[-Wunsafe-buffer-usage] Add unique_ptr <T[]> accesses

Author: shreya-jain

clang/lib/Analysis/UnsafeBufferUsage.cpp

@@ -1319,6 +1319,7 @@ static bool isSupportedVariable(const DeclRefExpr &Node) {
   return D != nullptr && isa<VarDecl>(D);
 }
 
+// Returns true for RecordDecl of type std::unique_ptr<T[]>
 static bool isUniquePtrArray(const CXXRecordDecl *RecordDecl) {
   if (!RecordDecl || !RecordDecl->isInStdNamespace() ||
       RecordDecl->getNameAsString() != "unique_ptr")
@@ -1343,6 +1344,7 @@ static bool isUniquePtrArray(const CXXRecordDecl *RecordDecl) {
 }
 
 class UniquePtrArrayAccessGadget : public WarningGadget {
+private:
   static constexpr const char *const AccessorTag = "unique_ptr_array_access";
   const CXXOperatorCallExpr *AccessorExpr;
 
@@ -1374,13 +1376,21 @@ class UniquePtrArrayAccessGadget : public WarningGadget {
     if (!Method)
       return false;
 
-    if (Method->getNameAsString() != "operator[]")
+    if (Method->getOverloadedOperator() != OO_Subscript)
       return false;
 
     const CXXRecordDecl *RecordDecl = Method->getParent();
     if (!isUniquePtrArray(RecordDecl))
       return false;
 
+    const Expr *IndexExpr = OpCall->getArg(1);
+    llvm::APSInt IndexValue;
+
+    // Allow [0]
+    if (IndexExpr->EvaluateAsInt(IndexValue, Ctx) && IndexValue.isZero()) {
+      return false;
+    }
+
     Result.addNode(AccessorTag, DynTypedNode::create(*OpCall));
     return true;
   }

clang/lib/Sema/AnalysisBasedWarnings.cpp

@@ -2613,10 +2613,8 @@ class UnsafeBufferUsageReporter : public UnsafeBufferUsageHandler {
     std::string Message;
 
     Loc = Node.get<Stmt>()->getBeginLoc();
-    Message = "Direct operator[] access on std::unique_ptr<T[]> is unsafe "
-              "(no bounds check).";
     S.Diag(Loc, diag::warn_unsafe_buffer_usage_unique_ptr_array_access)
-        << Message << Node.getSourceRange();
+        << Node.getSourceRange();
   }
 
   bool isSafeBufferOptOut(const SourceLocation &Loc) const override {

clang/test/SemaCXX/warn-unsafe-buffer-usage-debug-unclaimed/warn-unsafe-buffer-usage-debug-unclaimed.cpp

@@ -42,7 +42,7 @@ template <class T> class unique_ptr {
 
 void basic_unique_ptr() {
   std::unique_ptr<int[]> p1;
-  p1[0];  // expected-warning{{direct access using operator[] on std::unique_ptr<T[]> is unsafe due to lack of bounds checking}}
+  p1[1];  // expected-warning{{direct access using operator[] on std::unique_ptr<T[]> is unsafe due to lack of bounds checking}}
 }
 
 // CHECK: Root # 1

clang/test/SemaCXX/warn-unsafe-buffer-usage-unique-ptr.cpp

@@ -0,0 +1,43 @@
+// RUN: %clang_cc1 -Wno-unused-value -Wunsafe-buffer-usage -fsafe-buffer-usage-suggestions -std=c++20 -verify=expected %s
+
+// This debugging facility is only available in debug builds.
+//
+// REQUIRES: asserts
+
+namespace std {
+inline namespace __1 {
+template <class T> class unique_ptr {
+public:
+  T &operator[](long long i) const;
+};
+} // namespace __1
+} // namespace std
+
+void basic_unique_ptr() {
+  std::unique_ptr<int[]> p1;
+  int i = 2;
+
+  p1[0];  // This is allowed
+
+  p1[1];  // expected-warning{{direct access using operator[] on std::unique_ptr<T[]> is unsafe due to lack of bounds checking}}
+
+  p1[i];  // expected-warning{{direct access using operator[] on std::unique_ptr<T[]> is unsafe due to lack of bounds checking}}
+
+  p1[i + 5]; // expected-warning{{direct access using operator[] on std::unique_ptr<T[]> is unsafe due to lack of bounds checking}}
+}
+
+// CHECK: Root # 1
+// CHECK: |- DeclRefExpr # 4
+// CHECK: |-- UnaryOperator(++) # 1
+// CHECK: |--- CompoundStmt # 1
+// CHECK: |-- ImplicitCastExpr(LValueToRValue) # 1
+// CHECK: |--- BinaryOperator(+) # 1
+// CHECK: |---- ParenExpr # 1
+// CHECK: |----- BinaryOperator(+) # 1
+// CHECK: |------ ParenExpr # 1
+// CHECK: |------- UnaryOperator(*) # 1
+// CHECK: |-------- CompoundStmt # 1
+// CHECK: |-- BinaryOperator(-=) # 1
+// CHECK: |--- CompoundStmt # 1
+// CHECK: |-- UnaryOperator(--) # 1
+// CHECK: |--- CompoundStmt # 1