[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+  const CXXRecordDecl *PointeeType =
+  PointerExpr->getType()->getPointeeType()->getAsCXXRecordDecl();
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class '%0' that declares a virtual function, "
+   "undefined behavior if the pointee is a different class")
+  << PointeeType->getName();

Discookie wrote:

In Tidy we can only use a single SourceLocation and not a range, right? I don't 
know of a way to feed ranges into it.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,50 @@
+.. title:: clang-tidy - bugprone-virtual-arithmetic
+
+bugprone-virtual-arithmetic
+===
+
+Warn if pointer arithmetic is performed on a class that declares a
+virtual function.
+
+Pointer arithmetic on polymorphic objects where the pointer's static type is 
+different from its dynamic type is undefined behavior.

Discookie wrote:

indeed it could happen to any different static and dynamic types, but here it's 
better to be more specific for clarity, I think. The check only aims to find 
bugprone polymorphic objects anyways.
(`expr.add` in the standard specifically highlights polymorphic objects as 
well.)

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Finds pointer arithmetic on classes that declare a virtual function.
+///
+/// For the user-facing documentation see:
+/// 
http://clang.llvm.org/extra/clang-tidy/checks/bugprone/virtual-arithmetic.html
+class VirtualArithmeticCheck : public ClangTidyCheck {
+public:
+  VirtualArithmeticCheck(StringRef Name, ClangTidyContext *Context)
+  : ClangTidyCheck(Name, Context) {}
+  void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+  void check(const ast_matchers::MatchFinder::MatchResult ) override;

Discookie wrote:

Added.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,31 @@
+//===--- PointerArithmeticOnPolymorphicObjectCheck.h *- C++ 
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef 
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_POINTERARITHMETICONPOLYMORPHICOBJECTCHECK_H
+#define 
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_POINTERARITHMETICONPOLYMORPHICOBJECTCHECK_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Finds pointer arithmetic on classes that declare a virtual function.
+///
+/// For the user-facing documentation see:
+/// 
http://clang.llvm.org/extra/clang-tidy/checks/bugprone/pointer-arithmetic-on-polymorphic-object.html
+class PointerArithmeticOnPolymorphicObjectCheck : public ClangTidyCheck {
+public:
+  PointerArithmeticOnPolymorphicObjectCheck(StringRef Name,
+ClangTidyContext *Context)
+  : ClangTidyCheck(Name, Context) {}
+  void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+  void check(const ast_matchers::MatchFinder::MatchResult ) override;
+};

Discookie wrote:

Added.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);

Discookie wrote:

I added the type alias matches as requested, but the pure virtual functions 
matcher has the same limitation as the regular virtual functions matcher - it 
cannot transitively decide if a function is pure or not, so it's quite limited 
as well. Added tests and a FIXME for it.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,59 @@
+// RUN: %check_clang_tidy %s bugprone-virtual-arithmetic %t
+
+class Base {
+public:  
+  virtual ~Base() {}
+};
+
+class Derived : public Base {};
+
+void operators() {
+  Base *b = new Derived[10];
+
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b = b + 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:7: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b++;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b[1];
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  delete[] static_cast(b);
+}
+
+void subclassWarnings() {
+  Base *b = new Base[10];
+
+  // False positive that's impossible to distinguish without
+  // path-sensitive analysis, but the code is bug-prone regardless.
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+
+  delete[] b;
+
+  // Common false positive is a class that overrides all parent functions.
+  Derived *d = new Derived[10];
+
+  d += 1;
+  // no-warning
+
+  delete[] d;
+}
+
+template 
+void templateWarning(T *t) {
+  // FIXME: Show the location of the template instantiation in diagnostic.
+  t += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+}
+
+void functionArgument(Base *b) {
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+
+  templateWarning(b);
+}

Discookie wrote:

Is this snippet meant to be `Object `? Array subscript can't return a 
pointer AFAIK.
Other than that the case is not too distinct from `Derived d[10]; d += 1;` for 
which I have a test.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");

Discookie wrote:

I added a config option for matching inherited virtual functions.
It is quite noisy on the projects I ran it on, so I don't want to have it as 
default behavior.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,59 @@
+// RUN: %check_clang_tidy %s bugprone-virtual-arithmetic %t
+
+class Base {
+public:  
+  virtual ~Base() {}
+};
+
+class Derived : public Base {};
+
+void operators() {
+  Base *b = new Derived[10];
+
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b = b + 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:7: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b++;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]

Discookie wrote:

Added, nice catch!

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 

https://github.com/Discookie commented:

Renamed the check as requested, and fixed what I reasonably could regarding the 
rest.

