This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang-tools-extra/
-
clang-tidy/utils/
-
utils/
7/7
ExceptionAnalyzer.cpp
-
docs/
-
ReleaseNotes.rst
-
test/clang-tidy/checkers/bugprone/
-
clang-tidy/
-
checkers/
-
bugprone/
-
exception-escape.cpp

Differential D153458

[clang-tidy] Model noexcept more properly in bugprone-exception-escape
ClosedPublic

Authored by PiotrZSL on Jun 21 2023, 12:50 PM.

Download Raw Diff

Details

Reviewers

njames93
carlosgalvezp
isuckatcs
JonasToth
baloghadamsoftware

Commits

rG27245077643a: [clang-tidy] Model noexcept more properly in bugprone-exception-escape

Summary

During call stack analysis skip called noexcept functions
as they wont throw exceptions, they will crash.
Check will emit warnings for those functions separately.

Fixes: #43667, #49151, #51596, #54668, #54956

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

PiotrZSL created this revision.Jun 21 2023, 12:50 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 21 2023, 12:50 PM

Herald added a subscriber: xazax.hun. · View Herald Transcript

PiotrZSL requested review of this revision.Jun 21 2023, 12:50 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 21 2023, 12:50 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Harbormaster completed remote builds in B240325: Diff 533364.Jun 21 2023, 1:16 PM

isuckatcs added inline comments.Jun 23 2023, 12:02 PM

clang-tools-extra/clang-tidy/utils/ExceptionAnalyzer.cpp
319	Put this in the anonymous namespace above please to remain consistent.
453	Is `cannotThrow(Func)` really needed here? Isn't it possible to bail out after the body of the function has been analyzed? I understand that you want to prevent some recursive calls and bail out early, but I don't think that it worths adding some additional logic, which is not needed anyway. If you really want to optimize this or you're worried about stack overflows, consider rewriting the recursive solution to an iterative one.

PiotrZSL added inline comments.Jun 23 2023, 12:25 PM

clang-tools-extra/clang-tidy/utils/ExceptionAnalyzer.cpp
319	well, llvm style require `static`, if we want to be consistent, I can change all other into static later.
453	Yes, it should be here because it's called in 3 places so that an best place to put it. It's not about recursion or performance, it's already exist and I simply do no change it. Simply if we analyse callExpr to function/destructor/constructor/... and that FunctionDecl is noexcept, then we should jump to that function and analyse statements in that function body at all. And this is what is done here. If this isn't first function `!CallStack.empty()` (aka: call from check code), and it's `noexcept`, then assume that it cannot throw and do not go deeper.

Ping

Looks good, great to see all these issues fixed! Have a couple small comments.

clang-tools-extra/clang-tidy/utils/ExceptionAnalyzer.cpp
319	Nit: I personally find it more readable as "canThrow". People with issues reading double negations will probably appreciate that too :) But if you strongly prefer this name I won't oppose.
330–332	Would be good to write a small comment documenting this logic.
332	Would be good to use the syntax `/* Parameter = */true` to document what this magic `true` means.

Fix review comments

Harbormaster completed remote builds in B245694: Diff 540823.Jul 16 2023, 12:22 PM

LGTM, thanks!

This revision is now accepted and ready to land.Jul 17 2023, 4:02 AM

Closed by commit rG27245077643a: [clang-tidy] Model noexcept more properly in bugprone-exception-escape (authored by PiotrZSL). · Explain WhyJul 17 2023, 8:59 AM

This revision was automatically updated to reflect the committed changes.

PiotrZSL added a commit: rG27245077643a: [clang-tidy] Model noexcept more properly in bugprone-exception-escape.

Revision Contents

Path

Size

clang-tools-extra/

clang-tidy/

utils/

ExceptionAnalyzer.cpp

30 lines

docs/

ReleaseNotes.rst

3 lines

test/

clang-tidy/

checkers/

bugprone/

exception-escape.cpp

37 lines

Diff 541077

clang-tools-extra/clang-tidy/utils/ExceptionAnalyzer.cpp

Show First 20 Lines • Show All 310 Lines • ▼ Show 20 Lines	bool isQualificationConvertiblePointer(QualType From, QualType To,
// We hit U.		// We hit U.
if (!SatisfiesCVRules(From, To))		if (!SatisfiesCVRules(From, To))
return false;		return false;

return From.getTypePtr() == To.getTypePtr();		return From.getTypePtr() == To.getTypePtr();
}		}
} // namespace		} // namespace

