Bug with clang static analyzer

Clang Frontend
#1

Hi,

I’m working with the version of clang shipped with Xcode 9.0.1 (Apple LLVM version 9.0.0 (clang-900.0.38)) and I seem to have found a bug where the check_name parameter of the clang static analysis plist file is incorrect. Since I use this check_name as an identifier for automatic linting in CI, it’s important to get it right (e.g., to track the change in violations across commits). When I enable the lint nullability.NullPassedToNonnull, that check name is returned for a violation that is actually nullability.NullReturnedFromNonnull. When I disable nullability.NullPassedToNonnull, the check_name is correctly reported.

Command where check_name is correct (nullability.NullReturnedFromNonnull):

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk -arch x86_64 -mios-simulator-version-min=10.0 -std=gnu99 -c a.m -o out -Wno-error -Xclang -analyzer-config -Xclang mode=deep -Xclang -analyzer-config -Xclang path-diagnostics-alternate=true -Xclang -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang -analyzer-disable-checker -Xclang nullability.NullPassedToNonnull -Xclang -analyzer-output=plist -Xclang -analyzer-opt-analyze-nested-blocks -D__clang_analyzer__ --analyze && cat out

Command where check_name is NullPassedToNonnull:

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk -arch x86_64 -mios-simulator-version-min=10.0 -std=gnu99 -c a.m -o out -Wno-error -Xclang -analyzer-config -Xclang mode=deep -Xclang -analyzer-config -Xclang path-diagnostics-alternate=true -Xclang -analyzer-checker -Xclang nullability.NullReturnedFromNonnull -Xclang -analyzer-checker -Xclang nullability.NullPassedToNonnull -Xclang -analyzer-output=plist -Xclang -analyzer-opt-analyze-nested-blocks -D__clang_analyzer__ --analyze && cat out

a.m:
#import <Foundation/Foundation.h>

NS_ASSUME_NONNULL_BEGIN

@interface MyObject : NSObject

  • (id)foo;

@end

NS_ASSUME_NONNULL_END

@implementation MyObject

  • (id)foo
    {
    return nil;
    }

@end

Thanks,
Michael

#2

Hmm, indeed. Yeah, it seems that we're using the same default CheckName for all nullability checks, even though we retrieve the correct names in NullabilityChecker.cpp's REGISTER_CHECKER - that's missing boilerplate for having the same checker object in C++ code pretend to be multiple user-facing checkers. And we never noticed only because nobody was using this field.

Would you be willing to file a bugzilla bug in bugs.llvm.org or an Apple bug, whatever sounds more comfortable to you?

#3

Will do, thanks.