Added the check option `MatchInheritedVirtualFunctions` to differentiate 
between inherited and newly-declared virtual functions. Inherited has many more 
false positives on the projects I tested.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+  const CXXRecordDecl *PointeeType =
+  PointerExpr->getType()->getPointeeType()->getAsCXXRecordDecl();
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class '%0' that declares a virtual function, "

Discookie wrote:

The issue may happen, but the check is only finding polymorphic objects, so no 
point in being more generic.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 


@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Finds pointer arithmetic on classes that declare a virtual function.

Discookie wrote:

Fixed.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 

https://github.com/Discookie edited 
https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 

https://github.com/Discookie updated 
https://github.com/llvm/llvm-project/pull/91951

>From 69cbd3da19eb0f8eb6758782b46daf99b5b79ea4 Mon Sep 17 00:00:00 2001
From: Viktor 
Date: Mon, 6 May 2024 06:11:58 +
Subject: [PATCH 01/11] Add `bugprone-virtual-arithmetic` check

Finds pointer arithmetic on classes that declare a virtual function.
---
 .../bugprone/BugproneTidyModule.cpp   |  3 ++
 .../clang-tidy/bugprone/CMakeLists.txt|  1 +
 .../bugprone/VirtualArithmeticCheck.cpp   | 46 +
 .../bugprone/VirtualArithmeticCheck.h | 30 +++
 .../checks/bugprone/virtual-arithmetic.rst| 50 +++
 .../docs/clang-tidy/checks/list.rst   |  1 +
 .../checkers/bugprone/virtual-arithmetic.cpp  | 45 +
 7 files changed, 176 insertions(+)
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
 create mode 100644 
clang-tools-extra/docs/clang-tidy/checks/bugprone/virtual-arithmetic.rst
 create mode 100644 
clang-tools-extra/test/clang-tidy/checkers/bugprone/virtual-arithmetic.cpp

diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp 
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 1b92d2e60cc17..813f6720074ae 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -91,6 +91,7 @@
 #include "UnusedRaiiCheck.h"
 #include "UnusedReturnValueCheck.h"
 #include "UseAfterMoveCheck.h"
+#include "VirtualArithmeticCheck.h"
 #include "VirtualNearMissCheck.h"
 
 namespace clang::tidy {
@@ -254,6 +255,8 @@ class BugproneModule : public ClangTidyModule {
 CheckFactories.registerCheck(
 "bugprone-unused-return-value");
 CheckFactories.registerCheck("bugprone-use-after-move");
+CheckFactories.registerCheck(
+"bugprone-virtual-arithmetic");
 CheckFactories.registerCheck(
 "bugprone-virtual-near-miss");
   }
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt 
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 2d303191f8865..ec1f3231e7990 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -87,6 +87,7 @@ add_clang_library(clangTidyBugproneModule
   UnusedRaiiCheck.cpp
   UnusedReturnValueCheck.cpp
   UseAfterMoveCheck.cpp
+  VirtualArithmeticCheck.cpp
   VirtualNearMissCheck.cpp
 
   LINK_LIBS
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
new file mode 100644
index 0..57347af2b5881
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
@@ -0,0 +1,46 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class that declares a virtual function, "
+   "undefined behavior if the pointee is a different class");
+}
+
+} // namespace clang::tidy::bugprone
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
new file mode 100644
index 0..6a5f86a391747
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-29 Thread via cfe-commits 

https://github.com/Discookie updated 
https://github.com/llvm/llvm-project/pull/91951

>From 69cbd3da19eb0f8eb6758782b46daf99b5b79ea4 Mon Sep 17 00:00:00 2001
From: Viktor 
Date: Mon, 6 May 2024 06:11:58 +
Subject: [PATCH 01/10] Add `bugprone-virtual-arithmetic` check

Finds pointer arithmetic on classes that declare a virtual function.
---
 .../bugprone/BugproneTidyModule.cpp   |  3 ++
 .../clang-tidy/bugprone/CMakeLists.txt|  1 +
 .../bugprone/VirtualArithmeticCheck.cpp   | 46 +
 .../bugprone/VirtualArithmeticCheck.h | 30 +++
 .../checks/bugprone/virtual-arithmetic.rst| 50 +++
 .../docs/clang-tidy/checks/list.rst   |  1 +
 .../checkers/bugprone/virtual-arithmetic.cpp  | 45 +
 7 files changed, 176 insertions(+)
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
 create mode 100644 
clang-tools-extra/docs/clang-tidy/checks/bugprone/virtual-arithmetic.rst
 create mode 100644 
clang-tools-extra/test/clang-tidy/checkers/bugprone/virtual-arithmetic.cpp

diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp 
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 1b92d2e60cc17..813f6720074ae 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -91,6 +91,7 @@
 #include "UnusedRaiiCheck.h"
 #include "UnusedReturnValueCheck.h"
 #include "UseAfterMoveCheck.h"
+#include "VirtualArithmeticCheck.h"
 #include "VirtualNearMissCheck.h"
 
 namespace clang::tidy {
@@ -254,6 +255,8 @@ class BugproneModule : public ClangTidyModule {
 CheckFactories.registerCheck(
 "bugprone-unused-return-value");
 CheckFactories.registerCheck("bugprone-use-after-move");
+CheckFactories.registerCheck(
+"bugprone-virtual-arithmetic");
 CheckFactories.registerCheck(
 "bugprone-virtual-near-miss");
   }
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt 
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 2d303191f8865..ec1f3231e7990 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -87,6 +87,7 @@ add_clang_library(clangTidyBugproneModule
   UnusedRaiiCheck.cpp
   UnusedReturnValueCheck.cpp
   UseAfterMoveCheck.cpp
+  VirtualArithmeticCheck.cpp
   VirtualNearMissCheck.cpp
 
   LINK_LIBS
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
new file mode 100644
index 0..57347af2b5881
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
@@ -0,0 +1,46 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class that declares a virtual function, "
+   "undefined behavior if the pointee is a different class");
+}
+
+} // namespace clang::tidy::bugprone
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
new file mode 100644
index 0..6a5f86a391747
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-28 Thread via cfe-commits 


@@ -0,0 +1,31 @@
+//===--- PointerArithmeticOnPolymorphicObjectCheck.h *- C++ 
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef 
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_POINTERARITHMETICONPOLYMORPHICOBJECTCHECK_H
+#define 
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_POINTERARITHMETICONPOLYMORPHICOBJECTCHECK_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Finds pointer arithmetic on classes that declare a virtual function.
+///
+/// For the user-facing documentation see:
+/// 
http://clang.llvm.org/extra/clang-tidy/checks/bugprone/pointer-arithmetic-on-polymorphic-object.html
+class PointerArithmeticOnPolymorphicObjectCheck : public ClangTidyCheck {
+public:
+  PointerArithmeticOnPolymorphicObjectCheck(StringRef Name,
+ClangTidyContext *Context)
+  : ClangTidyCheck(Name, Context) {}
+  void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+  void check(const ast_matchers::MatchFinder::MatchResult ) override;
+};

EugeneZelenko wrote:

Please add `isLanguageVersionSupported`.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-28 Thread via cfe-commits 

https://github.com/Discookie updated 
https://github.com/llvm/llvm-project/pull/91951

>From 69cbd3da19eb0f8eb6758782b46daf99b5b79ea4 Mon Sep 17 00:00:00 2001
From: Viktor 
Date: Mon, 6 May 2024 06:11:58 +
Subject: [PATCH 1/3] Add `bugprone-virtual-arithmetic` check

Finds pointer arithmetic on classes that declare a virtual function.
---
 .../bugprone/BugproneTidyModule.cpp   |  3 ++
 .../clang-tidy/bugprone/CMakeLists.txt|  1 +
 .../bugprone/VirtualArithmeticCheck.cpp   | 46 +
 .../bugprone/VirtualArithmeticCheck.h | 30 +++
 .../checks/bugprone/virtual-arithmetic.rst| 50 +++
 .../docs/clang-tidy/checks/list.rst   |  1 +
 .../checkers/bugprone/virtual-arithmetic.cpp  | 45 +
 7 files changed, 176 insertions(+)
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
 create mode 100644 
clang-tools-extra/docs/clang-tidy/checks/bugprone/virtual-arithmetic.rst
 create mode 100644 
clang-tools-extra/test/clang-tidy/checkers/bugprone/virtual-arithmetic.cpp

diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp 
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 1b92d2e60cc17..813f6720074ae 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -91,6 +91,7 @@
 #include "UnusedRaiiCheck.h"
 #include "UnusedReturnValueCheck.h"
 #include "UseAfterMoveCheck.h"
+#include "VirtualArithmeticCheck.h"
 #include "VirtualNearMissCheck.h"
 
 namespace clang::tidy {
@@ -254,6 +255,8 @@ class BugproneModule : public ClangTidyModule {
 CheckFactories.registerCheck(
 "bugprone-unused-return-value");
 CheckFactories.registerCheck("bugprone-use-after-move");
+CheckFactories.registerCheck(
+"bugprone-virtual-arithmetic");
 CheckFactories.registerCheck(
 "bugprone-virtual-near-miss");
   }
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt 
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 2d303191f8865..ec1f3231e7990 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -87,6 +87,7 @@ add_clang_library(clangTidyBugproneModule
   UnusedRaiiCheck.cpp
   UnusedReturnValueCheck.cpp
   UseAfterMoveCheck.cpp
+  VirtualArithmeticCheck.cpp
   VirtualNearMissCheck.cpp
 
   LINK_LIBS
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
new file mode 100644
index 0..57347af2b5881
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
@@ -0,0 +1,46 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class that declares a virtual function, "
+   "undefined behavior if the pointee is a different class");
+}
+
+} // namespace clang::tidy::bugprone
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
new file mode 100644
index 0..6a5f86a391747
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Carlos Galvez via cfe-commits 

carlosgalvezp wrote:

I realize it's probably very hard (if not impossible) to detect whether a class 
is a base class unless it has virtual functions. 

