For most of the implicit null pointer dereferences (when a pointer is dereferenced and the static analyzer can not prove that the pointer is non null, and can not prove that the pointer is null either) the DereferenceChecker will emit an event. However in some cases (e.g. binding such pointers to references in function parameters) no event will be emitted. This patch addresses this problem by extending NonNullParamChecker to emit an event in such cases. Future checkers (listening to these events) will profit from this change. For example I am working on a checker for nullability qualifiers that depend on this patch.
Details
- Reviewers
dcoughlin krememek zaks.anna jordan_rose - Commits
- rGe9984b28ef53: [Static Analyzer] BugReporter.cpp:2869: Assertion failed: !RemainingNodes.empty…
rG8d3ad6b61715: [Static Analyzer] Make NonNullParamChecker emit implicit null dereference…
rC246188: [Static Analyzer] BugReporter.cpp:2869: Assertion failed: !RemainingNodes.empty…
rC246182: [Static Analyzer] Make NonNullParamChecker emit implicit null dereference…
rL246182: [Static Analyzer] Make NonNullParamChecker emit implicit null dereference…
Diff Detail
- Repository
- rL LLVM
Event Timeline
I believe we saw a regression in diagnostics with this modification. Gabor, do you recall what it was?
The problem here is that, this checker can emit a warning for two cases:
1, Null was bound to a reference which should be reported as a dereference
2, Null was passed to parameter that should be non-null (marked by the attribute, not the qualifier) which should be reported appropriately
Right now exactly the same event will be triggered for both cases, so the checkers that process this event has no information whether it is a dereference or a value passed to a nonnull parameter, so it can not provide appropriate diagnostic for both cases.
One possibility would be to have two separate events, the other is to have an argument to an event that determines its origin. Probably it would be better to have two separate events, since it might be confusing to have dereference in the name of the event in the second case.
What do you think?
Only send implicit dereference events, when the null pointer was bound to a reference.
Please, commit this after committing the nullability checker so that this could have tests. Two tests need to be added:
- the reference case
- the attribute nonnull case
Also, I'd suggest adding a field to ImplicitNullDerefEvent instead of creating a new event.
- Updated to latest trunk.
- Added a new field to the event with documentation.
- Rebased the patch on the top of nullability checker.
- Added covered cases to the nullability checker tests.