[PATCH] D152269: [StaticAnalyzer] Fix false negative on NilArgChecker when creating literal object

Tue, 06 Jun 2023 19:51:28 -0700 

tripleCC added inline comments.


================
Comment at: 
clang/lib/StaticAnalyzer/Checkers/BasicObjCFoundationChecks.cpp:151-164
+  auto ArgSVal = C.getSVal(E).getAs<DefinedOrUnknownSVal>();
+  if (!ArgSVal)
+    return;
+
+  ProgramStateRef StNonNull, StNull;
+  std::tie(StNonNull, StNull) = State->assume(*ArgSVal);
+
----------------
steakhal wrote:
> steakhal wrote:
> > This means that we would raise an issue if `ArgSVal` might be null. We 
> > usually warn if we are sure there is a bug, aka. if it must be null. 
> > Consequently, the condition should be rather `StNull && !StNonNull` instead 
> > of just `StNull`.
> Ah I see now. My bad, thats the whole point of this :D
Not exactly, this meas that if ArgSVal might be null, we dispatch an "implicit" 
null event to NullabilityChecker. NullabilityChecker would emit a warning if 
the pointer is nullable  in `checkEvent` function:

```c++
/// This callback triggers when a pointer is dereferenced and the analyzer does
/// not know anything about the value of that pointer. When that pointer is
/// nullable, this code emits a warning.
void NullabilityChecker::checkEvent(ImplicitNullDerefEvent Event) const {
  if (Event.SinkNode->getState()->get<InvariantViolated>())
    return;

  const MemRegion *Region =
      getTrackRegion(Event.Location, /*CheckSuperRegion=*/true);
  if (!Region)
    return;

  ProgramStateRef State = Event.SinkNode->getState();
  const NullabilityState *TrackedNullability =
      State->get<NullabilityMap>(Region);

  if (!TrackedNullability)
    return;

  if (ChecksEnabled[CK_NullableDereferenced] &&
      TrackedNullability->getValue() == Nullability::Nullable) {
    BugReporter &BR = *Event.BR;
    // Do not suppress errors on defensive code paths, because dereferencing
    // a nullable pointer is always an error.
    if (Event.IsDirectDereference)
      reportBug("Nullable pointer is dereferenced",
                ErrorKind::NullableDereferenced, CK_NullableDereferenced,
                Event.SinkNode, Region, BR);
    else {
      reportBug("Nullable pointer is passed to a callee that requires a "
                "non-null",
                ErrorKind::NullablePassedToNonnull, CK_NullableDereferenced,
                Event.SinkNode, Region, BR);
    }
  }
}
```


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D152269/new/

https://reviews.llvm.org/D152269

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to