That's why the corresponding AUTOSAR rule bans only non-final classes. But that 
is a bit overkill and leads to some pain.



https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 

PiotrZSL wrote:

bugprone-pointer-arithmetic-polymorphic-object or 
bugprone-pointer-arithmetic-on-polymorphic-object could be fine.
limiting check to polymorphic objects it's fine, someone can always enable an 
cppguidelines check to cover all cases.

Also check-alias should be added to cert.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Carlos Galvez via cfe-commits 

carlosgalvezp wrote:

Otherwise since this is a problem also on non-polymorphic objects, maybe 
"bugprone-pointer-arithmetic-base-class"?

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Carlos Galvez via cfe-commits 

carlosgalvezp wrote:

I'm not very happy about the name, there's no such thing as "virtual 
arithmetic".

What about "bugprone-pointer-arithmetic-polymorphic-object"?

I rather have a long descriptive name than a short ambiguous name.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+  const CXXRecordDecl *PointeeType =
+  PointerExpr->getType()->getPointeeType()->getAsCXXRecordDecl();
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class '%0' that declares a virtual function, "

PiotrZSL wrote:

`on polymorphic class` ... also "if the pointee is a different class" is not so 
clear.
 Problem is that this issue may happen regardless if this is an polymorphic  
object or not...

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 


@@ -0,0 +1,59 @@
+// RUN: %check_clang_tidy %s bugprone-virtual-arithmetic %t
+
+class Base {
+public:  
+  virtual ~Base() {}
+};
+
+class Derived : public Base {};
+
+void operators() {
+  Base *b = new Derived[10];
+
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b = b + 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:7: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b++;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b[1];
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  delete[] static_cast(b);
+}
+
+void subclassWarnings() {
+  Base *b = new Base[10];
+
+  // False positive that's impossible to distinguish without
+  // path-sensitive analysis, but the code is bug-prone regardless.
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+
+  delete[] b;
+
+  // Common false positive is a class that overrides all parent functions.
+  Derived *d = new Derived[10];
+
+  d += 1;
+  // no-warning
+
+  delete[] d;
+}
+
+template 
+void templateWarning(T *t) {
+  // FIXME: Show the location of the template instantiation in diagnostic.
+  t += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+}
+
+void functionArgument(Base *b) {
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+
+  templateWarning(b);
+}

PiotrZSL wrote:

Add test for bugfree scenario:
```
void test()
{
Object table[10];
Object* ptr = table[5];
}
```

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");

PiotrZSL wrote:

may not work for classes that derive from virtual one. You should create new 
AST matcher an use here: 
"[isPolymorphic](https://clang.llvm.org/doxygen/classclang_1_1CXXRecordDecl.html#a6989371936079ccd01556c99637e9de0)
 ()"

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 


@@ -0,0 +1,50 @@
+.. title:: clang-tidy - bugprone-virtual-arithmetic
+
+bugprone-virtual-arithmetic
+===
+
+Warn if pointer arithmetic is performed on a class that declares a
+virtual function.
+
+Pointer arithmetic on polymorphic objects where the pointer's static type is 
+different from its dynamic type is undefined behavior.

PiotrZSL wrote:

this apply not only to polymorphic objects. Would be good to write why (maybe 
something about pointer to virtual table).

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 


@@ -0,0 +1,59 @@
+// RUN: %check_clang_tidy %s bugprone-virtual-arithmetic %t
+
+class Base {
+public:  
+  virtual ~Base() {}
+};
+
+class Derived : public Base {};
+
+void operators() {
+  Base *b = new Derived[10];
+
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b = b + 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:7: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b++;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]

PiotrZSL wrote:

add tests for ++b;

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 

https://github.com/PiotrZSL edited 
https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Piotr Zegar via cfe-commits 

https://github.com/PiotrZSL commented:

Few nits.
My main concern is an check name, had to open PR to find out what it does.
maybe should be more a "bugprone-arithmetic-on-polymorphic-pointer" or 
something like that.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 

https://github.com/5chmidti edited 
https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 

https://github.com/5chmidti edited 
https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 


@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Finds pointer arithmetic on classes that declare a virtual function.

