This is an archive of the discontinued LLVM Phabricator instance.

Differential D118657

[analyzer] Adds TrustReturnsNonnullChecker
ClosedPublic

Authored by t-rasmud on Jan 31 2022, 2:40 PM.

Details

Reviewers
dcoughlin
NoQ
Commits
rGfaabdfcf7f67: [analyzer] Add support for __attribute__((returns_nonnull)).
Summary

This checker adds nullability-related assumptions to methods annotated with returns_nonnull attribute.

Diff Detail

Event Timeline

t-rasmud created this revision.Jan 31 2022, 2:40 PM
Herald added subscribers: martong, JDevlieghere, mgorny. · View Herald TranscriptJan 31 2022, 2:40 PM
t-rasmud requested review of this revision.Jan 31 2022, 2:40 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 31 2022, 2:40 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
NoQ edited reviewers, added: NoQ; removed: dergachev.a.Jan 31 2022, 5:46 PM
NoQ added a subscriber: NoQ.

Lovely! I have some nits.

@NoQ is my actual account, sorry for the mess >.<

clang/lib/StaticAnalyzer/Checkers/TrustReturnsNonnullChecker.cpp
2–3

This line broke.

43

Parameter C appears to be unused.

48

Call.getDecl() has to be checked for null. Calls with null decls appear when the function being called is unknown, eg. during calls through unknown/symbolic pointer-to-function:

void test(void *(*f)(void)) {
  // will probably crash the compiler, worth a test case
  f();
}
49
if (x) {
  return true;
}
return false;

can usually be shortened to

return x;

.

NoQ retitled this revision from Adds TrustReturnsNonnullChecker to [analyzer] Adds TrustReturnsNonnullChecker.Jan 31 2022, 5:46 PM
Herald added subscribers: manas, steakhal, ASDenysPetrov and 8 others. · View Herald TranscriptJan 31 2022, 5:46 PM
Harbormaster completed remote builds in B146777: Diff 404737.Jan 31 2022, 8:32 PM
t-rasmud updated this revision to Diff 405030.Feb 1 2022, 12:00 PM

This diff addresses review comments.

Harbormaster completed remote builds in B146969: Diff 405030.Feb 1 2022, 12:01 PM
NoQ added a comment.Feb 1 2022, 12:21 PM

Great, thanks!

The phabricator expects complete patches reuploaded (i.e., diffs against main branch rather than diffs against the previous upload); but it knows how to produce patches-on-patches from complete patches through the History tab. Another reason to upload complete patches is to unconfuse pre-merge buildbots (the "Build Status: patch application failed" part).

So please re-upload and that'd be a ✅

clang/lib/StaticAnalyzer/Checkers/CMakeLists.txt
113–115

As this checker mimics that other checker, the question inevitably arises whether the two can be merged. The other checker is currently stuffed with extra code to handle operator == which is possibly no longer necessary since D82445 provides a more general solution. I guess this could be an interesting refactoring pass.

clang/test/Analysis/test-decl-crash.cpp
6 ↗(On Diff #405030)

It makes sense to put the new test into the same file given that they share the RUN: line.

t-rasmud updated this revision to Diff 405091.Feb 1 2022, 1:51 PM

This diff merges relevant test cases into one file.

Harbormaster completed remote builds in B147015: Diff 405091.Feb 1 2022, 4:27 PM
NoQ accepted this revision.Feb 1 2022, 8:20 PM

Awesome! I'll commit.

This revision is now accepted and ready to land.Feb 1 2022, 8:20 PM
This revision was landed with ongoing or failed builds.Feb 2 2022, 11:47 AM
Closed by commit rGfaabdfcf7f67: [analyzer] Add support for __attribute__((returns_nonnull)). (authored by t-rasmud, committed by dergachev.a). · Explain Why
This revision was automatically updated to reflect the committed changes.
dergachev.a added a commit: rGfaabdfcf7f67: [analyzer] Add support for __attribute__((returns_nonnull))..
Herald added a project: Restricted Project. · View Herald TranscriptFeb 2 2022, 11:47 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
NoQ mentioned this in D119270: [analyzer] Re-enables trustnonnullchecker_test and removes redundant code from TrustNonNullChecker.Feb 8 2022, 12:34 PM

