Result.Nodes.getNodeAs<IntegerLiteral>("length");
198 if (Length->getValue().ugt(Str->getLength())) {
199 diag(Loc, "length is bigger than string literal size");
200 return;
201 }
202 if (const auto *Pos = Result.Nodes.getNodeAs<IntegerLiteral>("pos")) {
203 if (Pos->getValue().uge(Str->getLength())) {
204 diag(Loc, "position of the first character parameter is bigger than "
205 "string literal character range");
206 } else if (Length->getValue().ugt(
207 (Str->getLength() - Pos->getValue()).getZExtValue())) {
208 diag(Loc, "length is bigger than remaining string literal size");
209 }
210 }
211 } else if (const auto *Ptr = Result.Nodes.getNodeAs<Expr>("from-ptr")) {
212 Expr::EvalResult ConstPtr;
213 if (!Ptr->isInstantiationDependent() &&
214 Ptr->EvaluateAsRValue(ConstPtr, Ctx) &&
215 ((ConstPtr.Val.isInt() && ConstPtr.Val.getInt().isZero()) ||
216 (ConstPtr.Val.isLValue() && ConstPtr.Val.isNullPointer()))) {
217 if (IsStringviewNullptrCheckEnabled &&
218 Result.Nodes.getNodeAs<CXXRecordDecl>("basic_string_view_decl")) {
219 // Filter out `basic_string_view` to avoid conflicts with
220 // `bugprone-stringview-nullptr`
221 return;
222 }
223 diag(Loc, "constructing string from nullptr is undefined behaviour");
224 }
225 }
226}
227
228} // namespace clang::tidy::bugprone
clang::tidy::ClangTidyContext
Every ClangTidyCheck reports errors through a DiagnosticsEngine provided by this context.
Definition ClangTidyDiagnosticConsumer.h:70
clang::tidy::bugprone::StringConstructorCheck::check
void check(const ast_matchers::MatchFinder::MatchResult &Result) override
Definition StringConstructorCheck.cpp:172
clang::tidy::bugprone::StringConstructorCheck::StringConstructorCheck
StringConstructorCheck(StringRef Name, ClangTidyContext *Context)
Definition StringConstructorCheck.cpp:40
clang::tidy::bugprone::StringConstructorCheck::storeOptions
void storeOptions(ClangTidyOptions::OptionMap &Opts) override
Definition StringConstructorCheck.cpp:50
clang::tidy::bugprone::StringConstructorCheck::registerMatchers
void registerMatchers(ast_matchers::MatchFinder *Finder) override
Definition StringConstructorCheck.cpp:56
clang::ast_matchers
Definition AbseilMatcher.h:16
clang::tidy::bugprone::removeNamespaces
static std::vector< StringRef > removeNamespaces(const std::vector< StringRef > &Names)
Definition StringConstructorCheck.cpp:29
clang::tidy::bugprone::DefaultStringNames
static const char DefaultStringNames[]
Definition StringConstructorCheck.cpp:25
clang::tidy::matchers::AST_MATCHER_P
AST_MATCHER_P(Stmt, isStatementIdenticalToBoundNode, std::string, ID)
Definition clang-tidy/utils/Matchers.h:163
clang::tidy::ClangTidyOptions::OptionMap
llvm::StringMap< ClangTidyValue > OptionMap
Definition ClangTidyOptions.h:128
Generated on for clang-tools by doxygen 1.14.0