Bug with clang static analyzer

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug with clang static analyzer

Jon Chesterfield via cfe-dev
Hi,

I'm working with the version of clang shipped with Xcode 9.0.1 (Apple LLVM version 9.0.0 (clang-900.0.38)) and I seem to have found a bug where the check_name parameter of the clang static analysis plist file is incorrect. Since I use this check_name as an identifier for automatic linting in CI, it's important to get it right (e.g., to track the change in violations across commits). When I enable the lint nullability.NullPassedToNonnull, that check name is returned for a violation that is actually nullability.NullReturnedFromNonnull. When I disable nullability.NullPassedToNonnull, the check_name is correctly reported.

Command where check_name is correct (nullability.NullReturnedFromNonnull):

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk -arch x86_64 -mios-simulator-version-min\=10.0 -std\=gnu99 -c a.m -o out -Wno-error -Xclang -analyzer-config -Xclang mode\=deep -Xclang -analyzer-config -Xclang path-diagnostics-alternate\=true -Xclang -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang -analyzer-disable-checker -Xclang nullability.NullPassedToNonnull -Xclang -analyzer-output\=plist -Xclang -analyzer-opt-analyze-nested-blocks -D__clang_analyzer__ --analyze && cat out


Command where check_name is NullPassedToNonnull:

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk -arch x86_64 -mios-simulator-version-min\=10.0 -std\=gnu99 -c a.m -o out -Wno-error -Xclang -analyzer-config -Xclang mode\=deep -Xclang -analyzer-config -Xclang path-diagnostics-alternate\=true -Xclang -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang -analyzer-checker -Xclang nullability.NullPassedToNonnull -Xclang -analyzer-output\=plist -Xclang -analyzer-opt-analyze-nested-blocks -D__clang_analyzer__ --analyze && cat out


a.m:
#import <Foundation/Foundation.h>

NS_ASSUME_NONNULL_BEGIN

@interface MyObject : NSObject

- (id)foo;

@end

NS_ASSUME_NONNULL_END

@implementation MyObject

- (id)foo
{
    return nil;
}

@end

Thanks,
Michael

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Bug with clang static analyzer

Jon Chesterfield via cfe-dev
Hmm, indeed. Yeah, it seems that we're using the same default CheckName
for all nullability checks, even though we retrieve the correct names in
NullabilityChecker.cpp's REGISTER_CHECKER - that's missing boilerplate
for having the same checker object in C++ code pretend to be multiple
user-facing checkers. And we never noticed only because nobody was using
this field.

Would you be willing to file a bugzilla bug in bugs.llvm.org or an Apple
bug, whatever sounds more comfortable to you?

On 02/02/2018 11:08 AM, Michael Eisel via cfe-dev wrote:

> Hi,
>
> I'm working with the version of clang shipped with Xcode 9.0.1 (Apple
> LLVM version 9.0.0 (clang-900.0.38)) and I seem to have found a bug
> where the check_name parameter of the clang static analysis plist file
> is incorrect. Since I use this check_name as an identifier for
> automatic linting in CI, it's important to get it right (e.g., to
> track the change in violations across commits). When I enable the lint
> nullability.NullPassedToNonnull, that check name is returned for a
> violation that is actually nullability.NullReturnedFromNonnull. When I
> disable nullability.NullPassedToNonnull, the check_name is correctly
> reported.
>
> Command where check_name is correct (nullability.NullReturnedFromNonnull):
>
> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
> -isysroot
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk
> -arch x86_64 -mios-simulator-version-min\=10.0 -std\=gnu99 -c a.m -o
> out -Wno-error -Xclang -analyzer-config -Xclang mode\=deep -Xclang
> -analyzer-config -Xclang path-diagnostics-alternate\=true -Xclang
> -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang
> -analyzer-disable-checker -Xclang nullability.NullPassedToNonnull
> -Xclang -analyzer-output\=plist -Xclang
> -analyzer-opt-analyze-nested-blocks -D__clang_analyzer__ --analyze &&
> cat out
>
>
> Command where check_name is NullPassedToNonnull:
>
> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
> -isysroot
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk
> -arch x86_64 -mios-simulator-version-min\=10.0 -std\=gnu99 -c a.m -o
> out -Wno-error -Xclang -analyzer-config -Xclang mode\=deep -Xclang
> -analyzer-config -Xclang path-diagnostics-alternate\=true -Xclang
> -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang
> -analyzer-checker -Xclang nullability.NullPassedToNonnull -Xclang
> -analyzer-output\=plist -Xclang -analyzer-opt-analyze-nested-blocks
> -D__clang_analyzer__ --analyze && cat out
>
>
> a.m:
> #import <Foundation/Foundation.h>
>
> NS_ASSUME_NONNULL_BEGIN
>
> @interface MyObject : NSObject
>
> - (id)foo;
>
> @end
>
> NS_ASSUME_NONNULL_END
>
> @implementation MyObject
>
> - (id)foo
> {
>   return nil;
> }
>
> @end
>
> Thanks,
> Michael
>
>
> _______________________________________________
> cfe-dev mailing list
> [hidden email]
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Bug with clang static analyzer

