[cfe-dev] Reporting false positives detected by Clang staticanalyzer

Apelete Seketeli via cfe-dev cfe-dev at lists.llvm.org
Fri Apr 8 17:07:49 PDT 2016


On Fri, Apr-08-2016 at 11:08:02 AM -0700, Devin Coughlin wrote:
> 
> Just to be clear, unlike many verification tools, the analyzer doesn’t “check” asserts. In verification-speak, it treats an assert like an assume. That is, if you have:
> 
> 1: int *x = NULL;
> 2: assert(x != NULL);
> 3: *x = 7;
> 
> The analyzer will *not* warn that the assertion will definitely fail at line 2.

This is exactly one kind of situation where I would like to add some
suppression mechanism.

Speaking of custom assertion handlers and their specific suppression
mechanism ('noreturn' and 'analyzer_noreturn' attributes), documentation says:

"Note that, currently, clang does not support these attributes on
Objective-C methods and C++ methods."

Does the above statement still hold true at the moment ?
I found custom assertion handlers defined as C++ methods and not being
able to suppress the analyzer warnings would be a pity.
How hard would it be to extend the aforementioned attributes to C++
methods if needed ?

> Instead, because assert(condition) is typically defined as a macro to expand to something like:
> 
> if (!condition) {
>   ...
>   exit(-1);
> }
> 
> The assert will cause the analyzer to explore two paths: one where the condition doesn’t hold and exit() is called and one where the condition is assumed to hold and execution continues.
> 
> As Artem described, the analyzer will stop exploring the exit() path because exit() is noreturn.  But in this case, the analyzer will also stop exploring the path where the condition holds (i.e., x != NULL). This is because along that path the analyzer also knows x == NULL (from line 1).  This is a contradiction, which the analyzer interprets to mean the path is infeasible and so it will stop exploring this path as well. Ultimately this means the analyzer will not warn about the null pointer dereference at line 3.
> 
> By the way, there is a webpage describing how the analyzer deals with custom assertions at <http://clang-analyzer.llvm.org/annotations.html#custom_assertions>.

Very informative indeed, thank you very much for the insight.

Cheers.
-- 
        Apelete



More information about the cfe-dev mailing list