This is an archive of the discontinued LLVM Phabricator instance.

Differential D19084

[scan-build] fix warnings emitted on Clang AST code base
Needs ReviewPublic

Authored by apelete on Apr 13 2016, 4:52 PM.

Download Raw Diff

Details

Reviewers

klimek
rtrieu
rsmith
doug.gregor

Summary

This path fixes the following warnings that were reported while
running Clang Static Analyzer on Clang code base:

API: argument with 'nonnull' attribute passed null, on file:

lib/AST/NestedNameSpecifier.cpp.

Logic error: called C++ object pointer is null, on files:

lib/AST/ASTDiagnostic.cpp,
lib/AST/ExprConstant.cpp,
lib/AST/DeclObjC.cpp.

Signed-off-by: Apelete Seketeli <apelete@seketeli.net>

Diff Detail

Event Timeline

apelete updated this revision to Diff 53642.Apr 13 2016, 4:52 PM

apelete retitled this revision from to [clang-analyzer] fix warnings emitted on clang code base.

apelete updated this object.

apelete added a subscriber: cfe-commits.

Ping :).
Can someone help this one find its way into he main repo ?

apelete added reviewers: klimek, rsmith.Apr 19 2016, 1:35 PM

[clang-analyzer] fix warnings emitted on clang code base

Changes since last revision:

fast forward rebase on git master branch.

Waiting for review, could someone please have a look at this one ?

[scan-build] fix warnings emitted on Clang AST code base

Changes since last revision:

split patch into AST changes unit to ease review process.

apelete retitled this revision from [clang-analyzer] fix warnings emitted on clang code base to [scan-build] fix warnings emitted on Clang AST code base .May 5 2016, 2:25 AM

apelete updated this object.

apelete edited reviewers, added: rtrieu, doug.gregor; removed: rjmccall.

apelete mentioned this in D19278: [scan-build] fix warnings emitted on Clang Sema code base.May 5 2016, 2:57 AM

dblaikie added a subscriber: dblaikie.May 5 2016, 10:44 AM

dblaikie added inline comments.

lib/AST/ASTDiagnostic.cpp
1686–1688	Should this be a condition, or just an assertion?
lib/AST/ExprConstant.cpp
1992	Does the static analyzer assume any pointer parameter may be null? (I didn't think it did that - I thought it only assumed it could be null if there was a null test somewhere in the function?) That seems a bit too pessimistic in most codebases, especially LLVM - we pass a lot of non-null pointers around.
lib/AST/NestedNameSpecifier.cpp
460	Again, is this assuming that the Buffer parameter may be null? That seems unlikely to be useful in the LLVM codebase where we have lots of guaranteed non-null pointers floating around (I'm surprised this wouldn't cause tons of analyzer warnings, so presumably it's something more subtle?)

rtrieu added inline comments.May 5 2016, 2:22 PM

lib/AST/ASTDiagnostic.cpp
1686–1688	This should be an assertion. Same == true implies FromTD and ToTD are not null.

apelete added inline comments.May 12 2016, 10:07 AM

lib/AST/ASTDiagnostic.cpp
1686–1688	What do you mean by "This should be an assertion" ? There's already an assertion on FromTD and ToTD values at the beginning of PrintTemplateTemplate() so duplicating it here didn't make sense to me: should I replace the if() with an assertion anyway ?
lib/AST/ExprConstant.cpp
1992	Not all pointer parameters trigger a warning during static analysis of Clang codebase, but for the ones that do the reason isn't always clear to me (I'm probably missing some background on static analysis here). Let me know if you think the warning here should be ignored.
lib/AST/NestedNameSpecifier.cpp
460	Code path proposed by the analyzer is the following: NestedNameSpecifierLocBuilder:: NestedNameSpecifierLocBuilder(const NestedNameSpecifierLocBuilder &Other) : Representation(Other.Representation), Buffer(nullptr), BufferSize(0), BufferCapacity(0) { ... Append(Other.Buffer, Other.Buffer + Other.BufferSize, Buffer, BufferSize, BufferCapacity); } The constructor is called on line 484 and it initalizes Buffer to nullptr, BufferSIze to 0 and BufferCapacity to 0 as shown above. Then, after evaluating all branches in the constructor body to false, it calls Append() with the parameters previously initialized: void Append(char Start, char End, char *&Buffer, unsigned &BufferSize, 442 unsigned &BufferCapacity) { if (Start == End) return; 445. if (BufferSize + (End - Start) > BufferCapacity) { ... } 459. memcpy(Buffer + BufferSize, Start, End - Start); At this point, after evaluating the branches at lines 443 and 446 to false, the analyzer concludes that 'Buffer + BufferSize' is a "Null pointer passed as an argument to a 'nonnull' parameter", hence the assert I proposed just before this line. It turns out that this suggested codepath is indeed unlikely because either: Buffer parameter is null and so is BufferCapacity when Append() is called, in which case branch at line 446 is unlikely to evaluate to false, or Buffer parameter is initialized to a non-null value in the constructor at line 494 and is passed as a non-null parameter when Append() is called. I chose however to trust the tool and prevent unforseen conditions to lead to that path by asserting Buffer value. Let me know if you think the warning here should be ignored.

