test/SemaCXX/warn-unsafe-buffer-usage.cpp - llvm-project/clang - Git at Google

 // RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage \
 // RUN:            -fsafe-buffer-usage-suggestions \
 // RUN:            -fblocks -include %s -verify %s

 // RUN: %clang -x c++ -fsyntax-only -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s
 // RUN: %clang_cc1 -std=c++11 -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s
 // RUN: %clang_cc1 -std=c++20 -fblocks -include %s %s 2>&1 | FileCheck --allow-empty %s
 // CHECK-NOT: [-Wunsafe-buffer-usage]

 #ifndef INCLUDED
 #define INCLUDED
 #pragma clang system_header

 // no spanification warnings for system headers
 void foo(...);  // let arguments of `foo` to hold testing expressions
 void testAsSystemHeader(char *p) {
   ++p;

   auto ap1 = p;
   auto ap2 = &p;

   foo(p[1],
       ap1[1],
       ap2[2][3]);
 }

 #else

 void testIncrement(char *p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}}
   ++p; // expected-note{{used in pointer arithmetic here}}
   p++; // expected-note{{used in pointer arithmetic here}}
   --p; // expected-note{{used in pointer arithmetic here}}
   p--; // expected-note{{used in pointer arithmetic here}}
 }

 void * voidPtrCall(void);
 char * charPtrCall(void);

 void testArraySubscripts(int idx, int *p, int **pp) {
 // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
 // expected-warning@-2{{'pp' is an unsafe pointer used for buffer access}}
   foo(p[1],             // expected-note{{used in buffer access here}}
       pp[1][1],         // expected-note{{used in buffer access here}}
                         // expected-warning@-1{{unsafe buffer access}}
       1[1[pp]],         // expected-note{{used in buffer access here}}
                         // expected-warning@-1{{unsafe buffer access}}
       1[pp][1]          // expected-note{{used in buffer access here}}
                         // expected-warning@-1{{unsafe buffer access}}
       );

   if (p[3]) {           // expected-note{{used in buffer access here}}
     void * q = p;

     foo(((int*)q)[10]); // expected-warning{{unsafe buffer access}}
   }

   foo(((int*)voidPtrCall())[3], // expected-warning{{unsafe buffer access}}
       3[(int*)voidPtrCall()],   // expected-warning{{unsafe buffer access}}
       charPtrCall()[3],         // expected-warning{{unsafe buffer access}}
       3[charPtrCall()]          // expected-warning{{unsafe buffer access}}
       );

     int a[10];          // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}
                         // expected-note@-1{{change type of 'a' to 'std::array' to label it for hardening}}
     int b[10][10];      // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}}

   foo(a[idx], idx[a],   // expected-note2{{used in buffer access here}}
       b[idx][idx + 1],  // expected-warning{{unsafe buffer access}}
                         // expected-note@-1{{used in buffer access here}}
       (idx + 1)[b][idx],// expected-warning{{unsafe buffer access}}
                         // expected-note@-1{{used in buffer access here}}
       (idx + 1)[idx[b]]);
                         // expected-warning@-1{{unsafe buffer access}}
                         // expected-note@-2{{used in buffer access here}}

   // Not to warn when index is zero
   foo(p[0], pp[0][0], 0[0[pp]], 0[pp][0],
       ((int*)voidPtrCall())[0],
       0[(int*)voidPtrCall()],
       charPtrCall()[0],
       0[charPtrCall()]
       );
 }

 void testArraySubscriptsWithAuto() {
   int a[10];
   // We do not fix a declaration if the type is `auto`. Because the actual type may change later.
   auto ap1 = a;   // expected-warning{{'ap1' is an unsafe pointer used for buffer access}}
   foo(ap1[1]);    // expected-note{{used in buffer access here}}

