StringConstructorCheck.cpp source code [clang-tools-extra/clang-tidy/bugprone/StringConstructorCheck.cpp]

1	//===--- StringConstructorCheck.cpp - clang-tidy---------------------------===//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8
9	#include "StringConstructorCheck.h"
10	#include "../utils/OptionsUtils.h"
11	#include "clang/AST/ASTContext.h"
12	#include "clang/ASTMatchers/ASTMatchFinder.h"
13	#include "clang/Tooling/FixIt.h"
14
15	using namespace clang::ast_matchers;
16
17	namespace clang::tidy::bugprone {
18
19	namespace {
20	AST_MATCHER_P(IntegerLiteral, isBiggerThan, unsigned, N) {
21	return Node.getValue().getZExtValue() > N;
22	}
23
24	const char DefaultStringNames[] =
25	"::std::basic_string;::std::basic_string_view";
26
27	static std::vector<StringRef>
28	removeNamespaces(const std::vector<StringRef> &Names) {
29	std::vector<StringRef> Result;
30	Result.reserve(n: Names.size());
31	for (StringRef Name : Names) {
32	std::string::size_type ColonPos = Name.rfind(C: `':'`);
33	Result.push_back(
34	x: Name.substr(Start: ColonPos == std::string::npos ? `0` : ColonPos + `1`));
35	}
36	return Result;
37	}
38
39	} // namespace
40
41	StringConstructorCheck::StringConstructorCheck(StringRef Name,
42	ClangTidyContext *Context)
43	: ClangTidyCheck (Name, Context),
44	IsStringviewNullptrCheckEnabled(
45	Context->isCheckEnabled(CheckName: "bugprone-stringview-nullptr")),
46	WarnOnLargeLength(Options.get(LocalName: "WarnOnLargeLength", Default: true)),
47	LargeLengthThreshold(Options.get(LocalName: "LargeLengthThreshold", Default: `0x800000`)),
48	StringNames(utils::options::parseStringList(
49	Option: Options.get(LocalName: "StringNames", Default: DefaultStringNames))) {}
50
51	void StringConstructorCheck::storeOptions(ClangTidyOptions::OptionMap &Opts) {
52	Options.store(Options&: Opts, LocalName: "WarnOnLargeLength", Value: WarnOnLargeLength);
53	Options.store(Options&: Opts, LocalName: "LargeLengthThreshold", Value: LargeLengthThreshold);
54	Options.store(Options&: Opts, LocalName: "StringNames", Value: DefaultStringNames);
55	}
56
57	void StringConstructorCheck::registerMatchers(MatchFinder *Finder) {
58	const auto ZeroExpr = expr (ignoringParenImpCasts(InnerMatcher: integerLiteral (equals(Value: `0`))));
59	const auto CharExpr = expr (ignoringParenImpCasts(InnerMatcher: characterLiteral ()));
60	const auto NegativeExpr = expr (ignoringParenImpCasts(
61	InnerMatcher: unaryOperator (hasOperatorName(Name: "-"),
62	hasUnaryOperand(InnerMatcher: integerLiteral (unless (equals(Value: `0`)))))));
63	const auto LargeLengthExpr = expr (ignoringParenImpCasts(
64	InnerMatcher: integerLiteral (isBiggerThan(N: LargeLengthThreshold))));
65	const auto CharPtrType = type (anyOf (pointerType (), arrayType ()));
66
67	// Match a string-literal; even through a declaration with initializer.
68	const auto BoundStringLiteral = stringLiteral ().bind(ID: "str");
69	const auto ConstStrLiteralDecl = varDecl (
70	isDefinition(), hasType(InnerMatcher: constantArrayType ()), hasType(InnerMatcher: isConstQualified()),
71	hasInitializer(InnerMatcher: ignoringParenImpCasts(InnerMatcher: BoundStringLiteral)));
72	const auto ConstPtrStrLiteralDecl = varDecl (
73	isDefinition(),
74	hasType(InnerMatcher: pointerType (pointee (isAnyCharacter(), isConstQualified()))),
75	hasInitializer(InnerMatcher: ignoringParenImpCasts(InnerMatcher: BoundStringLiteral)));
76	const auto ConstStrLiteral = expr (ignoringParenImpCasts(InnerMatcher: anyOf (
77	BoundStringLiteral, declRefExpr (hasDeclaration(InnerMatcher: anyOf (
78	ConstPtrStrLiteralDecl, ConstStrLiteralDecl))))));
79
80	// Check the fill constructor. Fills the string with n consecutive copies of
81	// character c. [i.e string(size_t n, char c);].
