Add more tests and a comment explaining the idea behind the change.

MalavikaSamak · MalavikaSamak · commit da96efb8092a · 2025-02-24T09:42:34.000-08:00
diff --git a/clang/lib/Analysis/UnsafeBufferUsage.cpp b/clang/lib/Analysis/UnsafeBufferUsage.cpp
@@ -463,24 +463,26 @@ AST_MATCHER(ArraySubscriptExpr, isSafeArraySubscript) {
     if (ArrIdx.isNonNegative() && ArrIdx.getLimitedValue() < limit)
       return true;
   } else if (const auto *BE = dyn_cast<BinaryOperator>(IndexExpr)) {
+    // For an integer expression `e` and an integer constant `n`, `e & n` and
+    // `n & e` are bounded by `n`:
     if (BE->getOpcode() != BO_And)
       return false;
 
     const Expr *LHS = BE->getLHS();
     const Expr *RHS = BE->getRHS();
 
     if ((!LHS->isValueDependent() &&
-         LHS->EvaluateAsInt(EVResult, Finder->getASTContext())) ||
+         LHS->EvaluateAsInt(EVResult,
+                            Finder->getASTContext())) || // case: `n & e`
         (!RHS->isValueDependent() &&
-         RHS->EvaluateAsInt(EVResult, Finder->getASTContext()))) {
+         RHS->EvaluateAsInt(EVResult, Finder->getASTContext()))) { // `e & n`
       llvm::APSInt result = EVResult.Val.getInt();
       if (result.isNonNegative() && result.getLimitedValue() < limit)
         return true;
     }
     return false;
-
-  } else
-    return false;
+  }
+  return false;
 }
 
 AST_MATCHER_P(CallExpr, hasNumArgs, unsigned, Num) {
diff --git a/clang/test/SemaCXX/warn-unsafe-buffer-usage-array.cpp b/clang/test/SemaCXX/warn-unsafe-buffer-usage-array.cpp
@@ -39,11 +39,14 @@ int array[10]; // expected-warning {{'array' is an unsafe buffer that does not p
 
 void masked_idx1(unsigned long long idx, Foo f) {
   // Bitwise and operation
-  array[idx & 5] = 10; // no warning
+  array[idx & 5] = 10; // no-warning
+  array[5 &idx] = 12; // no-warning
   array[idx & 11 & 5] = 3; // no warning
   array[idx & 11] = 20; // expected-note{{used in buffer access here}}
   array[idx &=5]; // expected-note{{used in buffer access here}}
-  array[f.x & 5];
+  array[f.x & 5]; // no-warning
+  array[5 & f.x]; // no-warning
+  array[f.x & (-5)]; // expected-note{{used in buffer access here}}
 }
 
 typedef unsigned long long uint64_t;
@@ -63,7 +66,6 @@ void masked_idx_safe(unsigned long long idx) {
   array2[6 & idx & (idx + 1) & 5]; // expected-note{{used in buffer access here}}
 }
 
-
 void constant_idx_unsafe(unsigned idx) {
   int buffer[10];       // expected-warning{{'buffer' is an unsafe buffer that does not perform bounds checks}}
                         // expected-note@-1{{change type of 'buffer' to 'std::array' to label it for hardening}}