   // In case the type is `auto *`, we know it must be a pointer. We can fix it.
   auto * ap2 = a; // expected-warning{{'ap2' is an unsafe pointer used for buffer access}} \
                      expected-note{{change type of 'ap2' to 'std::span' to preserve bounds information}}
   foo(ap2[1]);    // expected-note{{used in buffer access here}}
 }

 void testUnevaluatedContext(int * p) {// no-warning
   foo(sizeof(p[1]),             // no-warning
       sizeof(decltype(p[1])));  // no-warning
 }

 void testQualifiedParameters(const int * p, const int * const q, const int a[10], const int b[10][10]) {
   // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
   // expected-warning@-2{{'q' is an unsafe pointer used for buffer access}}
   // expected-warning@-3{{'a' is an unsafe pointer used for buffer access}}
   // expected-warning@-4{{'b' is an unsafe pointer used for buffer access}}

   foo(p[1], 1[p], p[-1],    // expected-note3{{used in buffer access here}}
       q[1], 1[q], q[-1],    // expected-note3{{used in buffer access here}}
       a[1],                 // expected-note{{used in buffer access here}}     `a` is of pointer type
       b[1][2]               // expected-note{{used in buffer access here}}     `b[1]` is of array type
                             // expected-warning@-1{{unsafe buffer access}}
       );
 }

 struct T {
   int a[10];
   int * b;
   struct {
     int a[10];
     int * b;
   } c;
 };

 typedef struct T T_t;

 T_t funRetT();
 T_t * funRetTStar();

 void testStructMembers(struct T * sp, struct T s, T_t * sp2, T_t s2) {
   foo(sp->a[1],     // expected-warning{{unsafe buffer access}}
       sp->b[1],     // expected-warning{{unsafe buffer access}}
       sp->c.a[1],   // expected-warning{{unsafe buffer access}}
       sp->c.b[1],   // expected-warning{{unsafe buffer access}}
       s.a[1],       // expected-warning{{unsafe buffer access}}
       s.b[1],       // expected-warning{{unsafe buffer access}}
       s.c.a[1],     // expected-warning{{unsafe buffer access}}
       s.c.b[1],     // expected-warning{{unsafe buffer access}}
       sp2->a[1],    // expected-warning{{unsafe buffer access}}
       sp2->b[1],    // expected-warning{{unsafe buffer access}}
       sp2->c.a[1],  // expected-warning{{unsafe buffer access}}
       sp2->c.b[1],  // expected-warning{{unsafe buffer access}}
       s2.a[1],      // expected-warning{{unsafe buffer access}}
       s2.b[1],      // expected-warning{{unsafe buffer access}}
       s2.c.a[1],           // expected-warning{{unsafe buffer access}}
       s2.c.b[1],           // expected-warning{{unsafe buffer access}}
       funRetT().a[1],      // expected-warning{{unsafe buffer access}}
       funRetT().b[1],      // expected-warning{{unsafe buffer access}}
       funRetTStar()->a[1], // expected-warning{{unsafe buffer access}}
       funRetTStar()->b[1]  // expected-warning{{unsafe buffer access}}
       );
 }

 int garray[10];     // expected-warning{{'garray' is an unsafe buffer that does not perform bounds checks}}
 int * gp = garray;  // expected-warning{{'gp' is an unsafe pointer used for buffer access}}
 int gvar = gp[1];   // FIXME: file scope unsafe buffer access is not warned

 void testLambdaCaptureAndGlobal(int * p) {
   // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
   int a[10];              // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}

   auto Lam = [p, a](int idx) {
     return p[1]           // expected-note{{used in buffer access here}}
       + a[idx] + garray[idx]// expected-note2{{used in buffer access here}}
       + gp[1];            // expected-note{{used in buffer access here}}

   };
 }

 auto file_scope_lambda = [](int *ptr) {
   // expected-warning@-1{{'ptr' is an unsafe pointer used for buffer access}}

   ptr[5] = 10;  // expected-note{{used in buffer access here}}
 };

 void testLambdaCapture() {
   int a[10];              // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}
   int b[10];              // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}}
                           // expected-note@-1{{change type of 'b' to 'std::array' to label it for hardening}}
   int c[10];

   auto Lam1 = [a](unsigned idx) {
     return a[idx];           // expected-note{{used in buffer access here}}
   };

   auto Lam2 = [x = b[c[5]]]() { // expected-note{{used in buffer access here}}
     return x;
   };

   auto Lam = [x = c](unsigned idx) { // expected-warning{{'x' is an unsafe pointer used for buffer access}}
     return x[idx]; // expected-note{{used in buffer access here}}
   };
 }