82	Finder->addMatcher(
83	NodeMatch: cxxConstructExpr (
84	hasDeclaration(InnerMatcher: cxxMethodDecl (hasName(Name: "basic_string"))),
85	argumentCountIs(N: `2`), hasArgument(N: `0`, InnerMatcher: hasType(InnerMatcher: qualType (isInteger()))),
86	hasArgument(N: `1`, InnerMatcher: hasType(InnerMatcher: qualType (isInteger()))),
87	anyOf (
88	// Detect the expression: string('x', 40);
89	hasArgument(N: `0`, InnerMatcher: CharExpr.bind(ID: "swapped-parameter")),
90	// Detect the expression: string(0, ...);
91	hasArgument(N: `0`, InnerMatcher: ZeroExpr.bind(ID: "empty-string")),
92	// Detect the expression: string(-4, ...);
93	hasArgument(N: `0`, InnerMatcher: NegativeExpr.bind(ID: "negative-length")),
94	// Detect the expression: string(0x1234567, ...);
95	hasArgument(N: `0`, InnerMatcher: LargeLengthExpr.bind(ID: "large-length"))))
96	.bind(ID: "constructor"),
97	Action: this);
98
99	// Check the literal string constructor with char pointer and length
100	// parameters. [i.e. string (const char s, size_t n);]*
101	Finder->addMatcher(
102	NodeMatch: cxxConstructExpr (
103	hasDeclaration(InnerMatcher: cxxConstructorDecl (ofClass(
104	InnerMatcher: cxxRecordDecl (hasAnyName (removeNamespaces(Names: StringNames)))))),
105	argumentCountIs(N: `2`), hasArgument(N: `0`, InnerMatcher: hasType(InnerMatcher: CharPtrType)),
106	hasArgument(N: `1`, InnerMatcher: hasType(InnerMatcher: isInteger())),
107	anyOf (
108	// Detect the expression: string("...", 0);
109	hasArgument(N: `1`, InnerMatcher: ZeroExpr.bind(ID: "empty-string")),
110	// Detect the expression: string("...", -4);
111	hasArgument(N: `1`, InnerMatcher: NegativeExpr.bind(ID: "negative-length")),
112	// Detect the expression: string("lit", 0x1234567);
113	hasArgument(N: `1`, InnerMatcher: LargeLengthExpr.bind(ID: "large-length")),
114	// Detect the expression: string("lit", 5)
115	allOf (hasArgument(N: `0`, InnerMatcher: ConstStrLiteral.bind(ID: "literal-with-length")),
116	hasArgument(N: `1`, InnerMatcher: ignoringParenImpCasts(
117	InnerMatcher: integerLiteral ().bind(ID: "length"))))))
118	.bind(ID: "constructor"),
119	Action: this);
120
121	// Check the literal string constructor with char pointer, start position and
122	// length parameters. [i.e. string (const char s, size_t pos, size_t count);]*
123	Finder->addMatcher(
124	NodeMatch: cxxConstructExpr (
125	hasDeclaration(InnerMatcher: cxxConstructorDecl (ofClass(
126	InnerMatcher: cxxRecordDecl (hasAnyName (removeNamespaces(Names: StringNames)))))),
127	argumentCountIs(N: `3`), hasArgument(N: `0`, InnerMatcher: hasType(InnerMatcher: CharPtrType)),
128	hasArgument(N: `1`, InnerMatcher: hasType(InnerMatcher: qualType (isInteger()))),
129	hasArgument(N: `2`, InnerMatcher: hasType(InnerMatcher: qualType (isInteger()))),
130	anyOf (
131	// Detect the expression: string("...", 1, 0);
132	hasArgument(N: `2`, InnerMatcher: ZeroExpr.bind(ID: "empty-string")),
133	// Detect the expression: string("...", -4, 1);
134	hasArgument(N: `1`, InnerMatcher: NegativeExpr.bind(ID: "negative-pos")),
135	// Detect the expression: string("...", 0, -4);
136	hasArgument(N: `2`, InnerMatcher: NegativeExpr.bind(ID: "negative-length")),
137	// Detect the expression: string("lit", 0, 0x1234567);
138	hasArgument(N: `2`, InnerMatcher: LargeLengthExpr.bind(ID: "large-length")),
139	// Detect the expression: string("lit", 1, 5)
140	allOf (hasArgument(N: `0`, InnerMatcher: ConstStrLiteral.bind(ID: "literal-with-length")),
141	hasArgument(
142	N: `1`, InnerMatcher: ignoringParenImpCasts(InnerMatcher: integerLiteral ().bind(ID: "pos"))),
143	hasArgument(N: `2`, InnerMatcher: ignoringParenImpCasts(
144	InnerMatcher: integerLiteral ().bind(ID: "length"))))))
145	.bind(ID: "constructor"),
146	Action: this);
147
148	// Check the literal string constructor with char pointer.
