This is an archive of the discontinued LLVM Phabricator instance.

Differential D156728

[Sema] Ignore nullability qualifiers when deducing types for `auto` and `__auto_type`
Needs ReviewPublic

Authored by ahatanak on Jul 31 2023, 12:30 PM.

Details

Reviewers
doug.gregor
rjmccall
Summary

Prior to https://reviews.llvm.org/D110216, the deduced types didn't inherit the nullability qualifiers of the initializer expressions. This patch restores the previous behavior.

See https://developer.apple.com/forums/thread/726000#726000021 for background.

Diff Detail

Event Timeline

ahatanak created this revision.Jul 31 2023, 12:30 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 31 2023, 12:30 PM
ahatanak requested review of this revision.Jul 31 2023, 12:30 PM
ahatanak added inline comments.Jul 31 2023, 12:36 PM
clang/lib/Sema/SemaTemplateDeduction.cpp
3885

This isn't needed to fix the test cases I added, but I think the nullability qualifiers should be stripped here regardless.

clang/test/SemaCXX/nullability.cpp
150

Note that the template parameter for foo is correctly deduced (i.e., _Nullable is ignored) without this patch.

ahatanak added a comment.Jul 31 2023, 12:38 PM

Also, _Atomic has the same problem, but it's not clear whether we want to strip the qualifiers. See https://github.com/llvm/llvm-project/issues/63659

gribozavr2 added a subscriber: gribozavr2.Jul 31 2023, 12:57 PM

I understand that this is an expedient fix that silences the warning. However, the fundamental problem is the simplistic implementation of the warning (that it is not flow-sensitive), not the inference of nullability. That is, when we are removing nullability qualifiers, we don't know whether there was a check or not. So while this change removes some false positives, it also removes some true positives.

clang/lib/Sema/SemaTemplateDeduction.cpp
3933

This comment merely duplicates the code. Please add an explanation why it is done.

Harbormaster completed remote builds in B249286: Diff 545756.Jul 31 2023, 2:11 PM
ahatanak added a comment.Jul 31 2023, 6:42 PM

I think we still need to do something like what this patch is doing (i.e., drop the nullability qualifiers) when deducing types for auto or __auto_type, assuming that's the rule we want and we want to restore the previous behavior.

I agree with you that we should make the warning flow sensitive, but I was thinking we could do that later after fixing the type deduction bug.

clang/lib/Sema/SemaTemplateDeduction.cpp
3933

I guess we were dropping the nullability qualifiers for the same reason we drop cv qualifiers. The new variable declared with auto is a separate variable, so it doesn't inherit the qualifiers the argument type.

Of course, I'm assuming that's the rule we want, but I'm not sure as nullability qualifiers aren't part of the C/C++ standards.

gribozavr2 added inline comments.Aug 4 2023, 5:01 AM
clang/lib/Sema/SemaTemplateDeduction.cpp
3933

I guess we were dropping the nullability qualifiers for the same reason we drop cv qualifiers.

I don't think that argument applies. If the null dereference warning was flow sensitive, we would want to do exactly the opposite - that is, preserve nullability qualifiers during deduction.