 void testLambdaImplicitCapture(long idx) {
   int a[10];              // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}
                           // expected-note@-1{{change type of 'a' to 'std::array' to label it for hardening}}
   int b[10];              // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}}
                           // expected-note@-1{{change type of 'b' to 'std::array' to label it for hardening}}

   auto Lam1 = [=]() {
     return a[idx];           // expected-note{{used in buffer access here}}
   };

   auto Lam2 = [&]() {
     return b[idx];           // expected-note{{used in buffer access here}}
   };
 }

 typedef T_t * T_ptr_t;

 void testTypedefs(T_ptr_t p) {
   // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
   foo(p[1],       // expected-note{{used in buffer access here}}
       p[1].a[1],  // expected-note{{used in buffer access here}}
                   // expected-warning@-1{{unsafe buffer access}}
       p[1].b[1]   // expected-note{{used in buffer access here}}
                   // expected-warning@-1{{unsafe buffer access}}
       );
 }

 template<typename T, int N> T f(T t, T * pt, T a[N], T (&b)[N]) {
   // expected-warning@-1{{'t' is an unsafe pointer used for buffer access}}
   // expected-warning@-2{{'pt' is an unsafe pointer used for buffer access}}
   // expected-warning@-3{{'a' is an unsafe pointer used for buffer access}}
   // expected-warning@-4{{'b' is an unsafe buffer that does not perform bounds checks}}
   foo(pt[1],    // expected-note{{used in buffer access here}}
       a[1],     // expected-note{{used in buffer access here}}
       b[1]);    // expected-note{{used in buffer access here}}
   return &t[1]; // expected-note{{used in buffer access here}}
 }

 // Testing pointer arithmetic for pointer-to-int, qualified multi-level
 // pointer, pointer to a template type, and auto type
 T_ptr_t getPtr();

 template<typename T>
 void testPointerArithmetic(int * p, const int **q, T * x) {
 // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
 // expected-warning@-2{{'x' is an unsafe pointer used for buffer access}}
   int a[10];
   auto y = &a[0]; // expected-warning{{'y' is an unsafe pointer used for buffer access}}

   foo(p + 1, 1 + p, p - 1,      // expected-note3{{used in pointer arithmetic here}}
       *q + 1, 1 + *q, *q - 1,   // expected-warning3{{unsafe pointer arithmetic}}
       x + 1, 1 + x, x - 1,      // expected-note3{{used in pointer arithmetic here}}
       y + 1, 1 + y, y - 1,      // expected-note3{{used in pointer arithmetic here}}
       getPtr() + 1, 1 + getPtr(), getPtr() - 1 // expected-warning3{{unsafe pointer arithmetic}}
       );

   p += 1;  p -= 1;  // expected-note2{{used in pointer arithmetic here}}
   *q += 1; *q -= 1; // expected-warning2{{unsafe pointer arithmetic}}
   y += 1; y -= 1;   // expected-note2{{used in pointer arithmetic here}}
   x += 1; x -= 1;   // expected-note2{{used in pointer arithmetic here}}
 }

 void testTemplate(int * p) {
   int *a[10];
   foo(f(p, &p, a, a)[1]); // expected-warning{{unsafe buffer access}}
                           // FIXME: expected note@-1{{in instantiation of function template specialization 'f<int *, 10>' requested here}}

   const int **q = const_cast<const int **>(&p);

   testPointerArithmetic(p, q, p); //FIXME: expected note{{in instantiation of}}
 }

 void testPointerToMember() {
   struct S_t {
     int x;
     int * y;
   } S;

   int S_t::* p = &S_t::x;
   int * S_t::* q = &S_t::y;

   foo(S.*p,
       (S.*q)[1]);  // expected-warning{{unsafe buffer access}}
 }

 // test that nested callable definitions are scanned only once
 void testNestedCallableDefinition(int * p) {
   class A {
     void inner(int * p) {
       // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
       p++; // expected-note{{used in pointer arithmetic here}}
     }

     static void innerStatic(int * p) {
       // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
       p++; // expected-note{{used in pointer arithmetic here}}
     }