rtrieu added inline comments.May 12 2016, 3:58 PM

lib/AST/ASTDiagnostic.cpp
1686–1688	Given the choice between changing the condition and adding an assertion, the assertion is the correct choice. If Same is true, the first branch must be taken or the wrong message will be printed. The assertion in this function is (FromTD \|\| ToTD) which allows for FromTD to be null. That means only the case of FromTD is null and TD is null is excluded. This allows the case for for FromTD to be null and ToTD to be non-null, which is case the static analysis is warning about. However, template diffing only sets Same to true when both FromTD and ToTD are non-null, but this isn't checked or enforced anywhere. To be explicit, this is the kind of assertion and the location it should be present: if (Same) { assert(FromTD && ToTD && "Same implies both template arguments are non-null.");

[scan-build] fix warnings emitted on Clang AST code base

Changes since last revision:

lib/AST/ASTDiagnostic.cpp: replace if() condition by assert to ensure that template diffing print message is done only when both 'FromTD' and 'ToTD' are non-null.

Revision Contents

Path

Size

lib/

AST/

ASTDiagnostic.cpp

2 lines

DeclObjC.cpp

4 lines

ExprConstant.cpp

1 line

NestedNameSpecifier.cpp

4 lines

Diff 57571

lib/AST/ASTDiagnostic.cpp

Show First 20 Lines • Show All 1,677 Lines • ▼ Show 20 Lines	void PrintTemplateTemplate(TemplateDecl FromTD, TemplateDecl ToTD,

std::string FromName = FromTD ? FromTD->getName() : "(no argument)";		std::string FromName = FromTD ? FromTD->getName() : "(no argument)";
std::string ToName = ToTD ? ToTD->getName() : "(no argument)";		std::string ToName = ToTD ? ToTD->getName() : "(no argument)";
if (FromTD && ToTD && FromName == ToName) {		if (FromTD && ToTD && FromName == ToName) {
FromName = FromTD->getQualifiedNameAsString();		FromName = FromTD->getQualifiedNameAsString();
ToName = ToTD->getQualifiedNameAsString();		ToName = ToTD->getQualifiedNameAsString();
}		}

if (Same) {		if (Same) {
		assert((FromTD && ToTD) &&
		"Same implies both template arguments are non-null.");
		dblaikieUnsubmitted Not Done Reply Inline Actions Should this be a condition, or just an assertion? dblaikie: Should this be a condition, or just an assertion?
		rtrieuUnsubmitted Not Done Reply Inline Actions This should be an assertion. Same == true implies FromTD and ToTD are not null. rtrieu: This should be an assertion. Same == true implies FromTD and ToTD are not null.
		apeleteAuthorUnsubmitted Not Done Reply Inline Actions What do you mean by "This should be an assertion" ? There's already an assertion on FromTD and ToTD values at the beginning of PrintTemplateTemplate() so duplicating it here didn't make sense to me: should I replace the if() with an assertion anyway ? apelete: What do you mean by "This should be an assertion" ? There's already an assertion on FromTD and…
		rtrieuUnsubmitted Not Done Reply Inline Actions Given the choice between changing the condition and adding an assertion, the assertion is the correct choice. If Same is true, the first branch must be taken or the wrong message will be printed. The assertion in this function is (FromTD \|\| ToTD) which allows for FromTD to be null. That means only the case of FromTD is null and TD is null is excluded. This allows the case for for FromTD to be null and ToTD to be non-null, which is case the static analysis is warning about. However, template diffing only sets Same to true when both FromTD and ToTD are non-null, but this isn't checked or enforced anywhere. To be explicit, this is the kind of assertion and the location it should be present: if (Same) { assert(FromTD && ToTD && "Same implies both template arguments are non-null."); rtrieu: Given the choice between changing the condition and adding an assertion, the assertion is the…
OS << "template " << FromTD->getNameAsString();		OS << "template " << FromTD->getNameAsString();
} else if (!PrintTree) {		} else if (!PrintTree) {
OS << (FromDefault ? "(default) template " : "template ");		OS << (FromDefault ? "(default) template " : "template ");
Bold();		Bold();
OS << FromName;		OS << FromName;
Unbold();		Unbold();
} else {		} else {
OS << (FromDefault ? "[(default) template " : "[template ");		OS << (FromDefault ? "[(default) template " : "[template ");
▲ Show 20 Lines • Show All 349 Lines • Show Last 20 Lines

