[Analyzer] Exception checker for misuse: uncaught/noncompliant throws
AbandonedPublic

Authored by baloghadamsoftware on Apr 21 2017, 7:02 AM.

Details

Summary

This is an old checker used only internally until now.

The original author is *Bence Babati*, I added him as a subscriber.

The checker checks whether exceptions escape:

  • the main() function
  • destructors, move ctor/assignment
  • functions with exception specifications not containing the exception's type
  • or functions specially marked by an option.

I did not change the name of the checker, but maybe ExceptionEscape or UncaughtException could be more suitable.

I am not sure whether Clang SA is the right place for this checker since it only walks the AST.
Maybe it should be reimplemented in Clang-Tidy, but there we would need a new matcher that walks the call chain recursively. (As far as I know, we cannot write iterative matcher expressions.)

Diff Detail

whisperity added a subscriber: gsd.May 9 2017, 1:38 AM
whisperity added inline comments.May 9 2017, 1:58 AM
lib/StaticAnalyzer/Checkers/ExceptionMisuseChecker.cpp
80

There are some comment formatting issues along these lines.

84

I had to stop here for a moment and heavily think what this variable (and the relevant command-line argument) is used for.

Maybe this calls for a comment then. What is "allowed function"? One that is explicitly allowed to throw, based on the user's decision? This should be explained here.

109

Why is swap hardcoded as an "enabledfunc"?

329

The phrasing should be fixed here for easier understanding.

336

already processed what? A given exception type from a given function?

468

if (!D)

test/Analysis/exception-misuse.cpp
18

I would use a much more descriptive error message here. E.g., explicitly say, that move (constructor|operator=) should not throw.

26

Yet again, better wording: _Destructor not marked noexcept(false) should not throw_ (this is true since C++11, maybe this needs to be based on a conditional in the checker!)

@xazax.hun, any idea on what a good error message here should be?

26

Also, a test case for a throwing, and noexcept(false)-specified dtor is missing.

whisperity edited the summary of this revision. (Show Details)May 9 2017, 2:00 AM
whisperity retitled this revision from [Analyzer] Exception Checker to [Analyzer] Exception checker for misuse: uncaught/noncompliant throws.May 9 2017, 2:20 AM
whisperity edited the summary of this revision. (Show Details)
whisperity added a reviewer: xazax.hun.
xazax.hun added inline comments.May 9 2017, 3:02 AM
lib/StaticAnalyzer/Checkers/ExceptionMisuseChecker.cpp
105

All comments should be full sentences starting with a capital letter and ending with a period.

109

It is always possible to implement swap in a non-throwing way, and some implementations that are using the copy and swap idiom, expecting swap to be no-throw.

test/Analysis/exception-misuse.cpp
26

In fact, the function can throw, if the exception is catched before leaving the function body. And in case the function does not throw but a called function do, that is also an error. So maybe something like exception are not allowed to leave this function?