5chmidti wrote:

This sentence, the first sentence of `virtual-arithmetic.rst` and the sentence 
in the release notes (missing) should all be the same.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 


@@ -0,0 +1,59 @@
+// RUN: %check_clang_tidy %s bugprone-virtual-arithmetic %t
+
+class Base {
+public:  
+  virtual ~Base() {}
+};
+
+class Derived : public Base {};
+
+void operators() {
+  Base *b = new Derived[10];
+
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b = b + 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:7: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b++;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  b[1];
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function, undefined behavior if the pointee is a 
different class [bugprone-virtual-arithmetic]
+
+  delete[] static_cast(b);
+}
+
+void subclassWarnings() {
+  Base *b = new Base[10];
+
+  // False positive that's impossible to distinguish without
+  // path-sensitive analysis, but the code is bug-prone regardless.
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+
+  delete[] b;
+
+  // Common false positive is a class that overrides all parent functions.
+  Derived *d = new Derived[10];
+
+  d += 1;
+  // no-warning
+
+  delete[] d;
+}
+
+template 
+void templateWarning(T *t) {
+  // FIXME: Show the location of the template instantiation in diagnostic.
+  t += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+}
+
+void functionArgument(Base *b) {
+  b += 1;
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: pointer arithmetic on class 
'Base' that declares a virtual function
+
+  templateWarning(b);
+}

5chmidti wrote:

Please add a newline to the end of the file.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 


@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Finds pointer arithmetic on classes that declare a virtual function.
+///
+/// For the user-facing documentation see:
+/// 
http://clang.llvm.org/extra/clang-tidy/checks/bugprone/virtual-arithmetic.html
+class VirtualArithmeticCheck : public ClangTidyCheck {
+public:
+  VirtualArithmeticCheck(StringRef Name, ClangTidyContext *Context)
+  : ClangTidyCheck(Name, Context) {}
+  void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+  void check(const ast_matchers::MatchFinder::MatchResult ) override;

5chmidti wrote:

Please add
```c++
  bool isLanguageVersionSupported(const LangOptions ) const override {
return LangOpts.CPlusPlus;
  }
```
because this check is only for C++.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);

5chmidti wrote:

The check does not diagnose a few cases that IMO should be:

### Inheritance
Diagnose expressions with a pointer type, where the class either directly 
declares a virtual method (current matcher), or it inherits a pure virtual 
function that was not yet overridden in the inheritance chain.

This can be fixed by using
```c++
  const auto VirtualRecord =
  cxxRecordDecl(anyOf(isAbstract(), hasMethod(isVirtualAsWritten(;

  const auto PointerExprWithVirtualMethod =
  expr(hasType(pointerType(pointee(hasDeclaration(VirtualRecord)
  .bind("pointer");
```

### Type Aliases
Secondly, the matcher does not check the underlying type of type aliases.
The 
```c++
expr(hasType(pointerType(pointee(hasDeclaration(
   cxxRecordDecl(hasMethod(isVirtualAsWritten(
  .bind("pointer")
```
matcher should have a `hasCanonicalType` after the `hasType` and after the 
`pointee` to fix this.

E.g.:

```c++
using BaseAlias = Base;
using DerivedAlias = Derived;

using BasePtr = BaseAlias*;
using DerivedPtr = DerivedAlias*;

void foo(Derived* p1, BaseAlias* p2, DerivedAlias* p3, BasePtr p4, DerivedPtr 
p5,
 BasePtr* p6, DerivedPtr* p7) {
++p1;
++p2;
++p3;
++p4;
++p5;
++p6;
++p7;
}

class PureBase {
  virtual void foo()=0;
};
class PureDerived : public PureBase {};

using PureBaseAlias = PureBase;
using PureDerivedAlias = PureDerived;

using PureBasePtr = PureBaseAlias*;
using PureDerivedPtr = PureDerivedAlias*;

void pure_foo(PureDerived* p1, PureBaseAlias* p2, PureDerivedAlias* p3, 
PureBasePtr p4, PureDerivedPtr p5,
 PureBasePtr* p6, PureDerivedPtr* p7) {
++p1;
++p2;
++p3;
++p4;
++p5;
++p6;
++p7;
}
```

pure1-pure5 should be diagnosed, but they currently are not.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 


@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+  const CXXRecordDecl *PointeeType =
+  PointerExpr->getType()->getPointeeType()->getAsCXXRecordDecl();
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class '%0' that declares a virtual function, "
+   "undefined behavior if the pointee is a different class")
+  << PointeeType->getName();

5chmidti wrote:

- Please stream the `SourceRange` of `PointerExpr` into the diagnostic, so that 
it is fully underlined in the diagnostic/editor
- I think the comma should be replaced with `(can) result in`, wdyt?
- You don't have to escape the `%0` with `'` when you pass `PointeeType` 
without the `getName` instead.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 