149	// [i.e. string (const char s);]*
150	Finder->addMatcher(
151	NodeMatch: traverse(
152	TK: TK_AsIs,
153	InnerMatcher: cxxConstructExpr (
154	hasDeclaration(InnerMatcher: cxxConstructorDecl (ofClass(InnerMatcher: anyOf (
155	cxxRecordDecl (hasName(Name: "basic_string_view"))
156	.bind(ID: "basic_string_view_decl"),
157	cxxRecordDecl (hasAnyName (removeNamespaces(Names: StringNames))))))),
158	hasArgument(N: `0`, InnerMatcher: expr ().bind(ID: "from-ptr")),
159	// do not match std::string(ptr, int)
160	// match std::string(ptr, alloc)
161	// match std::string(ptr)
162	anyOf (hasArgument(N: `1`, InnerMatcher: unless (hasType(InnerMatcher: isInteger()))),
163	argumentCountIs(N: `1`)))
164	.bind(ID: "constructor")),
165	Action: this);
166	}
167
168	void StringConstructorCheck::check(const MatchFinder::MatchResult &Result) {
169	const ASTContext &Ctx = *Result.Context;
170	const auto *E = Result.Nodes.getNodeAs<CXXConstructExpr>(ID: "constructor");
171	assert(E && "missing constructor expression");
172	SourceLocation Loc = E->getBeginLoc();
173
174	if (Result.Nodes.getNodeAs<Expr>(ID: "swapped-parameter")) {
175	const Expr *P0 = E->getArg(Arg: `0`);
176	const Expr *P1 = E->getArg(Arg: `1`);
177	diag(Loc, Description: "string constructor parameters are probably swapped;"
178	" expecting string(count, character)")
179	<< tooling::fixit::createReplacement(Destination: P0, Source: P1, Context: Ctx)
180	<< tooling::fixit::createReplacement(Destination: P1, Source: P0, Context: Ctx);
181	} else if (Result.Nodes.getNodeAs<Expr>(ID: "empty-string")) {
182	diag(Loc, Description: "constructor creating an empty string");
183	} else if (Result.Nodes.getNodeAs<Expr>(ID: "negative-length")) {
184	diag(Loc, Description: "negative value used as length parameter");
185	} else if (Result.Nodes.getNodeAs<Expr>(ID: "negative-pos")) {
186	diag(Loc, Description: "negative value used as position of the "
187	"first character parameter");
188	} else if (Result.Nodes.getNodeAs<Expr>(ID: "large-length")) {
189	if (WarnOnLargeLength)
190	diag(Loc, Description: "suspicious large length parameter");
191	} else if (Result.Nodes.getNodeAs<Expr>(ID: "literal-with-length")) {
192	const auto *Str = Result.Nodes.getNodeAs<StringLiteral>(ID: "str");
193	const auto *Length = Result.Nodes.getNodeAs<IntegerLiteral>(ID: "length");
194	if (Length->getValue().ugt(Str->getLength())) {
195	diag(Loc, Description: "length is bigger than string literal size");
196	return;
197	}
198	if (const auto *Pos = Result.Nodes.getNodeAs<IntegerLiteral>(ID: "pos")) {
199	if (Pos->getValue().uge(Str->getLength())) {
200	diag(Loc, Description: "position of the first character parameter is bigger than "
201	"string literal character range");
202	} else if (Length->getValue().ugt(
203	(Str->getLength() - Pos->getValue()).getZExtValue())) {
204	diag(Loc, Description: "length is bigger than remaining string literal size");
205	}
206	}
207	} else if (const auto *Ptr = Result.Nodes.getNodeAs<Expr>(ID: "from-ptr")) {
208	Expr::EvalResult ConstPtr;
209	if (!Ptr->isInstantiationDependent() &&
210	Ptr->EvaluateAsRValue(Result&: ConstPtr, Ctx) &&
211	((ConstPtr.Val.isInt() && ConstPtr.Val.getInt().isZero()) \|\|
212	(ConstPtr.Val.isLValue() && ConstPtr.Val.isNullPointer()))) {
213	if (IsStringviewNullptrCheckEnabled &&
214	Result.Nodes.getNodeAs<CXXRecordDecl>(ID: "basic_string_view_decl")) {
215	// Filter out `basic_string_view` to avoid conflicts with
216	// `bugprone-stringview-nullptr`
217	return;
218	}
219	diag(Loc, Description: "constructing string from nullptr is undefined behaviour");
220	}
221	}
222	}
223
224	} // namespace clang::tidy::bugprone
225

source code of clang-tools-extra/clang-tidy/bugprone/StringConstructorCheck.cpp