Add doc for CA2020

buyaa-n · buyaa-n · commit 581a85fad916 · 2022-10-07T11:49:49.000-07:00
diff --git a/docs/fundamentals/code-analysis/quality-rules/ca2020.md b/docs/fundamentals/code-analysis/quality-rules/ca2020.md
@@ -0,0 +1,158 @@
+---
+title: "CA2020: Prevent behavioral change caused by built-in operators of IntPtr/UIntPtr"
+description: "Learn about code analysis rule CA2020 - Some built in operators added in .NET 7 behave differently than the user defined operators in .NET 6 and below. Some operators that used to throw in unchecked context while overflowing will not throw anymore unless wrapped within checked context, and some operators that not used to throw in checked context now would throw unless wrapped within unchecked context"
+ms.date: 10/07/2022
+ms.topic: reference
+f1_keywords:
+  - PreventNumericIntPtrUIntPtrBehavioralChanges 
+  - CA2020
+helpviewer_keywords:
+  - PreventNumericIntPtrUIntPtrBehavioralChanges 
+  - CA2020
+author: buyaa-n
+---
+# CA2020: Prevent behavioral change caused by built-in operators of IntPtr/UIntPtr
+
+| | Value |
+|-|-|
+| **Rule ID** |CA2020|
+| **Category** |[Reliability](reliability-warnings.md)|
+| **Fix is breaking or non-breaking** |Non-breaking|
+
+## Cause
+
+This rule fires when it detects a behavioral change between .NET 6.0 and .NET 7.0 introduced with new built-in operators of numeric IntPtr/UIntPtr feature.
+
+## Rule description
+
+With the [numeric IntPtr feature](https://github.com/dotnet/csharplang/blob/main/proposals/csharp-11.0/numeric-intptr.md), System.IntPtr and System.UIntPtr gained some built-in operators (conversions, unary and binary). Those now might throw when overflowing within checked context or may not throw in unchecked context compared to the previous `user-defined` operators in .NET 6.0 and below, which could cause behavioral change when upgrading from .NET 6.0 and below into .NET 7.
+
+### List of APIs affected
+
+| Operator | context | in .NET 7.0 | in NET 6.0 and below | Example |
+|---|---|---|---|---|
+| operator +(IntPtr, int) | checked | throws when overflows | do not throw when overflow | `checked(intPtrVariable + 2);` |
+| operator -(IntPtr, int) | checked | throws when overflows | do not throw when overflow | `checked(intPtrVariable - 2);` |
+| explicit operator IntPtr(long) | unchecked | will not throw when overflow | could throw in 32-bit contexts | `(IntPtr)longVariable;` |
+| explicit operator void\*(IntPtr) | checked | throws when overflows | do not throw when overflow | `checked((void*)intPtrVariable);` |
+| explicit operator IntPtr(void\*) | checked | throws when overflows | do not throw when overflow | `checked((IntPtr)voidPtrVariable);` |
+| explicit operator int(IntPtr) | unchecked | will not throw when overflows | could throw in 64-bit contexts | `(int)intPtrVariable;` |
+| operator +(UIntPtr, int) | checked | throws when overflows | do not throw when overflows | `checked(uintPtrVariable + 2);` |
+| operator -(UIntPtr, int) | checked | throws when overflows | do not throw when overflows | `checked(uintPtrVariable - 2);` |
+| explicit operator UIntPtr(ulong) | unchecked | will not throw when overflows | could throw in 32-bit contexts | `(UIntPtr)uLongVariable` |
+| explicit operator uint(UIntPtr) | unchecked | will not throw when overflows | could throw in 64-bit contexts | `(uint)uintPtrVariable` |
+
+## How to fix violations
+
+Investigate the code to determine if the expression flagged could cause a behavioral change, and choose appropriate way to fix the diagnostic
+
+Fix options:
+ - If the expression would not cause a behavioral change:
+   - If the `IntPtr/UIntPtr` type used as native int/uint purpose change the type to `nint/nuint`.