     void innerInner(int * p) {
       auto Lam = [p]() {
         int * q = p;    // expected-warning{{'q' is an unsafe pointer used for buffer access}}
         q++;            // expected-note{{used in pointer arithmetic here}}
         return *q;
       };
     }
   };

   auto Lam = [p]() {
     int * q = p;  // expected-warning{{'q' is an unsafe pointer used for buffer access}}
     q++;          // expected-note{{used in pointer arithmetic here}}
     return *q;
   };

   auto LamLam = [p]() {
     auto Lam = [p]() {
       int * q = p;  // expected-warning{{'q' is an unsafe pointer used for buffer access}}
       q++;          // expected-note{{used in pointer arithmetic here}}
       return *q;
     };
   };

   void (^Blk)(int*) = ^(int *p) {
     // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
     p++;   // expected-note{{used in pointer arithmetic here}}
   };

   void (^BlkBlk)(int*) = ^(int *p) {
     void (^Blk)(int*) = ^(int *p) {
       // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
       p++;   // expected-note{{used in pointer arithmetic here}}
     };
     Blk(p);
   };

   // lambda and block as call arguments...
   foo( [p]() { int * q = p; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
               q++;          // expected-note{{used in pointer arithmetic here}}
               return *q;
        },
        ^(int *p) {  // expected-warning{{'p' is an unsafe pointer used for buffer access}}
         p++;        // expected-note{{used in pointer arithmetic here}}
        }
      );
 }

 int testVariableDecls(int * p) {
   // expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
   int * q = p++;      // expected-note{{used in pointer arithmetic here}}
   int a[p[1]];        // expected-note{{used in buffer access here}}
   int b = p[1];       // expected-note{{used in buffer access here}}
   return p[1];        // expected-note{{used in buffer access here}}
 }

 template<typename T> void fArr(T t[], long long idx) {
   // expected-warning@-1{{'t' is an unsafe pointer used for buffer access}}
   foo(t[1]);    // expected-note{{used in buffer access here}}
   T ar[8];      // expected-warning{{'ar' is an unsafe buffer that does not perform bounds checks}}
                 // expected-note@-1{{change type of 'ar' to 'std::array' to label it for hardening}}
   foo(ar[idx]);   // expected-note{{used in buffer access here}}
 }

 template void fArr<int>(int t[], long long); // FIXME: expected note {{in instantiation of}}

 int testReturn(int t[]) {// expected-note{{change type of 't' to 'std::span' to preserve bounds information}}
   // expected-warning@-1{{'t' is an unsafe pointer used for buffer access}}
   return t[1]; // expected-note{{used in buffer access here}}
 }

 int testArrayAccesses(int n, int idx) {
     // auto deduced array type
     int cArr[2][3] = {{1, 2, 3}, {4, 5, 6}};
     // expected-warning@-1{{'cArr' is an unsafe buffer that does not perform bounds checks}}
     int d = cArr[0][0];
     foo(cArr[0][0]);
     foo(cArr[idx][idx + 1]);        // expected-note{{used in buffer access here}}
                                     // expected-warning@-1{{unsafe buffer access}}
     auto cPtr = cArr[idx][idx * 2]; // expected-note{{used in buffer access here}}
                                     // expected-warning@-1{{unsafe buffer access}}
     foo(cPtr);

     // Typdefs
     typedef int A[3];
     const A tArr = {4, 5, 6};
     foo(tArr[0], tArr[1]);
     return cArr[0][1];      // expected-warning{{unsafe buffer access}}
 }

 void testArrayPtrArithmetic(int x[]) { // expected-warning{{'x' is an unsafe pointer used for buffer access}}
   foo (x + 3); // expected-note{{used in pointer arithmetic here}}

   int y[3] = {0, 1, 2}; // expected-warning{{'y' is an unsafe buffer that does not perform bounds checks}}
   foo(y + 4); // expected-note{{used in pointer arithmetic here}}
 }

 void testMultiLineDeclStmt(int * p) {
   int

   *

   ap1 = p;      // expected-warning{{'ap1' is an unsafe pointer used for buffer access}} \
          	   expected-note{{change type of 'ap1' to 'std::span' to preserve bounds information}}

   foo(ap1[1]);  // expected-note{{used in buffer access here}}
 }

 #endif
	// RUN: %clang_cc1 -std=c++20 -Wno-all -Wunsafe-buffer-usage \
	// RUN: -fsafe-buffer-usage-suggestions \
	// RUN: -fblocks -include %s -verify %s