		static bool canThrow(const FunctionDecl *Func) {
		isuckatcsUnsubmitted Done Reply Inline Actions Put this in the anonymous namespace above please to remain consistent. isuckatcs: Put this in the anonymous namespace above please to remain consistent.
		PiotrZSLAuthorUnsubmitted Done Reply Inline Actions well, llvm style require `static`, if we want to be consistent, I can change all other into static later. PiotrZSL: well, llvm style require `static`, if we want to be consistent, I can change all other into…
		carlosgalvezpUnsubmitted Done Reply Inline Actions Nit: I personally find it more readable as "canThrow". People with issues reading double negations will probably appreciate that too :) But if you strongly prefer this name I won't oppose. carlosgalvezp: Nit: I personally find it more readable as "canThrow". People with issues reading double…
		const auto *FunProto = Func->getType()->getAs<FunctionProtoType>();
		if (!FunProto)
		return true;

		switch (FunProto->canThrow()) {
		case CT_Cannot:
		return false;
		case CT_Dependent: {
		const Expr *NoexceptExpr = FunProto->getNoexceptExpr();
		if (!NoexceptExpr)
		return true; // no noexept - can throw

		if (NoexceptExpr->isValueDependent())
		carlosgalvezpUnsubmitted Done Reply Inline Actions Would be good to write a small comment documenting this logic. carlosgalvezp: Would be good to write a small comment documenting this logic.
		carlosgalvezpUnsubmitted Done Reply Inline Actions Would be good to use the syntax `/* Parameter = /true` to document what this magic `true` means. carlosgalvezp:* Would be good to use the syntax `/* Parameter = */true` to document what this magic `true`…
		return true; // depend on template - some instance can throw

		bool Result = false;
		if (!NoexceptExpr->EvaluateAsBooleanCondition(Result, Func->getASTContext(),
		/InConstantContext=/true))
		return true; // complex X condition in noexcept(X), cannot validate,
		// assume that may throw
		return !Result; // noexcept(false) - can throw
		}
		default:
		return true;
		};
		}

bool ExceptionAnalyzer::ExceptionInfo::filterByCatch(		bool ExceptionAnalyzer::ExceptionInfo::filterByCatch(
const Type *HandlerTy, const ASTContext &Context) {		const Type *HandlerTy, const ASTContext &Context) {
llvm::SmallVector<const Type *, 8> TypesToDelete;		llvm::SmallVector<const Type *, 8> TypesToDelete;
for (const Type *ExceptionTy : ThrownExceptions) {		for (const Type *ExceptionTy : ThrownExceptions) {
CanQualType ExceptionCanTy = ExceptionTy->getCanonicalTypeUnqualified();		CanQualType ExceptionCanTy = ExceptionTy->getCanonicalTypeUnqualified();
CanQualType HandlerCanTy = HandlerTy->getCanonicalTypeUnqualified();		CanQualType HandlerCanTy = HandlerTy->getCanonicalTypeUnqualified();

// The handler is of type cv T or cv T& and E and T are the same type		// The handler is of type cv T or cv T& and E and T are the same type
▲ Show 20 Lines • Show All 89 Lines • ▼ Show 20 Lines	else
Behaviour = State::NotThrowing;		Behaviour = State::NotThrowing;
else		else
Behaviour = State::Throwing;		Behaviour = State::Throwing;
}		}

ExceptionAnalyzer::ExceptionInfo ExceptionAnalyzer::throwsException(		ExceptionAnalyzer::ExceptionInfo ExceptionAnalyzer::throwsException(
const FunctionDecl *Func, const ExceptionInfo::Throwables &Caught,		const FunctionDecl *Func, const ExceptionInfo::Throwables &Caught,
llvm::SmallSet<const FunctionDecl *, 32> &CallStack) {		llvm::SmallSet<const FunctionDecl *, 32> &CallStack) {
if (CallStack.count(Func))		if (!Func \|\| CallStack.count(Func) \|\| (!CallStack.empty() && !canThrow(Func)))
return ExceptionInfo::createNonThrowing();		return ExceptionInfo::createNonThrowing();
		isuckatcsUnsubmitted Done Reply Inline Actions Is `cannotThrow(Func)` really needed here? Isn't it possible to bail out after the body of the function has been analyzed? I understand that you want to prevent some recursive calls and bail out early, but I don't think that it worths adding some additional logic, which is not needed anyway. If you really want to optimize this or you're worried about stack overflows, consider rewriting the recursive solution to an iterative one. isuckatcs: Is `cannotThrow(Func)` really needed here? Isn't it possible to bail out after the body of the…
		PiotrZSLAuthorUnsubmitted Done Reply Inline Actions Yes, it should be here because it's called in 3 places so that an best place to put it. It's not about recursion or performance, it's already exist and I simply do no change it. Simply if we analyse callExpr to function/destructor/constructor/... and that FunctionDecl is noexcept, then we should jump to that function and analyse statements in that function body at all. And this is what is done here. If this isn't first function `!CallStack.empty()` (aka: call from check code), and it's `noexcept`, then assume that it cannot throw and do not go deeper. PiotrZSL: Yes, it should be here because it's called in 3 places so that an best place to put it. It's…

