caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf699ad9ab458ed94de8a4e772534ff4a23c8933
clang-p2996/clang/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp
George Karpenkov 7744c7f137 [analyzer] Trust _Nonnull annotations, and trust analyzer knowledge about receiver nullability 
Previously, the checker was using the nullability of the expression,
which is nonnull IFF both receiver and method are annotated as _Nonnull.
However, the receiver could be known to the analyzer to be nonnull
without being explicitly marked as _Nonnull.

rdar://40635584

Differential Revision: https://reviews.llvm.org/D47510

llvm-svn: 333612
2018-05-31 00:28:13 +00:00

91 lines
2.8 KiB
C++
Raw Blame History

//== TrustNonnullChecker.cpp - Checker for trusting annotations -*- C++ -*--==//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This checker adds an assumption that methods annotated with _Nonnull
// which come from system headers actually return a non-null pointer.
//
//===----------------------------------------------------------------------===//
#include "ClangSACheckers.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerHelpers.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
using namespace clang;
using namespace ento;
namespace {
class TrustNonnullChecker : public Checker<check::PostCall> {
private:
/// \returns Whether we trust the result of the method call to be
/// a non-null pointer.
bool isNonNullPtr(const CallEvent &Call, CheckerContext &C) const {
QualType ExprRetType = Call.getResultType();
if (!ExprRetType->isAnyPointerType())
return false;
if (getNullabilityAnnotation(ExprRetType) == Nullability::Nonnull)
return true;
// The logic for ObjC instance method calls is more complicated,
// as the return value is nil when the receiver is nil.
if (!isa<ObjCMethodCall>(&Call))
return false;
const auto *MCall = cast<ObjCMethodCall>(&Call);
const ObjCMethodDecl *MD = MCall->getDecl();
// Distrust protocols.
if (isa<ObjCProtocolDecl>(MD->getDeclContext()))
return false;
QualType DeclRetType = MD->getReturnType();
if (getNullabilityAnnotation(DeclRetType) != Nullability::Nonnull)
return false;
// For class messages it is sufficient for the declaration to be
// annotated _Nonnull.
if (!MCall->isInstanceMessage())
return true;
// Alternatively, the analyzer could know that the receiver is not null.
SVal Receiver = MCall->getReceiverSVal();
ConditionTruthVal TV = C.getState()->isNonNull(Receiver);
if (TV.isConstrainedTrue())
return true;
return false;
}
public:
void checkPostCall(const CallEvent &Call, CheckerContext &C) const {
// Only trust annotations for system headers for non-protocols.
if (!Call.isInSystemHeader())
return;
ProgramStateRef State = C.getState();
if (isNonNullPtr(Call, C))
if (auto L = Call.getReturnValue().getAs<Loc>())
State = State->assume(*L, /*Assumption=*/true);
C.addTransition(State);
}
};
} // end empty namespace
void ento::registerTrustNonnullChecker(CheckerManager &Mgr) {
Mgr.registerChecker<TrustNonnullChecker>();
}
Reference in New Issue View Git Blame Copy Permalink