[BoundsSafety][Attempt 2] Add warning diagnostics for uses of legacy bounds checks #10898
+467
−16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@swift-ci test llvm |
…bounds checks ** This is the second attempt landing this patch. This first (swiftlang#10800 4c8f6e7) failed because there was a bug. ** The bug was in `ParseBoundsSafetyNewChecksMaskFromArgs` where the call to `DiagnoseDisabledBoundsSafetyChecks` was not guarded with `DiagnoseMissingChecks`. This missing check caused diagnostics to appear when they shouldn't and caused crashes in cases where the `Diags` pointer was nullptr. --- This adds warning diagnostics when any of the new bounds checks that can be enabled with `-fbounds-safety-bringup-missing-checks=batch_0` are disabled. If all bounds checks in the batch are disabled a single diagnostic is emitted. If only some of the bounds checks in the batch are disabled then a diagnostic is emitted for each disabled bounds check. The implementation will either suggest enabling a batch of checks (e.g. `-fbounds-safety-bringup-missing-checks=batch_0`) or will suggest removing a flag that is explicitly disabling a check (e.g. `-fno-bounds-safety-bringup-missing-checks=access_size`). The current implementation supports there being multple batches of checks. However, there is currently only one batch (`batch_0`). I originally tried to emit these warnings in the frontend. Unfortunately it turns out warning suppression (i.e. `-Wno-bounds-safety-legacy-checks-enabled`) and `-Werror` don't work correctly if warnings are emitted from the frontend (rdar://152730261). To workaround this the `-fbounds-safety-bringup-missing-checks=` flags are now also parsed in the Driver and at this point (and only this point) diagnostics for missing checks are emitted. The intention is to make these warnings be errors eventually. rdar://150805550
349afa5 to
bf4fa08
Compare
delcypher
commented
Jun 25, 2025
| auto FilteredArgs = | ||
| Args.filtered(OPT_fbounds_safety_bringup_missing_checks_EQ, | ||
| OPT_fno_bounds_safety_bringup_missing_checks_EQ); | ||
| if (FilteredArgs.empty()) { | ||
| // No flags present. Use the default | ||
| return LangOptions::getDefaultBoundsSafetyNewChecksMask(); | ||
| auto Result = LangOptions::getDefaultBoundsSafetyNewChecksMask(); | ||
| if (DiagnoseMissingChecks && Diags) |
There was a problem hiding this comment.
@hnrklssn This is where the bug was in the first version. There was a missing guard for the call to DiagnoseDisabledBoundsSafetyChecks which meant if DiagnoseMissingChecks was false we'd try to diagnose the issues anyway.
There was a problem hiding this comment.
Hmm. So I think I need to write a test case for this because all the BoundsSafety tests for this passed without making this fix.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
** This is the second attempt landing this patch. This first (#10800 4c8f6e7) failed because there was a bug. **
The bug was in
ParseBoundsSafetyNewChecksMaskFromArgswhere the call toDiagnoseDisabledBoundsSafetyCheckswas not guarded withDiagnoseMissingChecks. This missing check caused diagnostics to appear when they shouldn't and caused crashes in cases where theDiagspointer was nullptr.This adds warning diagnostics when any of the new bounds checks that can be enabled with
-fbounds-safety-bringup-missing-checks=batch_0are disabled.If all bounds checks in the batch are disabled a single diagnostic is emitted. If only some of the bounds checks in the batch are disabled then a diagnostic is emitted for each disabled bounds check. The implementation will either suggest enabling a batch of checks (e.g.
-fbounds-safety-bringup-missing-checks=batch_0) or will suggest removing a flag that is explicitly disabling a check (e.g.-fno-bounds-safety-bringup-missing-checks=access_size).The current implementation supports there being multple batches of checks. However, there is currently only one batch (
batch_0).I originally tried to emit these warnings in the frontend. Unfortunately it turns out warning suppression (i.e.
-Wno-bounds-safety-legacy-checks-enabled) and-Werrordon't work correctly if warnings are emitted from the frontend (rdar://152730261). To workaround this the-fbounds-safety-bringup-missing-checks=flags are now also parsed in the Driver and at this point (and only this point) diagnostics for missing checks are emitted.The intention is to make these warnings be errors eventually.
rdar://150805550