	// RUN: %clang -x c++ -fsyntax-only -fblocks -include %s %s 2>&1 \| FileCheck --allow-empty %s
	// RUN: %clang_cc1 -std=c++11 -fblocks -include %s %s 2>&1 \| FileCheck --allow-empty %s
	// RUN: %clang_cc1 -std=c++20 -fblocks -include %s %s 2>&1 \| FileCheck --allow-empty %s
	// CHECK-NOT: [-Wunsafe-buffer-usage]

	#ifndef INCLUDED
	#define INCLUDED
	#pragma clang system_header

	// no spanification warnings for system headers
	void foo(...); // let arguments of `foo` to hold testing expressions
	void testAsSystemHeader(char *p) {
	++p;

	auto ap1 = p;
	auto ap2 = &p;

	foo(p[1],
	ap1[1],
	ap2[2][3]);
	}

	#else

	void testIncrement(char *p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}}
	++p; // expected-note{{used in pointer arithmetic here}}
	p++; // expected-note{{used in pointer arithmetic here}}
	--p; // expected-note{{used in pointer arithmetic here}}
	p--; // expected-note{{used in pointer arithmetic here}}
	}

	void * voidPtrCall(void);
	char * charPtrCall(void);

	void testArraySubscripts(int idx, int p, int *pp) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	// expected-warning@-2{{'pp' is an unsafe pointer used for buffer access}}
	foo(p[1], // expected-note{{used in buffer access here}}
	pp[1][1], // expected-note{{used in buffer access here}}
	// expected-warning@-1{{unsafe buffer access}}
	1[1[pp]], // expected-note{{used in buffer access here}}
	// expected-warning@-1{{unsafe buffer access}}
	1[pp][1] // expected-note{{used in buffer access here}}
	// expected-warning@-1{{unsafe buffer access}}
	);

	if (p[3]) { // expected-note{{used in buffer access here}}
	void * q = p;

	foo(((int*)q)[10]); // expected-warning{{unsafe buffer access}}
	}

	foo(((int*)voidPtrCall())[3], // expected-warning{{unsafe buffer access}}
	3[(int*)voidPtrCall()], // expected-warning{{unsafe buffer access}}
	charPtrCall()[3], // expected-warning{{unsafe buffer access}}
	3[charPtrCall()] // expected-warning{{unsafe buffer access}}
	);

	int a[10]; // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}
	// expected-note@-1{{change type of 'a' to 'std::array' to label it for hardening}}
	int b[10][10]; // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}}

	foo(a[idx], idx[a], // expected-note2{{used in buffer access here}}
	b[idx][idx + 1], // expected-warning{{unsafe buffer access}}
	// expected-note@-1{{used in buffer access here}}
	(idx + 1)[b][idx],// expected-warning{{unsafe buffer access}}
	// expected-note@-1{{used in buffer access here}}
	(idx + 1)[idx[b]]);
	// expected-warning@-1{{unsafe buffer access}}
	// expected-note@-2{{used in buffer access here}}

	// Not to warn when index is zero
	foo(p[0], pp[0][0], 0[0[pp]], 0[pp][0],
	((int*)voidPtrCall())[0],
	0[(int*)voidPtrCall()],
	charPtrCall()[0],
	0[charPtrCall()]
	);
	}

	void testArraySubscriptsWithAuto() {
	int a[10];
	// We do not fix a declaration if the type is `auto`. Because the actual type may change later.
	auto ap1 = a; // expected-warning{{'ap1' is an unsafe pointer used for buffer access}}
	foo(ap1[1]); // expected-note{{used in buffer access here}}