Revision Contents

PathSize
clang/
lib/
Sema/
7 lines
test/
Sema/
4 lines
SemaCXX/
15 lines

Diff 545756

clang/lib/Sema/SemaTemplateDeduction.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 3,873 Lines▼ Show 20 Lines
/// overloaded function set that could not be resolved. /// overloaded function set that could not be resolved.
static bool AdjustFunctionParmAndArgTypesForDeduction( static bool AdjustFunctionParmAndArgTypesForDeduction(
Sema &S, TemplateParameterList *TemplateParams, unsigned FirstInnerIndex, Sema &S, TemplateParameterList *TemplateParams, unsigned FirstInnerIndex,
QualType &ParamType, QualType &ArgType, Expr *Arg, unsigned &TDF, QualType &ParamType, QualType &ArgType, Expr *Arg, unsigned &TDF,
TemplateSpecCandidateSet *FailedTSC = nullptr) { TemplateSpecCandidateSet *FailedTSC = nullptr) {
// C++0x [temp.deduct.call]p3: // C++0x [temp.deduct.call]p3:
// If P is a cv-qualified type, the top level cv-qualifiers of P's type // If P is a cv-qualified type, the top level cv-qualifiers of P's type
// are ignored for type deduction. // are ignored for type deduction.
if (ParamType.hasQualifiers()) // Ignore top level nullability qualifiers too.
if (ParamType.hasQualifiers()) {
ParamType = ParamType.getUnqualifiedType(); ParamType = ParamType.getUnqualifiedType();
(void)AttributedType::stripOuterNullability(ParamType);
ahatanakAuthorUnsubmitted
Done
ReplyInline Actions

This isn't needed to fix the test cases I added, but I think the nullability qualifiers should be stripped here regardless.

ahatanak: This isn't needed to fix the test cases I added, but I think the nullability qualifiers should…
}
// [...] If P is a reference type, the type referred to by P is // [...] If P is a reference type, the type referred to by P is
// used for type deduction. // used for type deduction.
const ReferenceType *ParamRefType = ParamType->getAs<ReferenceType>(); const ReferenceType *ParamRefType = ParamType->getAs<ReferenceType>();
if (ParamRefType) if (ParamRefType)
ParamType = ParamRefType->getPointeeType(); ParamType = ParamRefType->getPointeeType();
// Overload sets usually make this parameter an undeduced context, // Overload sets usually make this parameter an undeduced context,
Show All 30 Lines if (ParamRefType) {
// - If A is a function type, the pointer type produced by the // - If A is a function type, the pointer type produced by the
// function-to-pointer standard conversion (4.3) is used in place // function-to-pointer standard conversion (4.3) is used in place
// of A for type deduction; otherwise, // of A for type deduction; otherwise,
if (ArgType->canDecayToPointerType()) if (ArgType->canDecayToPointerType())
ArgType = S.Context.getDecayedType(ArgType); ArgType = S.Context.getDecayedType(ArgType);
else { else {
// - If A is a cv-qualified type, the top level cv-qualifiers of A's // - If A is a cv-qualified type, the top level cv-qualifiers of A's
// type are ignored for type deduction. // type are ignored for type deduction.
// Ignore top level nullability qualifiers too.
gribozavr2Unsubmitted
Not Done
ReplyInline Actions

This comment merely duplicates the code. Please add an explanation why it is done.

gribozavr2: This comment merely duplicates the code. Please add an explanation why it is done.
ahatanakAuthorUnsubmitted
Done
ReplyInline Actions

I guess we were dropping the nullability qualifiers for the same reason we drop cv qualifiers. The new variable declared with auto is a separate variable, so it doesn't inherit the qualifiers the argument type.

Of course, I'm assuming that's the rule we want, but I'm not sure as nullability qualifiers aren't part of the C/C++ standards.

ahatanak: I guess we were dropping the nullability qualifiers for the same reason we drop cv qualifiers.
gribozavr2Unsubmitted
Not Done
ReplyInline Actions

I guess we were dropping the nullability qualifiers for the same reason we drop cv qualifiers.

I don't think that argument applies. If the null dereference warning was flow sensitive, we would want to do exactly the opposite - that is, preserve nullability qualifiers during deduction.

gribozavr2: > I guess we were dropping the nullability qualifiers for the same reason we drop cv qualifiers.
ArgType = ArgType.getUnqualifiedType(); ArgType = ArgType.getUnqualifiedType();
(void)AttributedType::stripOuterNullability(ArgType);
} }
} }
// C++0x [temp.deduct.call]p4: // C++0x [temp.deduct.call]p4:
// In general, the deduction process attempts to find template argument // In general, the deduction process attempts to find template argument
// values that will make the deduced A identical to A (after the type A // values that will make the deduced A identical to A (after the type A
// is transformed as described above). [...] // is transformed as described above). [...]
TDF = TDF_SkipNonDependent; TDF = TDF_SkipNonDependent;
▲ Show 20 LinesShow All 2,463 LinesShow Last 20 Lines

