clang-tools  4.0.0
MemsetZeroLengthCheck.cpp
Go to the documentation of this file.
1 //===--- MemsetZeroLengthCheck.cpp - clang-tidy -------------------*- C++ -*-===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 
10 #include "MemsetZeroLengthCheck.h"
11 #include "clang/AST/ASTContext.h"
12 #include "clang/ASTMatchers/ASTMatchFinder.h"
13 #include "clang/ASTMatchers/ASTMatchers.h"
14 #include "clang/Lex/Lexer.h"
15 
16 using namespace clang::ast_matchers;
17 
18 namespace clang {
19 namespace tidy {
20 namespace google {
21 namespace runtime {
22 
23 void MemsetZeroLengthCheck::registerMatchers(
24  ast_matchers::MatchFinder *Finder) {
25  // Look for memset(x, y, 0) as those is most likely an argument swap.
26  // TODO: Also handle other standard functions that suffer from the same
27  // problem, e.g. memchr.
28  Finder->addMatcher(callExpr(callee(functionDecl(hasName("::memset"))),
29  argumentCountIs(3),
30  unless(isInTemplateInstantiation()))
31  .bind("decl"),
32  this);
33 }
34 
35 /// \brief Get a StringRef representing a SourceRange.
36 static StringRef getAsString(const MatchFinder::MatchResult &Result,
37  SourceRange R) {
38  const SourceManager &SM = *Result.SourceManager;
39  // Don't even try to resolve macro or include contraptions. Not worth emitting
40  // a fixit for.
41  if (R.getBegin().isMacroID() ||
42  !SM.isWrittenInSameFile(R.getBegin(), R.getEnd()))
43  return StringRef();
44 
45  const char *Begin = SM.getCharacterData(R.getBegin());
46  const char *End = SM.getCharacterData(Lexer::getLocForEndOfToken(
47  R.getEnd(), 0, SM, Result.Context->getLangOpts()));
48 
49  return StringRef(Begin, End - Begin);
50 }
51 
52 void MemsetZeroLengthCheck::check(const MatchFinder::MatchResult &Result) {
53  const auto *Call = Result.Nodes.getNodeAs<CallExpr>("decl");
54 
55  // Note, this is:
56  // void *memset(void *buffer, int fill_char, size_t byte_count);
57  // Arg1 is fill_char, Arg2 is byte_count.
58  const Expr *Arg1 = Call->getArg(1);
59  const Expr *Arg2 = Call->getArg(2);
60 
61  // Return if `byte_count` is not zero at compile time.
62  llvm::APSInt Value1, Value2;
63  if (Arg2->isValueDependent() ||
64  !Arg2->EvaluateAsInt(Value2, *Result.Context) || Value2 != 0)
65  return;
66 
67  // Return if `fill_char` is known to be zero or negative at compile
68  // time. In these cases, swapping the args would be a nop, or
69  // introduce a definite bug. The code is likely correct.
70  if (!Arg1->isValueDependent() &&
71  Arg1->EvaluateAsInt(Value1, *Result.Context) &&
72  (Value1 == 0 || Value1.isNegative()))
73  return;
74 
75  // `byte_count` is known to be zero at compile time, and `fill_char` is
76  // either not known or known to be a positive integer. Emit a warning
77  // and fix-its to swap the arguments.
78  auto D = diag(Call->getLocStart(),
79  "memset of size zero, potentially swapped arguments");
80  SourceRange LHSRange = Arg1->getSourceRange();
81  SourceRange RHSRange = Arg2->getSourceRange();
82  StringRef RHSString = getAsString(Result, RHSRange);
83  StringRef LHSString = getAsString(Result, LHSRange);
84  if (LHSString.empty() || RHSString.empty())
85  return;
86 
87  D << FixItHint::CreateReplacement(CharSourceRange::getTokenRange(LHSRange),
88  RHSString)
89  << FixItHint::CreateReplacement(CharSourceRange::getTokenRange(RHSRange),
90  LHSString);
91 }
92 
93 } // namespace runtime
94 } // namespace google
95 } // namespace tidy
96 } // namespace clang
std::unique_ptr< ast_matchers::MatchFinder > Finder
Definition: ClangTidy.cpp:262
SourceManager & SM
static StringRef getAsString(const MatchFinder::MatchResult &Result, SourceRange R)
Get a StringRef representing a SourceRange.
const NamedDecl * Result
Definition: USRFinder.cpp:162