	// In case the type is `auto *`, we know it must be a pointer. We can fix it.
	auto * ap2 = a; // expected-warning{{'ap2' is an unsafe pointer used for buffer access}} \
	expected-note{{change type of 'ap2' to 'std::span' to preserve bounds information}}
	foo(ap2[1]); // expected-note{{used in buffer access here}}
	}

	void testUnevaluatedContext(int * p) {// no-warning
	foo(sizeof(p[1]), // no-warning
	sizeof(decltype(p[1]))); // no-warning
	}

	void testQualifiedParameters(const int * p, const int * const q, const int a[10], const int b[10][10]) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	// expected-warning@-2{{'q' is an unsafe pointer used for buffer access}}
	// expected-warning@-3{{'a' is an unsafe pointer used for buffer access}}
	// expected-warning@-4{{'b' is an unsafe pointer used for buffer access}}

	foo(p[1], 1[p], p[-1], // expected-note3{{used in buffer access here}}
	q[1], 1[q], q[-1], // expected-note3{{used in buffer access here}}
	a[1], // expected-note{{used in buffer access here}} `a` is of pointer type
	b[1][2] // expected-note{{used in buffer access here}} `b[1]` is of array type
	// expected-warning@-1{{unsafe buffer access}}
	);
	}

	struct T {
	int a[10];
	int * b;
	struct {
	int a[10];
	int * b;
	} c;
	};

	typedef struct T T_t;

	T_t funRetT();
	T_t * funRetTStar();

	void testStructMembers(struct T * sp, struct T s, T_t * sp2, T_t s2) {
	foo(sp->a[1], // expected-warning{{unsafe buffer access}}
	sp->b[1], // expected-warning{{unsafe buffer access}}
	sp->c.a[1], // expected-warning{{unsafe buffer access}}
	sp->c.b[1], // expected-warning{{unsafe buffer access}}
	s.a[1], // expected-warning{{unsafe buffer access}}
	s.b[1], // expected-warning{{unsafe buffer access}}
	s.c.a[1], // expected-warning{{unsafe buffer access}}
	s.c.b[1], // expected-warning{{unsafe buffer access}}
	sp2->a[1], // expected-warning{{unsafe buffer access}}
	sp2->b[1], // expected-warning{{unsafe buffer access}}
	sp2->c.a[1], // expected-warning{{unsafe buffer access}}
	sp2->c.b[1], // expected-warning{{unsafe buffer access}}
	s2.a[1], // expected-warning{{unsafe buffer access}}
	s2.b[1], // expected-warning{{unsafe buffer access}}
	s2.c.a[1], // expected-warning{{unsafe buffer access}}
	s2.c.b[1], // expected-warning{{unsafe buffer access}}
	funRetT().a[1], // expected-warning{{unsafe buffer access}}
	funRetT().b[1], // expected-warning{{unsafe buffer access}}
	funRetTStar()->a[1], // expected-warning{{unsafe buffer access}}
	funRetTStar()->b[1] // expected-warning{{unsafe buffer access}}
	);
	}

	int garray[10]; // expected-warning{{'garray' is an unsafe buffer that does not perform bounds checks}}
	int * gp = garray; // expected-warning{{'gp' is an unsafe pointer used for buffer access}}
	int gvar = gp[1]; // FIXME: file scope unsafe buffer access is not warned

	void testLambdaCaptureAndGlobal(int * p) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	int a[10]; // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}

	auto Lam = [p, a](int idx) {
	return p[1] // expected-note{{used in buffer access here}}
	+ a[idx] + garray[idx]// expected-note2{{used in buffer access here}}
	+ gp[1]; // expected-note{{used in buffer access here}}

	};
	}

	auto file_scope_lambda = [](int *ptr) {
	// expected-warning@-1{{'ptr' is an unsafe pointer used for buffer access}}

	ptr[5] = 10; // expected-note{{used in buffer access here}}
	};

	void testLambdaCapture() {
	int a[10]; // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}
	int b[10]; // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}}
	// expected-note@-1{{change type of 'b' to 'std::array' to label it for hardening}}
	int c[10];

	auto Lam1 = [a](unsigned idx) {
	return a[idx]; // expected-note{{used in buffer access here}}
	};

	auto Lam2 = [x = b[c[5]]]() { // expected-note{{used in buffer access here}}
	return x;
	};