@@ -0,0 +1,50 @@
+.. title:: clang-tidy - bugprone-virtual-arithmetic
+
+bugprone-virtual-arithmetic
+===
+
+Warn if pointer arithmetic is performed on a class that declares a
+virtual function.
+
+Pointer arithmetic on polymorphic objects where the pointer's static type is 
+different from its dynamic type is undefined behavior.
+Finding pointers where the static type contains a virtual member function is a
+good heuristic, as the pointer is likely to point to a different, derived 
class.
+
+This check corresponds to the SEI Cert rule `CTR56-CPP: Do not use pointer 
arithmetic on polymorphic objects 
`_.
+
+Example:
+
+.. code-block:: c++
+
+  struct Base {
+virtual void ~Base();
+  };
+
+  struct Derived : public Base {};
+
+  void foo() {
+Base *b = new Derived[10];
+
+b += 1;
+// warning: pointer arithmetic on class that declares a virtual function, 
undefined behavior if the pointee is a different class

5chmidti wrote:

Please reflow this comment to fit into 80 columns.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 

https://github.com/5chmidti requested changes to this pull request.

Needs some small changes before landing. It's a good check to have, thanks.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread Julian Schmidt via cfe-commits 

https://github.com/5chmidti edited 
https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 

https://github.com/EugeneZelenko commented:

Please mention new check in Release Notes.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 


@@ -0,0 +1,30 @@
+//===--- VirtualArithmeticCheck.h - clang-tidy---*- C++ 
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_VIRTUAL_ARITHMETIC_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Finds pointer arithmetic on classes that declare a virtual function.
+///
+/// For the user-facing documentation see:
+/// 
http://clang.llvm.org/extra/clang-tidy/checks/bugprone/virtual-arithmetic.html
+class VirtualArithmeticCheck : public ClangTidyCheck {
+public:
+  VirtualArithmeticCheck(StringRef Name, ClangTidyContext *Context)
+  : ClangTidyCheck(Name, Context) {}
+  void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+  void check(const ast_matchers::MatchFinder::MatchResult ) override;
+};

EugeneZelenko wrote:

Please add `isLanguageVersionSupported`.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 


@@ -0,0 +1,50 @@
+.. title:: clang-tidy - bugprone-virtual-arithmetic
+
+bugprone-virtual-arithmetic
+===
+
+Warn if pointer arithmetic is performed on a class that declares a
+virtual function.
+
+Pointer arithmetic on polymorphic objects where the pointer's static type is 
+different from its dynamic type is undefined behavior.
+Finding pointers where the static type contains a virtual member function is a
+good heuristic, as the pointer is likely to point to a different, derived 
class.
+
+This check corresponds to the SEI Cert rule `CTR56-CPP: Do not use pointer 
arithmetic on polymorphic objects 
`_.

EugeneZelenko wrote:

Should be at the end.

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 

https://github.com/EugeneZelenko edited 
https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 

Discookie wrote:

(Finding classes with virtual member fns is a good heuristic for finding 
polymorphic objects in general, as previously discussed in 
https://github.com/llvm/llvm-project/pull/82977#issuecomment-1968111034.)

https://github.com/llvm/llvm-project/pull/91951
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 

llvmbot wrote:




@llvm/pr-subscribers-clang-tools-extra

Author: Discookie (Discookie)


Changes

Finds pointer arithmetic on classes that declare a virtual function.

This check corresponds to the SEI Cert rule [CTR56-CPP: Do not use pointer 
arithmetic on polymorphic 
objects](https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR56-CPP.+Do+not+use+pointer+arithmetic+on+polymorphic+objects).

```cpp
struct Base {
  virtual void ~Base();
};

struct Derived : public Base {};

void foo(Base *b) {
  b += 1; // passing `Derived` to `foo()` results in UB
}
```

[Results on open-source 
projects](https://codechecker-demo.eastus.cloudapp.azure.com/Default/runs?run=Discookie-ctr56-with-classnames).
 Most of the Qtbase reports are from having a `virtual override` declaration, 
and the LLVM reports are true positives, as far as I can tell.



