This is an archive of the discontinued LLVM Phabricator instance.

Differential D75697

[analyzer] Allow null false positive suppression for conditions
Needs ReviewPublic

Authored by Szelethus on Mar 5 2020, 9:56 AM.

Details

Reviewers
NoQ
baloghadamsoftware
balazske
martong
xazax.hun
dcoughlin
Summary

If the a value has received its value through suspicious means, we suppress it. Tracked conditions are very much relevant to the occurrence of a bug, if their value is fishy, the entire bug report probably is as well.

Diff Detail

Event Timeline

Szelethus created this revision.Mar 5 2020, 9:56 AM
Herald added subscribers: cfe-commits, steakhal, Charusso and 8 others. · View Herald TranscriptMar 5 2020, 9:56 AM
Harbormaster failed remote builds in B48230: Diff 248526!Mar 5 2020, 10:58 AM
NoQ added a comment.Mar 5 2020, 11:33 AM

Aha! We need some positive results tho, given that these are heuristics.

clang/test/Analysis/inlining/inline-defensive-checks.m
113

This code definitely deserves a warning tho. Regardless of any path-sensitive reasoning, it's trivial to prove that either this line has a division by zero or it's outright dead code. I'd leave a FIXME here. This shouldn't be suppressed.

More importantly, we should have more tests to demonstrate how this patch is useful. I.e., some code snippets in which it's obvious that the suppressed warning is a false positive.

Szelethus added a comment.Mar 5 2020, 12:06 PM

I'm too sure what the implications of such a change is, so I'll get some real-life results before even thinking of commiting.

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
2 lines
test/
Analysis/
inlining/
4 lines

Diff 248526

clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp

Show First 20 LinesShow All 1,805 Lines▼ Show 20 Lines if (ControlDeps.isControlDependent(OriginB, NB)) {
if (llvm::isa_and_nonnull<CXXForRangeStmt>(NB->getTerminatorStmt())) if (llvm::isa_and_nonnull<CXXForRangeStmt>(NB->getTerminatorStmt()))
return nullptr; return nullptr;
if (const Expr *Condition = NB->getLastCondition()) { if (const Expr *Condition = NB->getLastCondition()) {
// Keeping track of the already tracked conditions on a visitor level // Keeping track of the already tracked conditions on a visitor level
// isn't sufficient, because a new visitor is created for each tracked // isn't sufficient, because a new visitor is created for each tracked
// expression, hence the BugReport level set. // expression, hence the BugReport level set.
if (BR.addTrackedCondition(N)) { if (BR.addTrackedCondition(N)) {
bugreporter::trackExpressionValue( bugreporter::trackExpressionValue(
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-        bugreporter::trackExpressionValue(
-            N, Condition, BR, bugreporter::TrackingKind::Condition,
-            /*EnableNullFPSuppression=*/true);
+        bugreporter::trackExpressionValue(N, Condition, BR,
+                                          bugreporter::TrackingKind::Condition,
+                                          /*EnableNullFPSuppression=*/true);
Lint: Pre-merge checks: clang-format: please reformat the code ``` - bugreporter::trackExpressionValue…
N, Condition, BR, bugreporter::TrackingKind::Condition, N, Condition, BR, bugreporter::TrackingKind::Condition,
/*EnableNullFPSuppression=*/false); /*EnableNullFPSuppression=*/true);
return constructDebugPieceForTrackedCondition(Condition, N, BRC); return constructDebugPieceForTrackedCondition(Condition, N, BRC);
} }
} }
} }
return nullptr; return nullptr;
} }
▲ Show 20 LinesShow All 1,084 LinesShow Last 20 Lines

clang/test/Analysis/inlining/inline-defensive-checks.m

Show First 20 LinesShow All 102 Lines▼ Show 20 Lines if (!mem)
return 5/zero; // expected-warning {{Division by zero}} return 5/zero; // expected-warning {{Division by zero}}
return 0; return 0;
} }
int dontSuppressNilReceiverRetNull(Foo* fPtr) { int dontSuppressNilReceiverRetNull(Foo* fPtr) {
unsigned zero = 0; unsigned zero = 0;
fPtr = retNil(); fPtr = retNil();
// On a path where fPtr is nil, mem should be nil. // On a path where fPtr is nil, mem should be nil.
// The warning is not suppressed because the receiver being nil is not
// directly related to the value that triggers the warning.
Foo *mem = [fPtr getFooPtr]; Foo *mem = [fPtr getFooPtr];
if (!mem) if (!mem)
return 5/zero; // expected-warning {{Division by zero}} return 5/zero;
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-    return 5/zero;
+    return 5 / zero;
Lint: Pre-merge checks: clang-format: please reformat the code ``` - return 5/zero; + return 5 / zero; ```
NoQUnsubmitted
Not Done
ReplyInline Actions

This code definitely deserves a warning tho. Regardless of any path-sensitive reasoning, it's trivial to prove that either this line has a division by zero or it's outright dead code. I'd leave a FIXME here. This shouldn't be suppressed.

More importantly, we should have more tests to demonstrate how this patch is useful. I.e., some code snippets in which it's obvious that the suppressed warning is a false positive.

NoQ: This code definitely deserves a warning tho. Regardless of any path-sensitive reasoning, it's…
return 0; return 0;
} }
int dontSuppressNilReceiverIDC(Foo* fPtr) { int dontSuppressNilReceiverIDC(Foo* fPtr) {
unsigned zero = 0; unsigned zero = 0;
idc(fPtr); idc(fPtr);
// On a path where fPtr is nil, mem should be nil. // On a path where fPtr is nil, mem should be nil.
// The warning is not suppressed because the receiver being nil is not // The warning is not suppressed because the receiver being nil is not
// directly related to the value that triggers the warning. // directly related to the value that triggers the warning.
Foo *mem = [fPtr getFooPtr]; Foo *mem = [fPtr getFooPtr];
if (!mem) if (!mem)
return 5/zero; // expected-warning {{Division by zero}} return 5/zero; // expected-warning {{Division by zero}}
return 0; return 0;
} }