lib/AST/DeclObjC.cpp

Show First 20 Lines • Show All 1,571 Lines • ▼ Show 20 Lines	if (!ImplDecl->ivar_empty()) {
if (!layout.empty()) {		if (!layout.empty()) {
// Order synthesized ivars by their size.		// Order synthesized ivars by their size.
std::stable_sort(layout.begin(), layout.end());		std::stable_sort(layout.begin(), layout.end());
unsigned Ix = 0, EIx = layout.size();		unsigned Ix = 0, EIx = layout.size();
if (!data().IvarList) {		if (!data().IvarList) {
data().IvarList = layout[0].Ivar; Ix++;		data().IvarList = layout[0].Ivar; Ix++;
curIvar = data().IvarList;		curIvar = data().IvarList;
}		}
for ( ; Ix != EIx; curIvar = layout[Ix].Ivar, Ix++)		for ( ; Ix != EIx; curIvar = layout[Ix].Ivar, Ix++) {
		assert(curIvar && "instance variable is NULL, stop iterating through layout");
curIvar->setNextIvar(layout[Ix].Ivar);		curIvar->setNextIvar(layout[Ix].Ivar);
}		}
}		}
}		}
		}
return data().IvarList;		return data().IvarList;
}		}

/// FindCategoryDeclaration - Finds category declaration in the list of		/// FindCategoryDeclaration - Finds category declaration in the list of
/// categories for this class and returns it. Name of the category is passed		/// categories for this class and returns it. Name of the category is passed
/// in 'CategoryId'. If category not found, return 0;		/// in 'CategoryId'. If category not found, return 0;
///		///
ObjCCategoryDecl *		ObjCCategoryDecl *
▲ Show 20 Lines • Show All 621 Lines • Show Last 20 Lines

lib/AST/ExprConstant.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

	Show First 20 Lines • Show All 1,983 Lines • ▼ Show 20 Lines
	/// \param Info - Information about the ongoing evaluation.			/// \param Info - Information about the ongoing evaluation.
	/// \param E - The expression being evaluated, for diagnostic purposes.			/// \param E - The expression being evaluated, for diagnostic purposes.
	/// \param LVal - The pointer value to be updated.			/// \param LVal - The pointer value to be updated.
	/// \param EltTy - The pointee type represented by LVal.			/// \param EltTy - The pointee type represented by LVal.
	/// \param Adjustment - The adjustment, in objects of type EltTy, to add.			/// \param Adjustment - The adjustment, in objects of type EltTy, to add.
	static bool HandleLValueArrayAdjustment(EvalInfo &Info, const Expr *E,			static bool HandleLValueArrayAdjustment(EvalInfo &Info, const Expr *E,
	LValue &LVal, QualType EltTy,			LValue &LVal, QualType EltTy,
	int64_t Adjustment) {			int64_t Adjustment) {
				assert(E && "expression to be evaluated must be not NULL");
				dblaikieUnsubmitted Not Done Reply Inline Actions Does the static analyzer assume any pointer parameter may be null? (I didn't think it did that - I thought it only assumed it could be null if there was a null test somewhere in the function?) That seems a bit too pessimistic in most codebases, especially LLVM - we pass a lot of non-null pointers around. dblaikie: Does the static analyzer assume any pointer parameter may be null? (I didn't think it did that…
				apeleteAuthorUnsubmitted Not Done Reply Inline Actions Not all pointer parameters trigger a warning during static analysis of Clang codebase, but for the ones that do the reason isn't always clear to me (I'm probably missing some background on static analysis here). Let me know if you think the warning here should be ignored. apelete: Not all pointer parameters trigger a warning during static analysis of Clang codebase, but for…
	CharUnits SizeOfPointee;			CharUnits SizeOfPointee;
	if (!HandleSizeof(Info, E->getExprLoc(), EltTy, SizeOfPointee))			if (!HandleSizeof(Info, E->getExprLoc(), EltTy, SizeOfPointee))
	return false;			return false;