---
Full diff: https://github.com/llvm/llvm-project/pull/91951.diff


7 Files Affected:

- (modified) clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp (+3) 
- (modified) clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt (+1) 
- (added) clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
(+49) 
- (added) clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h (+30) 
- (added) 
clang-tools-extra/docs/clang-tidy/checks/bugprone/virtual-arithmetic.rst (+50) 
- (modified) clang-tools-extra/docs/clang-tidy/checks/list.rst (+1) 
- (added) 
clang-tools-extra/test/clang-tidy/checkers/bugprone/virtual-arithmetic.cpp 
(+59) 


``diff
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp 
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 1b92d2e60cc17..813f6720074ae 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -91,6 +91,7 @@
 #include "UnusedRaiiCheck.h"
 #include "UnusedReturnValueCheck.h"
 #include "UseAfterMoveCheck.h"
+#include "VirtualArithmeticCheck.h"
 #include "VirtualNearMissCheck.h"
 
 namespace clang::tidy {
@@ -254,6 +255,8 @@ class BugproneModule : public ClangTidyModule {
 CheckFactories.registerCheck(
 "bugprone-unused-return-value");
 CheckFactories.registerCheck("bugprone-use-after-move");
+CheckFactories.registerCheck(
+"bugprone-virtual-arithmetic");
 CheckFactories.registerCheck(
 "bugprone-virtual-near-miss");
   }
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt 
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 2d303191f8865..ec1f3231e7990 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -87,6 +87,7 @@ add_clang_library(clangTidyBugproneModule
   UnusedRaiiCheck.cpp
   UnusedReturnValueCheck.cpp
   UseAfterMoveCheck.cpp
+  VirtualArithmeticCheck.cpp
   VirtualNearMissCheck.cpp
 
   LINK_LIBS
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
new file mode 100644
index 0..dec43ae9bd8ca
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+  const CXXRecordDecl *PointeeType =
+  PointerExpr->getType()->getPointeeType()->getAsCXXRecordDecl();
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class '%0' that declares a virtual function, "
+   "undefined behavior if the pointee is

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 

llvmbot wrote:




@llvm/pr-subscribers-clang-tidy

Author: Discookie (Discookie)


Changes

Finds pointer arithmetic on classes that declare a virtual function.

This check corresponds to the SEI Cert rule [CTR56-CPP: Do not use pointer 
arithmetic on polymorphic 
objects](https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR56-CPP.+Do+not+use+pointer+arithmetic+on+polymorphic+objects).

```cpp
struct Base {
  virtual void ~Base();
};

struct Derived : public Base {};

void foo(Base *b) {
  b += 1; // passing `Derived` to `foo()` results in UB
}
```

[Results on open-source 
projects](https://codechecker-demo.eastus.cloudapp.azure.com/Default/runs?run=Discookie-ctr56-with-classnames).
 Most of the Qtbase reports are from having a `virtual override` declaration, 
and the LLVM reports are true positives, as far as I can tell.



---
Full diff: https://github.com/llvm/llvm-project/pull/91951.diff


7 Files Affected:

- (modified) clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp (+3) 
- (modified) clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt (+1) 
- (added) clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
(+49) 
- (added) clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h (+30) 
- (added) 
clang-tools-extra/docs/clang-tidy/checks/bugprone/virtual-arithmetic.rst (+50) 
- (modified) clang-tools-extra/docs/clang-tidy/checks/list.rst (+1) 
- (added) 
clang-tools-extra/test/clang-tidy/checkers/bugprone/virtual-arithmetic.cpp 
(+59) 


``diff
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp 
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 1b92d2e60cc17..813f6720074ae 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -91,6 +91,7 @@
 #include "UnusedRaiiCheck.h"
 #include "UnusedReturnValueCheck.h"
 #include "UseAfterMoveCheck.h"
+#include "VirtualArithmeticCheck.h"
 #include "VirtualNearMissCheck.h"
 
 namespace clang::tidy {
@@ -254,6 +255,8 @@ class BugproneModule : public ClangTidyModule {
 CheckFactories.registerCheck(
 "bugprone-unused-return-value");
 CheckFactories.registerCheck("bugprone-use-after-move");
+CheckFactories.registerCheck(
+"bugprone-virtual-arithmetic");
 CheckFactories.registerCheck(
 "bugprone-virtual-near-miss");
   }
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt 
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 2d303191f8865..ec1f3231e7990 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -87,6 +87,7 @@ add_clang_library(clangTidyBugproneModule
   UnusedRaiiCheck.cpp
   UnusedReturnValueCheck.cpp
   UseAfterMoveCheck.cpp
+  VirtualArithmeticCheck.cpp
   VirtualNearMissCheck.cpp
 
   LINK_LIBS
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
new file mode 100644
index 0..dec43ae9bd8ca
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
@@ -0,0 +1,49 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+
+void VirtualArithmeticCheck::check(const MatchFinder::MatchResult ) {
+  const auto *PointerExpr = Result.Nodes.getNodeAs("pointer");
+  const CXXRecordDecl *PointeeType =
+  PointerExpr->getType()->getPointeeType()->getAsCXXRecordDecl();
+
+  diag(PointerExpr->getBeginLoc(),
+   "pointer arithmetic on class '%0' that declares a virtual function, "
+   "undefined behavior if the pointee is a

[clang-tools-extra] [clang-tidy] Add `bugprone-virtual-arithmetic` check (PR #91951)

2024-05-13 Thread via cfe-commits 

https://github.com/Discookie created 
https://github.com/llvm/llvm-project/pull/91951

Finds pointer arithmetic on classes that declare a virtual function.

