Index: cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp =================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp +++ cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp @@ -25,18 +25,56 @@ namespace { class TrustNonnullChecker : public Checker { +private: + /// \returns Whether we trust the result of the method call to be + /// a non-null pointer. + bool isNonNullPtr(const CallEvent &Call, CheckerContext &C) const { + QualType ExprRetType = Call.getResultType(); + if (!ExprRetType->isAnyPointerType()) + return false; + + if (getNullabilityAnnotation(ExprRetType) == Nullability::Nonnull) + return true; + + // The logic for ObjC instance method calls is more complicated, + // as the return value is nil when the receiver is nil. + if (!isa(&Call)) + return false; + + const auto *MCall = cast(&Call); + const ObjCMethodDecl *MD = MCall->getDecl(); + + // Distrust protocols. + if (isa(MD->getDeclContext())) + return false; + + QualType DeclRetType = MD->getReturnType(); + if (getNullabilityAnnotation(DeclRetType) != Nullability::Nonnull) + return false; + + // For class messages it is sufficient for the declaration to be + // annotated _Nonnull. + if (!MCall->isInstanceMessage()) + return true; + + // Alternatively, the analyzer could know that the receiver is not null. + SVal Receiver = MCall->getReceiverSVal(); + ConditionTruthVal TV = C.getState()->isNonNull(Receiver); + if (TV.isConstrainedTrue()) + return true; + + return false; + } + public: void checkPostCall(const CallEvent &Call, CheckerContext &C) const { // Only trust annotations for system headers for non-protocols. if (!Call.isInSystemHeader()) return; - QualType RetType = Call.getResultType(); - if (!RetType->isAnyPointerType()) - return; - ProgramStateRef State = C.getState(); - if (getNullabilityAnnotation(RetType) == Nullability::Nonnull) + + if (isNonNullPtr(Call, C)) if (auto L = Call.getReturnValue().getAs()) State = State->assume(*L, /*Assumption=*/true); Index: cfe/trunk/test/Analysis/Inputs/system-header-simulator-for-nullability.h =================================================================== --- cfe/trunk/test/Analysis/Inputs/system-header-simulator-for-nullability.h +++ cfe/trunk/test/Analysis/Inputs/system-header-simulator-for-nullability.h @@ -32,8 +32,9 @@ @interface NSString : NSObject - (BOOL)isEqualToString : (NSString *)aString; - (NSString *)stringByAppendingString:(NSString *)aString; -+ (_Nonnull NSString *) generateString; -+ (_Nullable NSString *) generatePossiblyNullString; ++ (NSString * _Nonnull) generateString; ++ (NSString *) generateImplicitlyNonnullString; ++ (NSString * _Nullable) generatePossiblyNullString; @end void NSSystemFunctionTakingNonnull(NSString *s); @@ -46,7 +47,7 @@ NSString* _Nonnull getString(); @protocol MyProtocol -- (_Nonnull NSString *) getString; +- (NSString * _Nonnull) getString; @end NS_ASSUME_NONNULL_END Index: cfe/trunk/test/Analysis/trustnonnullchecker_test.m =================================================================== --- cfe/trunk/test/Analysis/trustnonnullchecker_test.m +++ cfe/trunk/test/Analysis/trustnonnullchecker_test.m @@ -2,14 +2,39 @@ #include "Inputs/system-header-simulator-for-nullability.h" -NSString* getUnknownString(); - NSString* _Nonnull trust_nonnull_framework_annotation() { NSString* out = [NSString generateString]; if (out) {} return out; // no-warning } +NSString* _Nonnull trust_instancemsg_annotation(NSString* _Nonnull param) { + NSString* out = [param stringByAppendingString:@"string"]; + if (out) {} + return out; // no-warning +} + +NSString* _Nonnull distrust_instancemsg_noannotation(NSString* param) { + if (param) {} + NSString* out = [param stringByAppendingString:@"string"]; + if (out) {} + return out; // expected-warning{{}} +} + +NSString* _Nonnull trust_analyzer_knowledge(NSString* param) { + if (!param) + return @""; + NSString* out = [param stringByAppendingString:@"string"]; + if (out) {} + return out; // no-warning +} + +NSString* _Nonnull trust_assume_nonnull_macro() { + NSString* out = [NSString generateImplicitlyNonnullString]; + if (out) {} + return out; // no-warning +} + NSString* _Nonnull distrust_without_annotation() { NSString* out = [NSString generatePossiblyNullString]; if (out) {} @@ -41,3 +66,4 @@ if (out) {}; return out; // expected-warning{{}} } +