	auto Lam = [x = c](unsigned idx) { // expected-warning{{'x' is an unsafe pointer used for buffer access}}
	return x[idx]; // expected-note{{used in buffer access here}}
	};
	}

	void testLambdaImplicitCapture(long idx) {
	int a[10]; // expected-warning{{'a' is an unsafe buffer that does not perform bounds checks}}
	// expected-note@-1{{change type of 'a' to 'std::array' to label it for hardening}}
	int b[10]; // expected-warning{{'b' is an unsafe buffer that does not perform bounds checks}}
	// expected-note@-1{{change type of 'b' to 'std::array' to label it for hardening}}

	auto Lam1 = [=]() {
	return a[idx]; // expected-note{{used in buffer access here}}
	};

	auto Lam2 = [&]() {
	return b[idx]; // expected-note{{used in buffer access here}}
	};
	}

	typedef T_t * T_ptr_t;

	void testTypedefs(T_ptr_t p) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	foo(p[1], // expected-note{{used in buffer access here}}
	p[1].a[1], // expected-note{{used in buffer access here}}
	// expected-warning@-1{{unsafe buffer access}}
	p[1].b[1] // expected-note{{used in buffer access here}}
	// expected-warning@-1{{unsafe buffer access}}
	);
	}

	template<typename T, int N> T f(T t, T * pt, T a[N], T (&b)[N]) {
	// expected-warning@-1{{'t' is an unsafe pointer used for buffer access}}
	// expected-warning@-2{{'pt' is an unsafe pointer used for buffer access}}
	// expected-warning@-3{{'a' is an unsafe pointer used for buffer access}}
	// expected-warning@-4{{'b' is an unsafe buffer that does not perform bounds checks}}
	foo(pt[1], // expected-note{{used in buffer access here}}
	a[1], // expected-note{{used in buffer access here}}
	b[1]); // expected-note{{used in buffer access here}}
	return &t[1]; // expected-note{{used in buffer access here}}
	}

	// Testing pointer arithmetic for pointer-to-int, qualified multi-level
	// pointer, pointer to a template type, and auto type
	T_ptr_t getPtr();

	template<typename T>
	void testPointerArithmetic(int * p, const int *q, T x) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	// expected-warning@-2{{'x' is an unsafe pointer used for buffer access}}
	int a[10];
	auto y = &a[0]; // expected-warning{{'y' is an unsafe pointer used for buffer access}}

	foo(p + 1, 1 + p, p - 1, // expected-note3{{used in pointer arithmetic here}}
	q + 1, 1 + q, *q - 1, // expected-warning3{{unsafe pointer arithmetic}}
	x + 1, 1 + x, x - 1, // expected-note3{{used in pointer arithmetic here}}
	y + 1, 1 + y, y - 1, // expected-note3{{used in pointer arithmetic here}}
	getPtr() + 1, 1 + getPtr(), getPtr() - 1 // expected-warning3{{unsafe pointer arithmetic}}
	);

	p += 1; p -= 1; // expected-note2{{used in pointer arithmetic here}}
	q += 1; q -= 1; // expected-warning2{{unsafe pointer arithmetic}}
	y += 1; y -= 1; // expected-note2{{used in pointer arithmetic here}}
	x += 1; x -= 1; // expected-note2{{used in pointer arithmetic here}}
	}

	void testTemplate(int * p) {
	int *a[10];
	foo(f(p, &p, a, a)[1]); // expected-warning{{unsafe buffer access}}
	// FIXME: expected note@-1{{in instantiation of function template specialization 'f<int *, 10>' requested here}}

	const int q = const_cast<const int >(&p);

	testPointerArithmetic(p, q, p); //FIXME: expected note{{in instantiation of}}
	}

	void testPointerToMember() {
	struct S_t {
	int x;
	int * y;
	} S;

	int S_t::* p = &S_t::x;
	int * S_t::* q = &S_t::y;

	foo(S.*p,
	(S.*q)[1]); // expected-warning{{unsafe buffer access}}
	}

	// test that nested callable definitions are scanned only once
	void testNestedCallableDefinition(int * p) {
	class A {
	void inner(int * p) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	p++; // expected-note{{used in pointer arithmetic here}}
	}