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Checkers/
5 lines
lib/
StaticAnalyzer/
Checkers/
1 line
60 lines
test/
Analysis/
1 line
21 lines
1 line
llvm/
utils/
gn/
secondary/
clang/
lib/
StaticAnalyzer/
Checkers/
1 line

Diff 405380

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td

Show First 20 LinesShow All 370 Lines▼ Show 20 Linesdef StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">,
Documentation<NotDocumented>, Documentation<NotDocumented>,
Hidden; Hidden;
def TrustNonnullChecker : Checker<"TrustNonnull">, def TrustNonnullChecker : Checker<"TrustNonnull">,
HelpText<"Trust that returns from framework methods annotated with _Nonnull " HelpText<"Trust that returns from framework methods annotated with _Nonnull "
"are not null">, "are not null">,
Documentation<NotDocumented>; Documentation<NotDocumented>;
def TrustReturnsNonnullChecker : Checker<"TrustReturnsNonnull">,
HelpText<"Trust that returns from methods annotated with returns_nonnull "
"are not null">,
Documentation<NotDocumented>;
} // end "apiModeling" } // end "apiModeling"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Evaluate "builtin" functions. // Evaluate "builtin" functions.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
let ParentPackage = CoreBuiltin in { let ParentPackage = CoreBuiltin in {
▲ Show 20 LinesShow All 1,312 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/CMakeLists.txt

Show First 20 LinesShow All 104 Lines▼ Show 20 Linesadd_clang_library(clangStaticAnalyzerCheckers
StdLibraryFunctionsChecker.cpp StdLibraryFunctionsChecker.cpp
STLAlgorithmModeling.cpp STLAlgorithmModeling.cpp
StreamChecker.cpp StreamChecker.cpp
StringChecker.cpp StringChecker.cpp
Taint.cpp Taint.cpp
TaintTesterChecker.cpp TaintTesterChecker.cpp
TestAfterDivZeroChecker.cpp TestAfterDivZeroChecker.cpp
TraversalChecker.cpp TraversalChecker.cpp
TrustNonnullChecker.cpp TrustNonnullChecker.cpp
TrustReturnsNonnullChecker.cpp
UndefBranchChecker.cpp UndefBranchChecker.cpp
NoQUnsubmitted
Not Done
ReplyInline Actions

As this checker mimics that other checker, the question inevitably arises whether the two can be merged. The other checker is currently stuffed with extra code to handle operator == which is possibly no longer necessary since D82445 provides a more general solution. I guess this could be an interesting refactoring pass.

NoQ: As this checker mimics that other checker, the question inevitably arises whether the two can…
UndefCapturedBlockVarChecker.cpp UndefCapturedBlockVarChecker.cpp
UndefResultChecker.cpp UndefResultChecker.cpp
UndefinedArraySubscriptChecker.cpp UndefinedArraySubscriptChecker.cpp
UndefinedAssignmentChecker.cpp UndefinedAssignmentChecker.cpp
UninitializedObject/UninitializedObjectChecker.cpp UninitializedObject/UninitializedObjectChecker.cpp
UninitializedObject/UninitializedPointee.cpp UninitializedObject/UninitializedPointee.cpp
UnixAPIChecker.cpp UnixAPIChecker.cpp
UnreachableCodeChecker.cpp UnreachableCodeChecker.cpp
Show All 23 Lines

clang/lib/StaticAnalyzer/Checkers/TrustReturnsNonnullChecker.cpp

  • This file was added.
//== TrustReturnsNonnullChecker.cpp -- API nullability modeling -*- C++ -*--==//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
NoQUnsubmitted
Not Done
ReplyInline Actions

This line broke.

NoQ: This line broke.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This checker adds nullability-related assumptions to methods annotated with
// returns_nonnull attribute.
//
//===----------------------------------------------------------------------===//
#include "clang/AST/Attr.h"
#include "clang/AST/Decl.h"
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
using namespace clang;
using namespace ento;
namespace {
class TrustReturnsNonnullChecker : public Checker<check::PostCall> {
public:
TrustReturnsNonnullChecker(ASTContext &Ctx) {}
void checkPostCall(const CallEvent &Call, CheckerContext &C) const {
ProgramStateRef State = C.getState();
if (isNonNullPtr(Call))
if (auto L = Call.getReturnValue().getAs<Loc>())
State = State->assume(*L, /*assumption=*/true);
C.addTransition(State);
}
private:
/// \returns Whether the method declaration has the attribute returns_nonnull.
bool isNonNullPtr(const CallEvent &Call) const {
QualType ExprRetType = Call.getResultType();
NoQUnsubmitted
Not Done
ReplyInline Actions

Parameter C appears to be unused.

NoQ: Parameter `C` appears to be unused.
const Decl *CallDeclaration = Call.getDecl();
if (!ExprRetType->isAnyPointerType() || !CallDeclaration)
return false;
return CallDeclaration->hasAttr<ReturnsNonNullAttr>();
NoQUnsubmitted
Not Done
ReplyInline Actions

Call.getDecl() has to be checked for null. Calls with null decls appear when the function being called is unknown, eg. during calls through unknown/symbolic pointer-to-function:

void test(void *(*f)(void)) {
  // will probably crash the compiler, worth a test case
  f();
}
NoQ: `Call.getDecl()` has to be checked for null. Calls with null decls appear when the function…
}
NoQUnsubmitted
Not Done
ReplyInline Actions
if (x) {
  return true;
}
return false;

can usually be shortened to

return x;

.

NoQ: ```lang=c++ if (x) { return true; } return false; ``` can usually be shortened to ```lang=c…
};
} // namespace
void ento::registerTrustReturnsNonnullChecker(CheckerManager &Mgr) {
Mgr.registerChecker<TrustReturnsNonnullChecker>(Mgr.getASTContext());
}
bool ento::shouldRegisterTrustReturnsNonnullChecker(const CheckerManager &mgr) {
return true;
}

clang/test/Analysis/analyzer-enabled-checkers.c

// RUN: %clang --analyze %s --target=x86_64-pc-linux-gnu \ // RUN: %clang --analyze %s --target=x86_64-pc-linux-gnu \
// RUN: -Xclang -analyzer-list-enabled-checkers \ // RUN: -Xclang -analyzer-list-enabled-checkers \
// RUN: -Xclang -analyzer-display-progress \ // RUN: -Xclang -analyzer-display-progress \
// RUN: 2>&1 | FileCheck %s --implicit-check-not=ANALYZE \ // RUN: 2>&1 | FileCheck %s --implicit-check-not=ANALYZE \
// RUN: --implicit-check-not=\. // RUN: --implicit-check-not=\.
// CHECK: OVERVIEW: Clang Static Analyzer Enabled Checkers List // CHECK: OVERVIEW: Clang Static Analyzer Enabled Checkers List
// CHECK-EMPTY: // CHECK-EMPTY:
// CHECK-NEXT: core.CallAndMessageModeling // CHECK-NEXT: core.CallAndMessageModeling
// CHECK-NEXT: apiModeling.StdCLibraryFunctions // CHECK-NEXT: apiModeling.StdCLibraryFunctions
// CHECK-NEXT: apiModeling.TrustNonnull // CHECK-NEXT: apiModeling.TrustNonnull
// CHECK-NEXT: apiModeling.TrustReturnsNonnull
// CHECK-NEXT: apiModeling.llvm.CastValue // CHECK-NEXT: apiModeling.llvm.CastValue
// CHECK-NEXT: apiModeling.llvm.ReturnValue // CHECK-NEXT: apiModeling.llvm.ReturnValue
// CHECK-NEXT: core.CallAndMessage // CHECK-NEXT: core.CallAndMessage
// CHECK-NEXT: core.DivideZero // CHECK-NEXT: core.DivideZero
// CHECK-NEXT: core.DynamicTypePropagation // CHECK-NEXT: core.DynamicTypePropagation
// CHECK-NEXT: core.NonNullParamChecker // CHECK-NEXT: core.NonNullParamChecker
// CHECK-NEXT: core.NonnilStringConstants // CHECK-NEXT: core.NonnilStringConstants
// CHECK-NEXT: core.NullDereference // CHECK-NEXT: core.NullDereference
Show All 36 Lines