clang/test/Sema/nullability.c

Show First 20 LinesShow All 119 Lines▼ Show 20 Lines_Nonnull int *returns_int_ptr(int x) {
return (_Nonnull int *)0; return (_Nonnull int *)0;
} }
// Check nullable-to-nonnull conversions. // Check nullable-to-nonnull conversions.
void nullable_to_nonnull(_Nullable int *ptr) { void nullable_to_nonnull(_Nullable int *ptr) {
int *a = ptr; // okay int *a = ptr; // okay
_Nonnull int *b = ptr; // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nonnull'}} _Nonnull int *b = ptr; // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nonnull'}}
b = ptr; // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nonnull'}} b = ptr; // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nonnull'}}
__auto_type _Nonnull c = ptr; // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nullable _Nonnull'}} __auto_type _Nonnull c = ptr; // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nonnull'}}
accepts_nonnull_1(ptr); // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nonnull'}} accepts_nonnull_1(ptr); // expected-warning{{implicit conversion from nullable pointer 'int * _Nullable' to non-nullable pointer type 'int * _Nonnull'}}
__auto_type d = ptr; // _Nullable on ptr is ignored when d's type is deduced.
b = d; // OK.
} }
// Check nullability of conditional expressions. // Check nullability of conditional expressions.
void conditional_expr(int c) { void conditional_expr(int c) {
int * _Nonnull p; int * _Nonnull p;
int * _Nonnull nonnullP; int * _Nonnull nonnullP;
int * _Nullable nullableP; int * _Nullable nullableP;
int * _Null_unspecified unspecifiedP; int * _Null_unspecified unspecifiedP;
▲ Show 20 LinesShow All 112 LinesShow Last 20 Lines

clang/test/SemaCXX/nullability.cpp

Show First 20 LinesShow All 131 Lines▼ Show 20 Linesvoid arraysInLambdas() {
withTypedef(nullptr); // expected-warning {{null passed to a callee that requires a non-null argument}} withTypedef(nullptr); // expected-warning {{null passed to a callee that requires a non-null argument}}
auto withTypedefBad = [](INTS _Nonnull[2]) {}; // expected-error {{nullability specifier '_Nonnull' cannot be applied to non-pointer type 'INTS' (aka 'int[4]')}} auto withTypedefBad = [](INTS _Nonnull[2]) {}; // expected-error {{nullability specifier '_Nonnull' cannot be applied to non-pointer type 'INTS' (aka 'int[4]')}}
} }
void testNullabilityCompletenessWithTemplate() { void testNullabilityCompletenessWithTemplate() {
Template<int*> tip; Template<int*> tip;
} }
namespace test_auto {
template <class T>
void foo(T t) {
int * _Nonnull x = t; // OK.
}
void test(int * _Nullable ptr) {
auto b = ptr; // _Nullable on ptr is ignored when b's type is deduced.
int * _Nonnull c = b; // OK.
foo(ptr); // _Nullable on ptr is ignored when T's type is deduced.
ahatanakAuthorUnsubmitted
Done
ReplyInline Actions

Note that the template parameter for foo is correctly deduced (i.e., _Nullable is ignored) without this patch.

ahatanak: Note that the template parameter for `foo` is correctly deduced (i.e., `_Nullable` is ignored)…
}
}
namespace GH60344 { namespace GH60344 {
class a; class a;
template <typename b> using c = b _Nullable; // expected-error {{'_Nullable' cannot be applied to non-pointer type 'GH60344::a'}} template <typename b> using c = b _Nullable; // expected-error {{'_Nullable' cannot be applied to non-pointer type 'GH60344::a'}}
c<a>; // expected-note {{in instantiation of template type alias 'c' requested here}} c<a>; // expected-note {{in instantiation of template type alias 'c' requested here}}
} }