if (const Stmt *Body = Func->getBody()) {		if (const Stmt *Body = Func->getBody()) {
CallStack.insert(Func);		CallStack.insert(Func);
ExceptionInfo Result = throwsException(Body, Caught, CallStack);		ExceptionInfo Result = throwsException(Body, Caught, CallStack);

// For a constructor, we also have to check the initializers.		// For a constructor, we also have to check the initializers.
if (const auto *Ctor = dyn_cast<CXXConstructorDecl>(Func)) {		if (const auto *Ctor = dyn_cast<CXXConstructorDecl>(Func)) {
for (const CXXCtorInitializer *Init : Ctor->inits()) {		for (const CXXCtorInitializer *Init : Ctor->inits()) {
▲ Show 20 Lines • Show All 171 Lines • Show Last 20 Lines

clang-tools-extra/docs/ReleaseNotes.rst

	Show First 20 Lines • Show All 269 Lines • ▼ Show 20 Lines

	- Deprecated check-local options `HeaderFileExtensions`			- Deprecated check-local options `HeaderFileExtensions`
	in :doc:`bugprone-dynamic-static-initializers			in :doc:`bugprone-dynamic-static-initializers
	<clang-tidy/checks/bugprone/dynamic-static-initializers>` check.			<clang-tidy/checks/bugprone/dynamic-static-initializers>` check.
	Global options of the same name should be used instead.			Global options of the same name should be used instead.

	- Improved :doc:`bugprone-exception-escape			- Improved :doc:`bugprone-exception-escape
	<clang-tidy/checks/bugprone/exception-escape>` to not emit warnings for			<clang-tidy/checks/bugprone/exception-escape>` to not emit warnings for
	forward declarations of functions.			forward declarations of functions and additionally modified it to skip
				``noexcept`` functions during call stack analysis.

	- Fixed :doc:`bugprone-exception-escape<clang-tidy/checks/bugprone/exception-escape>`			- Fixed :doc:`bugprone-exception-escape<clang-tidy/checks/bugprone/exception-escape>`
	for coroutines where previously a warning would be emitted with coroutines			for coroutines where previously a warning would be emitted with coroutines
	throwing exceptions in their bodies.			throwing exceptions in their bodies.

	- Improved :doc:`bugprone-fold-init-type			- Improved :doc:`bugprone-fold-init-type
	<clang-tidy/checks/bugprone/fold-init-type>` to handle iterators that do not			<clang-tidy/checks/bugprone/fold-init-type>` to handle iterators that do not
	define `value_type` type aliases.			define `value_type` type aliases.
	▲ Show 20 Lines • Show All 246 Lines • Show Last 20 Lines

clang-tools-extra/test/clang-tidy/checkers/bugprone/exception-escape.cpp

Show First 20 Lines • Show All 146 Lines • ▼ Show 20 Lines	void throw_catch_multi_ptr_4() noexcept {
try {		try {
char **p = 0;		char **p = 0;
throw p;		throw p;
} catch (volatile const char const ) {		} catch (volatile const char const ) {
}		}
}		}

// FIXME: In this case 'a' is convertible to the handler and should be caught		// FIXME: In this case 'a' is convertible to the handler and should be caught
// but in reality it's thrown. Note that clang doesn't report a warning for		// but in reality it's thrown. Note that clang doesn't report a warning for
// this either.		// this either.
void throw_catch_multi_ptr_5() noexcept {		void throw_catch_multi_ptr_5() noexcept {
try {		try {
double *a[2][3];		double *a[2][3];
throw a;		throw a;
} catch (double ()[3]) {		} catch (double ()[3]) {
}		}
}		}
▲ Show 20 Lines • Show All 80 Lines • ▼ Show 20 Lines	try {
throw derived();		throw derived();
} catch(alias &) {		} catch(alias &) {
}		}
}		}

void throw_derived_catch_base_ptr_c() noexcept {		void throw_derived_catch_base_ptr_c() noexcept {
try {		try {
derived d;		derived d;
throw &d;		throw &d;
} catch(const base *) {		} catch(const base *) {
}		}
}		}

void throw_derived_catch_base_ptr() noexcept {		void throw_derived_catch_base_ptr() noexcept {
// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_ptr' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_ptr' which should not throw exceptions
try {		try {
derived d;		derived d;
const derived *p = &d;		const derived *p = &d;
throw p;		throw p;
} catch(base *) {		} catch(base *) {
}		}
}		}

class A {};		class A {};
class B : A {};		class B : A {};

