Open Quuxplusone opened 14 years ago
Bugzilla Link | PR7492 |
Status | NEW |
Importance | P enhancement |
Reported by | Peter Gutmann (pgut001@cs.auckland.ac.nz) |
Reported on | 2010-06-25 06:43:51 -0700 |
Last modified on | 2013-02-15 11:00:40 -0800 |
Version | unspecified |
Hardware | All All |
CC | jrose@belkadan.com, llvm-bugs@lists.llvm.org, peter@stairways.com.au, pgut001@cs.auckland.ac.nz, trivial@zoho.com |
Fixed by commit(s) | |
Attachments | |
Blocks | |
Blocked by | |
See also |
Following up to my earlier comments, I would really, really kill for the ability to say something like 'success( status >= 0 ) int foo( ... );' as per my earlier post. In terms of false positives I'm now getting more of these than every other clang warning combined (in practice this means that if you clean up all the other warnings, what's left are all these false positives, but still... ). Even just an 'analysis_assume()' would help here if '__success()' is too much work.
Here is another case where the static analyer doesn't notice the values in an
assert (which should function similarly to Peter's suggested __analysis_assume).
typedef const void* DictionaryKey;
inline Boolean
CFDictionaryGet( CFDictionaryRef ref, DictionaryKey inKey, CFStringRef& result,
CFStringRef def )
{
result = (CFStringRef) ::CFDictionaryGetValue( ref, inKey );
if ( !result ) {
result = def;
}
assert( (result != NULL) || (def == NULL) ); // Clearly indicates that result
cannot be NULL if def is not NULL
return result != NULL;
}
CFStringRef mVariable;
void Test( CFDictionaryRef dictionary )
{
CFStringRef value;
CFDictionaryGet( dictionary, CFSTR("Variable"), value, CFSTR("Variable") );
// assert( value );
mVariable = (CFStringRef)CFRetain( value ); // Erroneously detects as value
might be NULL
}
The assert clearly tells the compiler that if def is not null, then result
cannot be null either, but the analyzer persists in reporting a potential use
of NULL in the CFRetain. Adding the assert( value ) inline in Test resolves
the problem, but it's a shame that the analyser, which traces through the
sequence fails to note the assert.
Adding to Peter's suggestion, it would obviously be beneficial to be able to
specify the post conditions for function.
The static analyzer /does/ look at assertions, if you are analyzing a debug build. Peter L, in your case the problem is that the analyzer doesn't understand that CFSTR is never null. Please file a separate bug for that.
Having a general annotation system is definitely something we're interested in, but it's a big project and likely won't be shipped in the near future.
Added bug 15270 http://llvm.org/bugs/show_bug.cgi?id=15270 for CFSTR not being known to be non NULL. Thanks.
>Having a general annotation system is definitely something we're
>interested in, but it's a big project and likely won't be shipped
>in the near future.
Oh, what a pity, I'd really kill for at least a __nonnull, __checkreturn (both
of which gcc already do, but really badly/incorrectly), and __dead(). Still,
thanks for the all the good work you're doing with clang, I'm not just
complaining :-).
FWIW, we do recognize GCC's attribute((nonnull)) and attribute((noreturn)), though there are a couple of places where they fall through the cracks. __checkreturn is a good one, though.