+   - If the `IntPtr/UIntPtr` type used as native pointer change the type to corresponding native pointer type
+   - If you cannot change the type of the variable last resort will be suppress the warning
+ - If the expression could cause a behavioral change wrap it with corresponding `checked`/`unchecked` statement to preserve the .NET 6.0 behavior.
+
+### Example
+
+**Violation**:
+
+```csharp
+using System;
+
+public unsafe class IntPtrTest
+{
+    IntPtr intPtrVariable;
+    long longVariable;
+
+    void Test ()
+    {
+        checked
+        {
+            IntPtr result = intPtrVariable + 2; // Warns: Starting with .NET 7 the operator '+' will throw when overflowing in a checked context. Wrap the expression with an 'unchecked' statement to restore the .NET 6 behavior.
+
+            result = intPtrVariable - 2; // Starting with .NET 7 the operator '-' will throw when overflowing in a checked context. Wrap the expression with an 'unchecked' statement to restore the .NET 6 behavior.
+
+            void* voidPtrVariable = (void*)intPtrVariable; // Starting with .NET 7 the explicit conversion '(void*)IntPtr' will throw when overflowing in a checked context. Wrap the expression with an 'unchecked' statement to restore the .NET 6 behavior.
+
+            result = (IntPtr)voidPtrVariable; // Starting with .NET 7 the explicit conversion '(IntPtr)void*' will throw when overflowing in a checked context. Wrap the expression with an 'unchecked' statement to restore the .NET 6 behavior.
+        }
+
+        intPtrVariable = (IntPtr)longVariable; // Starting with .NET 7 the explicit conversion '(IntPtr)Int64' will not throw when overflowing in an unchecked context. Wrap the expression with a 'checked' statement to restore the .NET 6 behavior.
+
+        int a = (int)intPtrVariable; // Starting with .NET 7 the explicit conversion '(Int32)IntPtr' will not throw when overflowing in an unchecked context. Wrap the expression with a 'checked' statement to restore the .NET 6 behavior.
+	}
+}
+```
+
+**Fix**:
+
+- If the expression would not cause a behavioral change:
+   - If the IntPtr/UIntPtr type used as native int/uint purpose change the type to nint/nuint.
+   
+  ```csharp
+  using System;
+
+  public unsafe class IntPtrTest
+  {
+      nint intPtrVariable; // type changed to nint
+      long longVariable;
+
+      void Test ()
+      {
+          checked
+          {
+              nint result = intPtrVariable + 2; // no warning
+
+              result = intPtrVariable - 2;
+ 
+              void* voidPtrVariable = (void*)intPtrVariable;
+
+              result = (nint)voidPtrVariable;
+          }
+
+          intPtrVariable = (nint)longVariable; 
+
+          int a = (int)intPtrVariable;
+	  }
+  }
+```
+
+ - If the expression could cause a behavioral change wrap it with corresponding `checked`/`unchecked` statement to preserve the old .NET 6.0 behavior.
+
+  ```csharp
+  using System;
+
+  public unsafe class IntPtrTest
+  {
+      IntPtr intPtrVariable;
+      long longVariable;
+
+      void Test ()
+      {
+          checked
+          {
+              IntPtr result = unchecked(intPtrVariable + 2); // wrap with unchecked
+
+              result = unchecked(intPtrVariable - 2);
+
+              void* voidPtrVariable = unchecked((void*)intPtrVariable); 
+
+              result = unchecked((IntPtr)voidPtrVariable); 
+          }
+
+          intPtrVariable = checked((IntPtr)longVariable); // wrap with checked
+
+          int a = checked((int)intPtrVariable); //
+	  }
+  }
+```
+
+## When to suppress warnings
+
+If the expression would not cause a behavioral change it is safe to suppress a warning from this rule.
