Remove warnings from -Wchar-subscripts for known positive constants

[wheatman]

This is to address #18763

it removes warnings from using a signed char as an array bound if the char is a known positives constant.

This goes one step farther than gcc does.

For example given the following code

char upper[300];

int main() {
  upper['a'] = 'A';
  char b = 'a';
  upper[b] = 'A';
  const char c = 'a';
  upper[c] = 'A';
  constexpr char d = 'a';
  upper[d] = 'A';
  char e = -1;
  upper[e] = 'A';
  const char f = -1;
  upper[f] = 'A';
  constexpr char g = -1;
  upper[g] = 'A';
  return 1;
}

clang currently gives warnings for all cases, while gcc gives warnings for all cases except for 'a' (https://godbolt.org/z/5ahjETTv3)

with the change there is no longer any warning for 'a', 'c', or 'd'.

../test.cpp:7:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
    7 |   upper[b] = 'A';
      |        ^~
../test.cpp:13:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
   13 |   upper[e] = 'A';
      |        ^~
../test.cpp:15:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
   15 |   upper[f] = 'A';
      |        ^~
../test.cpp:17:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
   17 |   upper[g] = 'A';
      |        ^~
../test.cpp:15:3: warning: array index -1 is before the beginning of the array [-Warray-bounds]
   15 |   upper[f] = 'A';
      |   ^     ~
../test.cpp:1:1: note: array 'upper' declared here
    1 | char upper[300];
      | ^
../test.cpp:17:3: warning: array index -1 is before the beginning of the array [-Warray-bounds]
   17 |   upper[g] = 'A';
      |   ^     ~
../test.cpp:1:1: note: array 'upper' declared here
    1 | char upper[300];
      | ^
6 warnings generated.

This pull request is my first change and I would appreciate any comments or suggestions.

[llvmbot]

@llvm/pr-subscribers-clang

Author: None (wheatman)

Changes

This is to address #18763

it removes warnings from using a signed char as an array bound if the char is a known positives constant.

This goes one step farther than gcc does.

For example given the following code

char upper[300];

int main() {
  upper['a'] = 'A';
  char b = 'a';
  upper[b] = 'A';
  const char c = 'a';
  upper[c] = 'A';
  constexpr char d = 'a';
  upper[d] = 'A';
  char e = -1;
  upper[e] = 'A';
  const char f = -1;
  upper[f] = 'A';
  constexpr char g = -1;
  upper[g] = 'A';
  return 1;
}

clang currently gives warnings for all cases, while gcc gives warnings for all cases except for 'a' (https://godbolt.org/z/5ahjETTv3)

with the change there is no longer any warning for 'a', 'c', or 'd'.

../test.cpp:7:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
    7 |   upper[b] = 'A';
      |        ^~
../test.cpp:13:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
   13 |   upper[e] = 'A';
      |        ^~
../test.cpp:15:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
   15 |   upper[f] = 'A';
      |        ^~
../test.cpp:17:8: warning: array subscript is of type 'char' [-Wchar-subscripts]
   17 |   upper[g] = 'A';
      |        ^~
../test.cpp:15:3: warning: array index -1 is before the beginning of the array [-Warray-bounds]
   15 |   upper[f] = 'A';
      |   ^     ~
../test.cpp:1:1: note: array 'upper' declared here
    1 | char upper[300];
      | ^
../test.cpp:17:3: warning: array index -1 is before the beginning of the array [-Warray-bounds]
   17 |   upper[g] = 'A';
      |   ^     ~
../test.cpp:1:1: note: array 'upper' declared here
    1 | char upper[300];
      | ^
6 warnings generated.

This pull request in incomplete in that this is my first change submitted and I don't know how to add tests, any guidance on what sort of tests to add, and where to find documentation on the testing infrastructure

---

Full diff: https://github.com/llvm/llvm-project/pull/69061.diff

1 Files Affected:

• (modified) clang/lib/Sema/SemaExpr.cpp (+9-3)

diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index aa30a3a03887558..dd9ba5cecaf2404 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -6018,9 +6018,15 @@ Sema::CreateBuiltinArraySubscriptExpr(Expr *Base, SourceLocation LLoc,
                      << IndexExpr->getSourceRange());
 
   if ((IndexExpr->getType()->isSpecificBuiltinType(BuiltinType::Char_S) ||
-       IndexExpr->getType()->isSpecificBuiltinType(BuiltinType::Char_U))
-         && !IndexExpr->isTypeDependent())
-    Diag(LLoc, diag::warn_subscript_is_char) << IndexExpr->getSourceRange();
+       IndexExpr->getType()->isSpecificBuiltinType(BuiltinType::Char_U)) &&
+      !IndexExpr->isTypeDependent()) {
+    std::optional<llvm::APSInt> IntegerContantExpr =
+        IndexExpr->getIntegerConstantExpr(getASTContext());
+    if (!(IntegerContantExpr.has_value() &&
+          IntegerContantExpr.value().isNonNegative())) {
+      Diag(LLoc, diag::warn_subscript_is_char) << IndexExpr->getSourceRange();
+    }
+  }
 
   // C99 6.5.2.1p1: "shall have type "pointer to *object* type". Similarly,
   // C++ [expr.sub]p1: The type "T" shall be a completely-defined object

[shafik]

You need to make sure you tests have newlines at the end

[shafik]

Why do we exclude the signed char case?

[wheatman]

That is an interesting questions, the behavior for that was not changed.
The current behavior for explicitly signed or unsigned chars is to have no warning, only unspecified chars have warnings.

https://godbolt.org/z/7oc3ET4h4

[AaronBallman]

We rule out explicitly signed or explicitly unsigned char type because of int8_t and uint8_t because those are pretty reasonable to use as array indexes.

[AaronBallman]

Thank you for this! The changes should come with a release note in clang/docs/ReleaseNotes.rst so users know about the change in behavior.

[AaronBallman]

Suggested change

	std::optional<llvm::APSInt> IntegerContantExpr =
	IndexExpr->getIntegerConstantExpr(getASTContext());
	if (!(IntegerContantExpr.has_value() &&
	IntegerContantExpr.value().isNonNegative())) {
	Diag(LLoc, diag::warn_subscript_is_char) << IndexExpr->getSourceRange();
	}
	std::optional<llvm::APSInt> IntegerContantExpr =
	IndexExpr->getIntegerConstantExpr(getASTContext());
	if (!IntegerContantExpr.has_value() ||
	IntegerContantExpr.value().isNegative())
	Diag(LLoc, diag::warn_subscript_is_char) << IndexExpr->getSourceRange();

This performs extra work for each array subscript in the TU, but because it's limited to only array subscripts with a character type, I don't think the compile-time performance hit should be too bad, so this seems reasonable to me.

[AaronBallman]

We rule out explicitly signed or explicitly unsigned char type because of int8_t and uint8_t because those are pretty reasonable to use as array indexes.

[wheatman]

Thanks you for the comments. I made the updates and added the note in clang/docs/ReleaseNotes.rst

[github-actions]

✅ With the latest revision this PR passed the C/C++ code formatter.

[AaronBallman]

LGTM, thank you for the fix!

[wheatman]

Thank you for the review.
I don't have write access, so unless @shafik has more comments, could one of you merge it in

[wheatman]

@AaronBallman if there are no more comments, could you please merge it in

[cor3ntin]

@wheatman can you rebase again? I want to make sure CI passes before merging (and the bots were broken earlier today). Thanks.
LGTM otherwise

[wheatman]

@cor3ntin done, thanks for taking a look

[cor3ntin]

Thanks for your first contribution. Maybe the first of many :D