Page MenuHomePhabricator

[Analyzer] Exception checker for misuse: uncaught/noncompliant throws

Authored by baloghadamsoftware on Apr 21 2017, 7:02 AM.



This is an old checker used only internally until now.

The original author is *Bence Babati*, I added him as a subscriber.

The checker checks whether exceptions escape:

  • the main() function
  • destructors, move ctor/assignment
  • functions with exception specifications not containing the exception's type
  • or functions specially marked by an option.

I did not change the name of the checker, but maybe ExceptionEscape or UncaughtException could be more suitable.

I am not sure whether Clang SA is the right place for this checker since it only walks the AST.
Maybe it should be reimplemented in Clang-Tidy, but there we would need a new matcher that walks the call chain recursively. (As far as I know, we cannot write iterative matcher expressions.)

Diff Detail

Event Timeline

whisperity added a subscriber: gsd.May 9 2017, 1:38 AM
whisperity added inline comments.May 9 2017, 1:58 AM

There are some comment formatting issues along these lines.


I had to stop here for a moment and heavily think what this variable (and the relevant command-line argument) is used for.

Maybe this calls for a comment then. What is "allowed function"? One that is explicitly allowed to throw, based on the user's decision? This should be explained here.


Why is swap hardcoded as an "enabledfunc"?


The phrasing should be fixed here for easier understanding.


already processed what? A given exception type from a given function?


if (!D)


I would use a much more descriptive error message here. E.g., explicitly say, that move (constructor|operator=) should not throw.


Yet again, better wording: _Destructor not marked noexcept(false) should not throw_ (this is true since C++11, maybe this needs to be based on a conditional in the checker!)

@xazax.hun, any idea on what a good error message here should be?


Also, a test case for a throwing, and noexcept(false)-specified dtor is missing.

whisperity edited the summary of this revision. (Show Details)May 9 2017, 2:00 AM
whisperity retitled this revision from [Analyzer] Exception Checker to [Analyzer] Exception checker for misuse: uncaught/noncompliant throws.May 9 2017, 2:20 AM
whisperity edited the summary of this revision. (Show Details)
whisperity added a reviewer: xazax.hun.
xazax.hun added inline comments.May 9 2017, 3:02 AM

All comments should be full sentences starting with a capital letter and ending with a period.


It is always possible to implement swap in a non-throwing way, and some implementations that are using the copy and swap idiom, expecting swap to be no-throw.


In fact, the function can throw, if the exception is catched before leaving the function body. And in case the function does not throw but a called function do, that is also an error. So maybe something like exception are not allowed to leave this function?