+
+## See also
+
+- [Reliability rules](reliability-warnings.md)
+- [numeric IntPtr feature](https://github.com/dotnet/csharplang/blob/main/proposals/csharp-11.0/numeric-intptr.md)
diff --git a/docs/fundamentals/code-analysis/quality-rules/index.md b/docs/fundamentals/code-analysis/quality-rules/index.md
@@ -159,6 +159,7 @@ The following table lists code quality analysis rules.
 > | [CA2016: Forward the CancellationToken parameter to methods that take one](ca2016.md) | Forward the `CancellationToken` parameter to methods that take one to ensure the operation cancellation notifications gets properly propagated, or pass in `CancellationToken.None` explicitly to indicate intentionally not propagating the token. |
 > | [CA2017: Parameter count mismatch](ca2017.md) | Number of parameters supplied in the logging message template do not match the number of named placeholders. |
 > | [CA2018: The `count` argument to `Buffer.BlockCopy` should specify the number of bytes to copy](ca2018.md) | When using `Buffer.BlockCopy`, the `count` argument specifies the number of bytes to copy. You should only use `Array.Length` for the `count` argument on arrays whose elements are exactly one byte in size. `byte`, `sbyte`, and `bool` arrays have elements that are one byte in size. |
+> | [CA2020: Prevent behavioral change caused by built-in operators of IntPtr/UIntPtr](ca2020.md) | Some built in operators added in .NET 7 behave differently than the user defined operators in .NET 6 and below. Some operators that used to throw in unchecked context while overflowing will not throw anymore unless wrapped within checked context, and some operators that not used to throw in checked context now would throw unless wrapped within unchecked context. |
 > | [CA2100: Review SQL queries for security vulnerabilities](ca2100.md) | A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string that is built from user input is vulnerable to SQL injection attacks. |
 > |[CA2101: Specify marshalling for P/Invoke string arguments](ca2101.md) | A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability. |
 > | [CA2109: Review visible event handlers](ca2109.md) | A public or protected event-handling method was detected. Event-handling methods should not be exposed unless absolutely necessary. |
diff --git a/docs/fundamentals/code-analysis/quality-rules/reliability-warnings.md b/docs/fundamentals/code-analysis/quality-rules/reliability-warnings.md
@@ -31,3 +31,4 @@ Reliability rules support library and application reliability, such as correct m
 |[CA2016: Forward the CancellationToken parameter to methods that take one](ca2016.md) | Forward the `CancellationToken` parameter to methods that take one to ensure the operation cancellation notifications gets properly propagated, or pass in `CancellationToken.None` explicitly to indicate intentionally not propagating the token. |
 |[CA2017: Parameter count mismatch](ca2017.md) | Number of parameters supplied in the logging message template do not match the number of named placeholders. |
 |[CA2018: The `count` argument to `Buffer.BlockCopy` should specify the number of bytes to copy](ca2018.md) | When using `Buffer.BlockCopy`, the `count` argument specifies the number of bytes to copy. You should only use `Array.Length` for the `count` argument on arrays whose elements are exactly one byte in size. `byte`, `sbyte`, and `bool` arrays have elements that are one byte in size. |
+|[CA2020: Prevent behavioral change caused by built-in operators of IntPtr/UIntPtr](ca2020.md) | Some built in operators added in .NET 7 behave differently than the user defined operators in .NET 6 and below. Some operators that used to throw in unchecked context while overflowing will not throw anymore unless wrapped within checked context, and some operators that not used to throw in checked context now would throw unless wrapped within unchecked context. |
diff --git a/docs/fundamentals/toc.yml b/docs/fundamentals/toc.yml
@@ -1147,6 +1147,8 @@ items:
             href: code-analysis/quality-rules/ca2017.md
           - name: CA2018
             href: code-analysis/quality-rules/ca2018.md
+          - name: CA2020
+            href: code-analysis/quality-rules/ca2020.md
         - name: Security rules
           items:
           - name: Overview