// The following alias hell is deliberately created for testing.		// The following alias hell is deliberately created for testing.
using aliasedA = A;		using aliasedA = A;
class C : protected aliasedA {};		class C : protected aliasedA {};

typedef aliasedA moreAliasedA;		typedef aliasedA moreAliasedA;
class D : public moreAliasedA {};		class D : public moreAliasedA {};

using moreMoreAliasedA = moreAliasedA;		using moreMoreAliasedA = moreAliasedA;
using aliasedD = D;		using aliasedD = D;
class E : public moreMoreAliasedA, public aliasedD {};		class E : public moreMoreAliasedA, public aliasedD {};

void throw_derived_catch_base_private() noexcept {		void throw_derived_catch_base_private() noexcept {
// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_private' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_private' which should not throw exceptions
try {		try {
B b;		B b;
throw b;		throw b;
} catch(A) {		} catch(A) {
}		}
}		}

void throw_derived_catch_base_private_ptr() noexcept {		void throw_derived_catch_base_private_ptr() noexcept {
// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_private_ptr' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_private_ptr' which should not throw exceptions
try {		try {
B b;		B b;
throw &b;		throw &b;
} catch(A *) {		} catch(A *) {
}		}
}		}

void throw_derived_catch_base_protected() noexcept {		void throw_derived_catch_base_protected() noexcept {
// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_protected' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_protected' which should not throw exceptions
try {		try {
C c;		C c;
throw c;		throw c;
} catch(A) {		} catch(A) {
}		}
}		}

void throw_derived_catch_base_protected_ptr() noexcept {		void throw_derived_catch_base_protected_ptr() noexcept {
// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_protected_ptr' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_protected_ptr' which should not throw exceptions
try {		try {
C c;		C c;
throw &c;		throw &c;
} catch(A *) {		} catch(A *) {
}		}
}		}

void throw_derived_catch_base_ambiguous() noexcept {		void throw_derived_catch_base_ambiguous() noexcept {
// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_ambiguous' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_ambiguous' which should not throw exceptions
try {		try {
E e;		E e;
throw e;		throw e;
} catch(A) {		} catch(A) {
}		}
}		}

void throw_derived_catch_base_ambiguous_ptr() noexcept {		void throw_derived_catch_base_ambiguous_ptr() noexcept {
// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_ambiguous_ptr' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'throw_derived_catch_base_ambiguous_ptr' which should not throw exceptions
try {		try {
E e;		E e;
throw e;		throw e;
} catch(A) {		} catch(A) {
}		}
}		}

void throw_alias_catch_original() noexcept {		void throw_alias_catch_original() noexcept {
using alias = int;		using alias = int;

try {		try {
▲ Show 20 Lines • Show All 359 Lines • ▼ Show 20 Lines	struct in_class_init_throws {
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: an exception may be thrown in function 'in_class_init_throws' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: an exception may be thrown in function 'in_class_init_throws' which should not throw exceptions
};		};

int main() {		int main() {
// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: an exception may be thrown in function 'main' which should not throw exceptions		// CHECK-MESSAGES: :[[@LINE-1]]:5: warning: an exception may be thrown in function 'main' which should not throw exceptions
throw 1;		throw 1;
return 0;		return 0;
}		}

		// The following function all incorrectly throw exceptions, but calling them
		// should not yield a warning because they are marked as noexcept.

		void test_basic_no_throw() noexcept { throw 42; }
		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'test_basic_no_throw' which should not throw exceptions

		void test_basic_throw() noexcept(false) { throw 42; }

		void only_calls_non_throwing() noexcept {
		test_basic_no_throw();
		}

		void calls_non_and_throwing() noexcept {
		// CHECK-MESSAGES: :[[@LINE-1]]:6: warning: an exception may be thrown in function 'calls_non_and_throwing' which should not throw exceptions
		test_basic_no_throw();
		test_basic_throw();
		}