This check corresponds to the SEI Cert rule [CTR56-CPP: Do not use pointer 
arithmetic on polymorphic 
objects](https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR56-CPP.+Do+not+use+pointer+arithmetic+on+polymorphic+objects).

```cpp
struct Base {
  virtual void ~Base();
};

struct Derived : public Base {};

void foo(Base *b) {
  b += 1; // passing `Derived` to `foo()` results in UB
}
```

[Results on open-source 
projects](https://codechecker-demo.eastus.cloudapp.azure.com/Default/runs?run=Discookie-ctr56-with-classnames).
 Most of the Qtbase reports are from having a `virtual override` declaration, 
and the LLVM reports are true positives, as far as I can tell.



>From 69cbd3da19eb0f8eb6758782b46daf99b5b79ea4 Mon Sep 17 00:00:00 2001
From: Viktor 
Date: Mon, 6 May 2024 06:11:58 +
Subject: [PATCH 1/2] Add `bugprone-virtual-arithmetic` check

Finds pointer arithmetic on classes that declare a virtual function.
---
 .../bugprone/BugproneTidyModule.cpp   |  3 ++
 .../clang-tidy/bugprone/CMakeLists.txt|  1 +
 .../bugprone/VirtualArithmeticCheck.cpp   | 46 +
 .../bugprone/VirtualArithmeticCheck.h | 30 +++
 .../checks/bugprone/virtual-arithmetic.rst| 50 +++
 .../docs/clang-tidy/checks/list.rst   |  1 +
 .../checkers/bugprone/virtual-arithmetic.cpp  | 45 +
 7 files changed, 176 insertions(+)
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
 create mode 100644 
clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.h
 create mode 100644 
clang-tools-extra/docs/clang-tidy/checks/bugprone/virtual-arithmetic.rst
 create mode 100644 
clang-tools-extra/test/clang-tidy/checkers/bugprone/virtual-arithmetic.cpp

diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp 
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 1b92d2e60cc17..813f6720074ae 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -91,6 +91,7 @@
 #include "UnusedRaiiCheck.h"
 #include "UnusedReturnValueCheck.h"
 #include "UseAfterMoveCheck.h"
+#include "VirtualArithmeticCheck.h"
 #include "VirtualNearMissCheck.h"
 
 namespace clang::tidy {
@@ -254,6 +255,8 @@ class BugproneModule : public ClangTidyModule {
 CheckFactories.registerCheck(
 "bugprone-unused-return-value");
 CheckFactories.registerCheck("bugprone-use-after-move");
+CheckFactories.registerCheck(
+"bugprone-virtual-arithmetic");
 CheckFactories.registerCheck(
 "bugprone-virtual-near-miss");
   }
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt 
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 2d303191f8865..ec1f3231e7990 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -87,6 +87,7 @@ add_clang_library(clangTidyBugproneModule
   UnusedRaiiCheck.cpp
   UnusedReturnValueCheck.cpp
   UseAfterMoveCheck.cpp
+  VirtualArithmeticCheck.cpp
   VirtualNearMissCheck.cpp
 
   LINK_LIBS
diff --git a/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp 
b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
new file mode 100644
index 0..57347af2b5881
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/VirtualArithmeticCheck.cpp
@@ -0,0 +1,46 @@
+//===--- VirtualArithmeticCheck.cpp - 
clang-tidy---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "VirtualArithmeticCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void VirtualArithmeticCheck::registerMatchers(MatchFinder *Finder) {
+  const auto PointerExprWithVirtualMethod =
+  expr(hasType(pointerType(pointee(hasDeclaration(
+   cxxRecordDecl(hasMethod(isVirtualAsWritten(
+  .bind("pointer");
+
+  const auto ArraySubscript =
+  arraySubscriptExpr(hasBase(PointerExprWithVirtualMethod));
+
+  const auto BinaryOperators =
+  binaryOperator(hasAnyOperatorName("+", "-", "+=", "-="),
+ hasEitherOperand(PointerExprWithVirtualMethod));
+
+  const auto UnaryOperators =
+  unaryOperator(hasAnyOperatorName("++", "--"),
+hasUnaryOperand(PointerExprWithVirtualMethod));
+
+  Finder->addMatcher(
+  expr(anyOf(ArraySubscript, BinaryOperators, UnaryOperators)), this);
+}
+