Jon Chesterfield via cfe-dev
Will do, thanks.

On Fri, Feb 2, 2018 at 2:52 PM, Artem Dergachev <[hidden email]> wrote:
Hmm, indeed. Yeah, it seems that we're using the same default CheckName for all nullability checks, even though we retrieve the correct names in NullabilityChecker.cpp's REGISTER_CHECKER - that's missing boilerplate for having the same checker object in C++ code pretend to be multiple user-facing checkers. And we never noticed only because nobody was using this field.

Would you be willing to file a bugzilla bug in bugs.llvm.org or an Apple bug, whatever sounds more comfortable to you?


On 02/02/2018 11:08 AM, Michael Eisel via cfe-dev wrote:
Hi,

I'm working with the version of clang shipped with Xcode 9.0.1 (Apple LLVM version 9.0.0 (clang-900.0.38)) and I seem to have found a bug where the check_name parameter of the clang static analysis plist file is incorrect. Since I use this check_name as an identifier for automatic linting in CI, it's important to get it right (e.g., to track the change in violations across commits). When I enable the lint nullability.NullPassedToNonnull, that check name is returned for a violation that is actually nullability.NullReturnedFromNonnull. When I disable nullability.NullPassedToNonnull, the check_name is correctly reported.

Command where check_name is correct (nullability.NullReturnedFromNonnull):

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk -arch x86_64 -mios-simulator-version-min\=10.0 -std\=gnu99 -c a.m -o out -Wno-error -Xclang -analyzer-config -Xclang mode\=deep -Xclang -analyzer-config -Xclang path-diagnostics-alternate\=true -Xclang -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang -analyzer-disable-checker -Xclang nullability.NullPassedToNonnull -Xclang -analyzer-output\=plist -Xclang -analyzer-opt-analyze-nested-blocks -D__clang_analyzer__ --analyze && cat out


Command where check_name is NullPassedToNonnull:

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk -arch x86_64 -mios-simulator-version-min\=10.0 -std\=gnu99 -c a.m -o out -Wno-error -Xclang -analyzer-config -Xclang mode\=deep -Xclang -analyzer-config -Xclang path-diagnostics-alternate\=true -Xclang -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang -analyzer-checker -Xclang nullability.NullPassedToNonnull -Xclang -analyzer-output\=plist -Xclang -analyzer-opt-analyze-nested-blocks -D__clang_analyzer__ --analyze && cat out


a.m:
#import <Foundation/Foundation.h>

NS_ASSUME_NONNULL_BEGIN

@interface MyObject : NSObject

- (id)foo;

@end

NS_ASSUME_NONNULL_END

@implementation MyObject

- (id)foo
{
  return nil;
}

@end

Thanks,
Michael


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev



_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev