This is an archive of the discontinued LLVM Phabricator instance.

Differential D118657

[analyzer] Adds TrustReturnsNonnullChecker
ClosedPublic

Authored by t-rasmud on Jan 31 2022, 2:40 PM.

Details

Reviewers
dcoughlin
NoQ
Commits
rGfaabdfcf7f67: [analyzer] Add support for __attribute__((returns_nonnull)).
Summary

This checker adds nullability-related assumptions to methods annotated with returns_nonnull attribute.

Diff Detail

Event Timeline

t-rasmud created this revision.Jan 31 2022, 2:40 PM
Herald added subscribers: martong, JDevlieghere, mgorny. · View Herald TranscriptJan 31 2022, 2:40 PM
t-rasmud requested review of this revision.Jan 31 2022, 2:40 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 31 2022, 2:40 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
NoQ edited reviewers, added: NoQ; removed: dergachev.a.Jan 31 2022, 5:46 PM
NoQ added a subscriber: NoQ.

Lovely! I have some nits.

@NoQ is my actual account, sorry for the mess >.<

clang/lib/StaticAnalyzer/Checkers/TrustReturnsNonnullChecker.cpp
1–2

This line broke.

42

Parameter C appears to be unused.

47

Call.getDecl() has to be checked for null. Calls with null decls appear when the function being called is unknown, eg. during calls through unknown/symbolic pointer-to-function:

void test(void *(*f)(void)) {
  // will probably crash the compiler, worth a test case
  f();
}
48
if (x) {
  return true;
}
return false;

can usually be shortened to

return x;

.

NoQ retitled this revision from Adds TrustReturnsNonnullChecker to [analyzer] Adds TrustReturnsNonnullChecker.Jan 31 2022, 5:46 PM
Herald added subscribers: manas, steakhal, ASDenysPetrov and 8 others. · View Herald TranscriptJan 31 2022, 5:46 PM
Harbormaster completed remote builds in B146777: Diff 404737.Jan 31 2022, 8:32 PM
t-rasmud updated this revision to Diff 405030.Feb 1 2022, 12:00 PM

This diff addresses review comments.

Harbormaster completed remote builds in B146969: Diff 405030.Feb 1 2022, 12:01 PM
NoQ added a comment.Feb 1 2022, 12:21 PM

Great, thanks!

The phabricator expects complete patches reuploaded (i.e., diffs against main branch rather than diffs against the previous upload); but it knows how to produce patches-on-patches from complete patches through the History tab. Another reason to upload complete patches is to unconfuse pre-merge buildbots (the "Build Status: patch application failed" part).

So please re-upload and that'd be a ✅

clang/lib/StaticAnalyzer/Checkers/CMakeLists.txt
114–115 ↗(On Diff #404737)

As this checker mimics that other checker, the question inevitably arises whether the two can be merged. The other checker is currently stuffed with extra code to handle operator == which is possibly no longer necessary since D82445 provides a more general solution. I guess this could be an interesting refactoring pass.

clang/test/Analysis/test-decl-crash.cpp
6

It makes sense to put the new test into the same file given that they share the RUN: line.

t-rasmud updated this revision to Diff 405091.Feb 1 2022, 1:51 PM

This diff merges relevant test cases into one file.

Harbormaster completed remote builds in B147015: Diff 405091.Feb 1 2022, 4:27 PM
NoQ accepted this revision.Feb 1 2022, 8:20 PM

Awesome! I'll commit.

This revision is now accepted and ready to land.Feb 1 2022, 8:20 PM
This revision was landed with ongoing or failed builds.Feb 2 2022, 11:47 AM
Closed by commit rGfaabdfcf7f67: [analyzer] Add support for __attribute__((returns_nonnull)). (authored by t-rasmud, committed by dergachev.a). · Explain Why
This revision was automatically updated to reflect the committed changes.
dergachev.a added a commit: rGfaabdfcf7f67: [analyzer] Add support for __attribute__((returns_nonnull))..
Herald added a project: Restricted Project. · View Herald TranscriptFeb 2 2022, 11:47 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
NoQ mentioned this in D119270: [analyzer] Re-enables trustnonnullchecker_test and removes redundant code from TrustNonNullChecker.Feb 8 2022, 12:34 PM

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
17 lines
test/
Analysis/
8 lines

Diff 405030

clang/lib/StaticAnalyzer/Checkers/TrustReturnsNonnullChecker.cpp

//== TrustReturnsNonnullChecker.cpp --------- API nullability modeling -*- C++ //== TrustReturnsNonnullChecker.cpp --------- API nullability modeling -*- C++ -*--==//
//-*--==//
// //
NoQUnsubmitted
Not Done
ReplyInline Actions

This line broke.

NoQ: This line broke.
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This checker adds nullability-related assumptions to methods annotated with // This checker adds nullability-related assumptions to methods annotated with
// returns_nonnull attribute. // returns_nonnull attribute.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/AST/Attr.h" #include "clang/AST/Attr.h"
#include "clang/AST/Decl.h"
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
namespace { namespace {
class TrustReturnsNonnullChecker : public Checker<check::PostCall> { class TrustReturnsNonnullChecker : public Checker<check::PostCall> {
public: public:
TrustReturnsNonnullChecker(ASTContext &Ctx) {} TrustReturnsNonnullChecker(ASTContext &Ctx) {}
void checkPostCall(const CallEvent &Call, CheckerContext &C) const { void checkPostCall(const CallEvent &Call, CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
if (isNonNullPtr(Call, C)) if (isNonNullPtr(Call))
if (auto L = Call.getReturnValue().getAs<Loc>()) if (auto L = Call.getReturnValue().getAs<Loc>())
State = State->assume(*L, /*assumption=*/true); State = State->assume(*L, /*assumption=*/true);
C.addTransition(State); C.addTransition(State);
} }
private: private:
/// \returns Whether the method declaration has the attribute returns_nonnull. /// \returns Whether the method declaration has the attribute returns_nonnull.
bool isNonNullPtr(const CallEvent &Call, CheckerContext &C) const { bool isNonNullPtr(const CallEvent &Call) const {
NoQUnsubmitted
Not Done
ReplyInline Actions

Parameter C appears to be unused.

NoQ: Parameter `C` appears to be unused.
QualType ExprRetType = Call.getResultType(); QualType ExprRetType = Call.getResultType();
if (!ExprRetType->isAnyPointerType()) const Decl *CallDeclaration = Call.getDecl();
if (!ExprRetType->isAnyPointerType() || !CallDeclaration)
return false; return false;
NoQUnsubmitted
Not Done
ReplyInline Actions

Call.getDecl() has to be checked for null. Calls with null decls appear when the function being called is unknown, eg. during calls through unknown/symbolic pointer-to-function:

void test(void *(*f)(void)) {
  // will probably crash the compiler, worth a test case
  f();
}
NoQ: `Call.getDecl()` has to be checked for null. Calls with null decls appear when the function…
if (Call.getDecl()->hasAttr<ReturnsNonNullAttr>()) { return CallDeclaration->hasAttr<ReturnsNonNullAttr>();
NoQUnsubmitted
Not Done
ReplyInline Actions
if (x) {
  return true;
}
return false;

can usually be shortened to

return x;

.

NoQ: ```lang=c++ if (x) { return true; } return false; ``` can usually be shortened to ```lang=c…
return true;
}
return false;
} }
}; };
} // namespace } // namespace
void ento::registerTrustReturnsNonnullChecker(CheckerManager &Mgr) { void ento::registerTrustReturnsNonnullChecker(CheckerManager &Mgr) {
Mgr.registerChecker<TrustReturnsNonnullChecker>(Mgr.getASTContext()); Mgr.registerChecker<TrustReturnsNonnullChecker>(Mgr.getASTContext());
} }
bool ento::shouldRegisterTrustReturnsNonnullChecker(const CheckerManager &mgr) { bool ento::shouldRegisterTrustReturnsNonnullChecker(const CheckerManager &mgr) {
return true; return true;
} }

clang/test/Analysis/test-decl-crash.cpp

  • This file was added.
// RUN: %clang_analyze_cc1 -analyzer-checker=core,apiModeling.TrustReturnsNonnull -verify %s
// expected-no-diagnostics
void test(void *(*f)(void)) {
// will probably crash the compiler, worth a test case
NoQUnsubmitted
Not Done
ReplyInline Actions

It makes sense to put the new test into the same file given that they share the RUN: line.

NoQ: It makes sense to put the new test into the same file given that they share the `RUN:` line.
f();
}
No newline at end of file