[cfe-dev] [analyzer] Applying fixes automatically in CSA as it done in Clang Tidy

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Mon Apr 15 08:37:22 PDT 2019 

I'm still curious though - how can a path-sensitive check suggest 
anything without a high risk of suggesting a breaking or incorrect 
change? There are just too many ways of manipulating execution paths and 
events on these paths and it's very hard to figure out which specific 
modification would be the right one.

Eg., suppose you've found a division by zero bug:

   01 int foo(int x) {
   02   int y = 0;        // note: `y` is initialized to 0
   03   return x / y;   // warning: division by zero!
   04 }

What would be the fixit that you'd suggest:

   (a) initialize `y` with 1 instead,
   (b) insert `assert(y != 0 && "Don't divide by zero!")` before the 
return statement*,
   (c) return `y / x` instead?

I guess Kristoff's uninitialized field after construction checker is 
actually a good candidate for fixits: in many cases you can avoid the 
warning by initializing the field with {} (as long as it's your direct 
field and it's default-constructible). But even then, the bug may be 
worse than that, eg. it might have been in fact caused by invalid 
control flow somewhere in the constructor. Or the default constructor 
may be the wrong constructor to use even if available. I actually 
remember how in my early days i zero-initialized a field in my 
constructor and got 20 test failures simply because the garbage value 
from the stack was working much better :/ It was worth it though. So, 
yeah, i guess it's a good example of a path-sensitive check that could 
occasionally take advantage of fixits. I'd love to learn about other 
such checks or understand what do they have in common.

_____
* Bonus points for providing a similar fixit hint for:
   02   int y = -1;
   03   return x / (++y)".


On 4/15/19 7:55 AM, Kristóf Umann via cfe-dev wrote:
> Hi!
>
> As far as I know, the analyzer currently doesn't support FixIts in any 
> of the output types, unfortunately. I guess it wouldn't be too hard to 
> add it to BugReport, and let diagnostic consumers implement it on 
> their own.
>
> Cheers,
> Kristóf
>
> On Sun, 14 Apr 2019 at 16:40, Alexander Zaitsev via cfe-dev 
> <cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>> wrote:
>
>     Hello.
>
>     In Clang Tidy there is an option to apply fixes automatically if a
>     checker can suggest something. But I can't find similar
>     functionality in
>     Clang Static Analyzer (CSA).
>
>     My check is too complex to be part of Clang Tidy but I can provide to
>     user an option to fix some places automatically. Is there any
>     option to
>     do it with CSA?
>
>     Thank you.
>
>     -- 
>     Best regards,
>     Alexander Zaitsev
>
>
>     _______________________________________________
>     cfe-dev mailing list
>     cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
>     https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list