[clang] [clang-tools-extra] [clang][analyzer] Add ReportInC99AndEarlier option to DeprecatedOrUnsafeBuf… (PR #168704)

Balázs Benics via cfe-commits Fri, 09 Jan 2026 05:25:21 -0800

================
@@ -0,0 +1,120 @@
+// DEFINE: %{base_cmd} = %clang_analyze_cc1 %s \
+// DEFINE:   
-analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling
+
+// DEFINE: %{verify_flag} =
+
+// DEFINE: %{config_flag_unset} =
+// DEFINE: %{config_flag_all} = -analyzer-config 
security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportMode=all
+// DEFINE: %{config_flag_actionable} = -analyzer-config 
security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportMode=actionable
+// DEFINE: %{config_flag_c11_only} = -analyzer-config 
security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportMode=c11-only
+// DEFINE: %{config_flag} = %{config_flag_unset}
+
+// DEFINE: %{std_flag_c99} = -std=gnu99
+// DEFINE: %{std_flag_c11} = -std=gnu11
+// DEFINE: %{std_flag} = %{std_flag_c99}
+
+// DEFINE: %{annexk_defines_unset} =
+// DEFINE: %{annexk_defines_set} = -D__STDC_LIB_EXT1__=200509L 
-D__STDC_WANT_LIB_EXT1__=1
+// DEFINE: %{annexk_flag} = %{annexk_defines_unset} 
+
+// DEFINE: %{run_cmd} = %{base_cmd} %{verify_flag} %{std_flag} %{annexk_flag} 
%{config_flag}
+
+// These cases should warn
+
+// REDEFINE: %{verify_flag} = -verify=common
+// REDEFINE: %{std_flag} = %{std_flag_c99}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_all}
+// RUN: %{run_cmd}
+
+// C99 with "all" mode
+// REDEFINE: %{verify_flag} = -verify=common
+// REDEFINE: %{std_flag} = %{std_flag_c99}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_all}
+// RUN: %{run_cmd}
+
+// C11 with default mode
+// REDEFINE: %{verify_flag} = -verify=common
+// REDEFINE: %{std_flag} = %{std_flag_c11}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_unset}
+// RUN: %{run_cmd}
+
+// C11 with "all" mode
+// REDEFINE: %{verify_flag} = -verify=common
+// REDEFINE: %{std_flag} = %{std_flag_c11}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_all}
+// RUN: %{run_cmd}
+
+// C11 with "c11-only" mode
+// REDEFINE: %{verify_flag} = -verify=common
+// REDEFINE: %{std_flag} = %{std_flag_c11}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_c11_only}
+// RUN: %{run_cmd}
+
+// C11 with "actionable" mode and Annex K available
+// REDEFINE: %{verify_flag} = -verify=common
+// REDEFINE: %{std_flag} = %{std_flag_c11}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_set}
+// REDEFINE: %{config_flag} = %{config_flag_actionable}
+// RUN: %{run_cmd}
+
+// These cases should not warn
+
+// C99 with default mode
+// REDEFINE: %{verify_flag} = -verify=c99-default
+// REDEFINE: %{std_flag} = %{std_flag_c99}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_unset}
+// RUN: %{run_cmd}
+
+// C99 with "actionable" mode and no Annex K
+// REDEFINE: %{verify_flag} = -verify=c99-actionable
+// REDEFINE: %{std_flag} = %{std_flag_c99}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_actionable}
+// RUN: %{run_cmd}
+
+// C99 with "c11-only" mode
+// REDEFINE: %{verify_flag} = -verify=c99-c11only
+// REDEFINE: %{std_flag} = %{std_flag_c99}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_c11_only}
+// RUN: %{run_cmd}
+
+// C11 with "actionable" mode and no Annex K
+// REDEFINE: %{verify_flag} = -verify=c11-actionable-noannex
+// REDEFINE: %{std_flag} = %{std_flag_c11}
+// REDEFINE: %{annexk_flag} = %{annexk_defines_unset}
+// REDEFINE: %{config_flag} = %{config_flag_actionable}
+// RUN: %{run_cmd}
----------------
steakhal wrote:


I had something else in mind.
I probably messed up the translation, but you should get my intentions:
```c++
// DEFINE: %{analyze-cmd} = %clang_analyze_cc1 %s \
// DEFINE:   
-analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling

// DEFINE: %{ReportMode} = -analyzer-config 
security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportMode
// DEFINE: %{EnableAnnexK} = -D__STDC_LIB_EXT1__=200509L 
-D__STDC_WANT_LIB_EXT1__=1

// These cases should warn:
// RUN: %{analyze-cmd} -std=gnu99 %{ReportMode}=all                        
-verify=common
// RUN: %{analyze-cmd} -std=gnu11                                          
-verify=common
// RUN: %{analyze-cmd} -std=gnu11 %{ReportMode}=all                        
-verify=common
// RUN: %{analyze-cmd} -std=gnu11 %{ReportMode}=c11-only                   
-verify=common
// RUN: %{analyze-cmd} -std=gnu11 %{ReportMode}=actionable %{EnableAnnexK} 
-verify=common

// These cases should not warn:
// RUN: %{analyze-cmd} -std=gnu99 %{ReportMode}=all                        
-verify=c99-default
// RUN: %{analyze-cmd} -std=gnu99 %{ReportMode}=actionable                 
-verify=c99-actionable
// RUN: %{analyze-cmd} -std=gnu11 %{ReportMode}=actionable                 
-verify=c99-c11only
// RUN: %{analyze-cmd} -std=gnu11 %{ReportMode}=actionable                 
-verify=c11-actionable-noannex
```

The benefit is that the macros are not over engineered, but simplifies 
repetition, and what remains could be put into a nice tabular form to make the 
differences stand out.

https://github.com/llvm/llvm-project/pull/168704
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang-tools-extra] [clang][analyzer] Add ReportInC99AndEarlier option to DeprecatedOrUnsafeBuf… (PR #168704)

Reply via email to