	// Compute the new offset in the appropriate width.			// Compute the new offset in the appropriate width.
	LVal.Offset += Adjustment * SizeOfPointee;			LVal.Offset += Adjustment * SizeOfPointee;
	LVal.adjustIndex(Info, E, Adjustment);			LVal.adjustIndex(Info, E, Adjustment);
	return true;			return true;
	▲ Show 20 Lines • Show All 7,723 Lines • Show Last 20 Lines

lib/AST/NestedNameSpecifier.cpp

Show First 20 Lines • Show All 450 Lines • ▼ Show 20 Lines	if (BufferSize + (End - Start) > BufferCapacity) {
char NewBuffer = static_cast<char >(malloc(NewCapacity));		char NewBuffer = static_cast<char >(malloc(NewCapacity));
if (BufferCapacity) {		if (BufferCapacity) {
memcpy(NewBuffer, Buffer, BufferSize);		memcpy(NewBuffer, Buffer, BufferSize);
free(Buffer);		free(Buffer);
}		}
Buffer = NewBuffer;		Buffer = NewBuffer;
BufferCapacity = NewCapacity;		BufferCapacity = NewCapacity;
}		}

		assert(Buffer && "Buffer cannot be NULL");
		dblaikieUnsubmitted Not Done Reply Inline Actions Again, is this assuming that the Buffer parameter may be null? That seems unlikely to be useful in the LLVM codebase where we have lots of guaranteed non-null pointers floating around (I'm surprised this wouldn't cause tons of analyzer warnings, so presumably it's something more subtle?) dblaikie: Again, is this assuming that the Buffer parameter may be null? That seems unlikely to be useful…
		apeleteAuthorUnsubmitted Not Done Reply Inline Actions Code path proposed by the analyzer is the following: NestedNameSpecifierLocBuilder:: NestedNameSpecifierLocBuilder(const NestedNameSpecifierLocBuilder &Other) : Representation(Other.Representation), Buffer(nullptr), BufferSize(0), BufferCapacity(0) { ... Append(Other.Buffer, Other.Buffer + Other.BufferSize, Buffer, BufferSize, BufferCapacity); } The constructor is called on line 484 and it initalizes Buffer to nullptr, BufferSIze to 0 and BufferCapacity to 0 as shown above. Then, after evaluating all branches in the constructor body to false, it calls Append() with the parameters previously initialized: void Append(char Start, char End, char &Buffer, unsigned &BufferSize, 442 unsigned &BufferCapacity) { if (Start == End) return; 445. if (BufferSize + (End - Start) > BufferCapacity) { ... } 459. memcpy(Buffer + BufferSize, Start, End - Start); At this point, after evaluating the branches at lines 443 and 446 to false, the analyzer concludes that 'Buffer + BufferSize' is a "Null pointer passed as an argument to a 'nonnull' parameter", hence the assert I proposed just before this line. It turns out that this suggested codepath is indeed unlikely because either: Buffer parameter is null and so is BufferCapacity when Append() is called, in which case branch at line 446 is unlikely to evaluate to false, or Buffer parameter is initialized to a non-null value in the constructor at line 494 and is passed as a non-null parameter when Append() is called. I chose however to trust the tool and prevent unforseen conditions to lead to that path by asserting Buffer value. Let me know if you think the warning here should be ignored. apelete:* Code path proposed by the analyzer is the following: 484. NestedNameSpecifierLocBuilder:: 485.

memcpy(Buffer + BufferSize, Start, End - Start);		memcpy(Buffer + BufferSize, Start, End - Start);
BufferSize += End-Start;		BufferSize += End-Start;
}		}

/// \brief Save a source location to the given buffer.		/// \brief Save a source location to the given buffer.
void SaveSourceLocation(SourceLocation Loc, char *&Buffer,		void SaveSourceLocation(SourceLocation Loc, char *&Buffer,
unsigned &BufferSize, unsigned &BufferCapacity) {		unsigned &BufferSize, unsigned &BufferCapacity) {
unsigned Raw = Loc.getRawEncoding();		unsigned Raw = Loc.getRawEncoding();
▲ Show 20 Lines • Show All 217 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[scan-build] fix warnings emitted on Clang AST code baseNeeds ReviewPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 57571

lib/AST/ASTDiagnostic.cpp

lib/AST/DeclObjC.cpp

lib/AST/ExprConstant.cpp

lib/AST/NestedNameSpecifier.cpp

[scan-build] fix warnings emitted on Clang AST code base
Needs ReviewPublic