[PATCH] D77806: [analyzer] Do not report CFError null dereference for nonnull params

Valeriy Savchenko via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Apr 10 01:03:25 PDT 2020 

vsavchenko marked 4 inline comments as done.
vsavchenko added a comment.

In D77806#1973616 <https://reviews.llvm.org/D77806#1973616>, @NoQ wrote:

> We're doing much more here than just fixing the CFError behavior; we're actually making the whole analyzer respect these annotations in top frame.
>
> Let's add checker-inspecific tests. We have a test checker `debug.ExprInspection` just for that:
>
>   // RUN: %clang_analyze_cc1 ... -analyzer-checker=debug.ExprInspection ...
>   void clang_analyzer_eval(bool);
>  
>   void foo(void *x) __attribute__((nonnull)) {
>     clang_analyzer_eval(x != nullptr); // expected-warning{{TRUE}}
>   }
>


Cool, I didn't know about that! I'll add a group of tests for user annotations then.



================
Comment at: clang/lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp:218
 
+/// We want to trust developer annotations and consider all 'nonnul' parameters
+/// as non-null indeed. Each marked parameter will get a corresponding
----------------
NoQ wrote:
> Typo :p
Whoops! It even got me a full minute or two to spot it now!


================
Comment at: clang/lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp:234
+/// \endcode
+void NonNullParamChecker::checkBeginFunction(CheckerContext &Context) const {
+  const LocationContext *LocContext = Context.getLocationContext();
----------------
NoQ wrote:
> As far as i understand, you should only do all this for //top-level// functions, i.e. the ones from which we've started the analysis. You can skip inlined functions here because a similar assumption is already made for their parameters in `checkPreCall`.
> 
> You can figure out if you're in top frame via `Context.inTopFrame()`.
Gotcha!


================
Comment at: clang/lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp:238-239
+  const Decl *FD = LocContext->getDecl();
+  // AnyCall helps us here to avoid checking for FunctionDecl and ObjCMethodDecl
+  // separately and aggregates interfaces of these classes.
+  auto AbstractCall = AnyCall::forDecl(FD);
----------------
NoQ wrote:
> Nice! Should we add new tests for ObjC method calls as well then?
Good catch!


================
Comment at: clang/test/Analysis/nonnull.cpp:28
+int globalVar = 15;
+void moreParamsThanArgs [[gnu::nonnull(2, 4)]] (int a, int *p, int b = 42, int *q = &globalVar);
+
----------------
NoQ wrote:
> C-style variadic functions are the real problem. Variadic templates are easy; they're just duplicated in the AST as many times as necessary and all the parameter declarations are in place. Default arguments are also easy; the argument expression is still present in the AST even if it's not explicitly written down at the call site. C-style variadic functions are hard because they actually have more arguments than they have parameters.
C-style variadic functions are already covered in `nonnull.m`. I added here C++-specific cases.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D77806/new/

https://reviews.llvm.org/D77806

More information about the cfe-commits mailing list