clang/test/Analysis/returns_nonnull-attribute.cpp

  • This file was added.
// RUN: %clang_analyze_cc1 -analyzer-checker=core,apiModeling.TrustReturnsNonnull -verify %s
int *foo() __attribute__((returns_nonnull));
int *foo_no_attribute();
int test_foo() {
int *x = foo();
if (x) {}
return *x; // no-warning
}
int test_foo_no_attribute() {
int *x = foo_no_attribute();
if (x) {}
return *x; // expected-warning{{Dereference of null pointer}}
}
void test(void *(*f)(void)) {
f(); // Shouldn't crash compiler
}

clang/test/Analysis/std-c-library-functions-arg-enabled-checkers.c

Show All 16 Lines
// CHECK-EMPTY: // CHECK-EMPTY:
// CHECK-NEXT: core.CallAndMessageModeling // CHECK-NEXT: core.CallAndMessageModeling
// CHECK-NEXT: core.CallAndMessage // CHECK-NEXT: core.CallAndMessage
// CHECK-NEXT: core.NonNullParamChecker // CHECK-NEXT: core.NonNullParamChecker
// CHECK-NEXT: alpha.unix.Stream // CHECK-NEXT: alpha.unix.Stream
// CHECK-NEXT: apiModeling.StdCLibraryFunctions // CHECK-NEXT: apiModeling.StdCLibraryFunctions
// CHECK-NEXT: alpha.unix.StdCLibraryFunctionArgs // CHECK-NEXT: alpha.unix.StdCLibraryFunctionArgs
// CHECK-NEXT: apiModeling.TrustNonnull // CHECK-NEXT: apiModeling.TrustNonnull
// CHECK-NEXT: apiModeling.TrustReturnsNonnull
// CHECK-NEXT: apiModeling.llvm.CastValue // CHECK-NEXT: apiModeling.llvm.CastValue
// CHECK-NEXT: apiModeling.llvm.ReturnValue // CHECK-NEXT: apiModeling.llvm.ReturnValue
// CHECK-NEXT: core.DivideZero // CHECK-NEXT: core.DivideZero
// CHECK-NEXT: core.DynamicTypePropagation // CHECK-NEXT: core.DynamicTypePropagation
// CHECK-NEXT: core.NonnilStringConstants // CHECK-NEXT: core.NonnilStringConstants
// CHECK-NEXT: core.NullDereference // CHECK-NEXT: core.NullDereference
// CHECK-NEXT: core.StackAddrEscapeBase // CHECK-NEXT: core.StackAddrEscapeBase
// CHECK-NEXT: core.StackAddressEscape // CHECK-NEXT: core.StackAddressEscape
Show All 34 Lines

llvm/utils/gn/secondary/clang/lib/StaticAnalyzer/Checkers/BUILD.gn

Show First 20 LinesShow All 112 Lines▼ Show 20 Lines sources = [
"StdLibraryFunctionsChecker.cpp", "StdLibraryFunctionsChecker.cpp",
"StreamChecker.cpp", "StreamChecker.cpp",
"StringChecker.cpp", "StringChecker.cpp",
"Taint.cpp", "Taint.cpp",
"TaintTesterChecker.cpp", "TaintTesterChecker.cpp",
"TestAfterDivZeroChecker.cpp", "TestAfterDivZeroChecker.cpp",
"TraversalChecker.cpp", "TraversalChecker.cpp",
"TrustNonnullChecker.cpp", "TrustNonnullChecker.cpp",
"TrustReturnsNonnullChecker.cpp",
"UndefBranchChecker.cpp", "UndefBranchChecker.cpp",
"UndefCapturedBlockVarChecker.cpp", "UndefCapturedBlockVarChecker.cpp",
"UndefResultChecker.cpp", "UndefResultChecker.cpp",
"UndefinedArraySubscriptChecker.cpp", "UndefinedArraySubscriptChecker.cpp",
"UndefinedAssignmentChecker.cpp", "UndefinedAssignmentChecker.cpp",
"UninitializedObject/UninitializedObjectChecker.cpp", "UninitializedObject/UninitializedObjectChecker.cpp",
"UninitializedObject/UninitializedPointee.cpp", "UninitializedObject/UninitializedPointee.cpp",
"UnixAPIChecker.cpp", "UnixAPIChecker.cpp",
Show All 16 Lines