	static void innerStatic(int * p) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	p++; // expected-note{{used in pointer arithmetic here}}
	}

	void innerInner(int * p) {
	auto Lam = [p]() {
	int * q = p; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
	q++; // expected-note{{used in pointer arithmetic here}}
	return *q;
	};
	}
	};

	auto Lam = [p]() {
	int * q = p; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
	q++; // expected-note{{used in pointer arithmetic here}}
	return *q;
	};

	auto LamLam = [p]() {
	auto Lam = [p]() {
	int * q = p; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
	q++; // expected-note{{used in pointer arithmetic here}}
	return *q;
	};
	};

	void (^Blk)(int) = ^(int p) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	p++; // expected-note{{used in pointer arithmetic here}}
	};

	void (^BlkBlk)(int) = ^(int p) {
	void (^Blk)(int) = ^(int p) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	p++; // expected-note{{used in pointer arithmetic here}}
	};
	Blk(p);
	};

	// lambda and block as call arguments...
	foo( [p]() { int * q = p; // expected-warning{{'q' is an unsafe pointer used for buffer access}}
	q++; // expected-note{{used in pointer arithmetic here}}
	return *q;
	},
	^(int *p) { // expected-warning{{'p' is an unsafe pointer used for buffer access}}
	p++; // expected-note{{used in pointer arithmetic here}}
	}
	);
	}

	int testVariableDecls(int * p) {
	// expected-warning@-1{{'p' is an unsafe pointer used for buffer access}}
	int * q = p++; // expected-note{{used in pointer arithmetic here}}
	int a[p[1]]; // expected-note{{used in buffer access here}}
	int b = p[1]; // expected-note{{used in buffer access here}}
	return p[1]; // expected-note{{used in buffer access here}}
	}

	template<typename T> void fArr(T t[], long long idx) {
	// expected-warning@-1{{'t' is an unsafe pointer used for buffer access}}
	foo(t[1]); // expected-note{{used in buffer access here}}
	T ar[8]; // expected-warning{{'ar' is an unsafe buffer that does not perform bounds checks}}
	// expected-note@-1{{change type of 'ar' to 'std::array' to label it for hardening}}
	foo(ar[idx]); // expected-note{{used in buffer access here}}
	}

	template void fArr<int>(int t[], long long); // FIXME: expected note {{in instantiation of}}

	int testReturn(int t[]) {// expected-note{{change type of 't' to 'std::span' to preserve bounds information}}
	// expected-warning@-1{{'t' is an unsafe pointer used for buffer access}}
	return t[1]; // expected-note{{used in buffer access here}}
	}

	int testArrayAccesses(int n, int idx) {
	// auto deduced array type
	int cArr[2][3] = {{1, 2, 3}, {4, 5, 6}};
	// expected-warning@-1{{'cArr' is an unsafe buffer that does not perform bounds checks}}
	int d = cArr[0][0];
	foo(cArr[0][0]);
	foo(cArr[idx][idx + 1]); // expected-note{{used in buffer access here}}
	// expected-warning@-1{{unsafe buffer access}}
	auto cPtr = cArr[idx][idx * 2]; // expected-note{{used in buffer access here}}
	// expected-warning@-1{{unsafe buffer access}}
	foo(cPtr);

	// Typdefs
	typedef int A[3];
	const A tArr = {4, 5, 6};
	foo(tArr[0], tArr[1]);
	return cArr[0][1]; // expected-warning{{unsafe buffer access}}
	}

	void testArrayPtrArithmetic(int x[]) { // expected-warning{{'x' is an unsafe pointer used for buffer access}}
	foo (x + 3); // expected-note{{used in pointer arithmetic here}}

	int y[3] = {0, 1, 2}; // expected-warning{{'y' is an unsafe buffer that does not perform bounds checks}}
	foo(y + 4); // expected-note{{used in pointer arithmetic here}}
	}

	void testMultiLineDeclStmt(int * p) {
	int

	*

	ap1 = p; // expected-warning{{'ap1' is an unsafe pointer used for buffer access}} \
	expected-note{{change type of 'ap1' to 'std::span' to preserve bounds information}}

	foo(ap1[1]); // expected-note{{used in buffer access here}}
	}

	#endif