Hello,
I’m trying to add ObjC clang analyzer checker to check if called block is non null.
I thought that at some ProgramState SVal for the called block will be constrained to null and that’s all I need to check.
I was naive.
Here is code of the checker: http://pastebin.com/raw/dcE12ayk
But it reports error even for simple code like:
void(^bl)(void) = ^{};
bl();
That’s caused by the fact that for my checker SVal for “bl” is “underconstrained”.
Could please someone lead me on the right examples from current checkers? Or explain, what am I doing wrong ?
As far as I understand I should extend existing NullabilityChecker and use propagated ‘nullability’ attribute. Seems to be the only way to understand probability that the block is null.
Still will be happy to get your thoughts on this.
For future references.
In that particular case it will be enough to check if Call has declaration
Call.getDecl()
and throw an error only if there is no declaration.
For future references.
In that particular case it will be enough to check if Call has declaration
Call.getDecl()
and throw an error only if there is no declaration.
I highly recommend watching these slides/video; I believe it answers the question about the state being underconstrained closer to the end. If it does not, please get back to me.
http://llvm.org/devmtg/2012-11/videos/Zaks-Rose-Checker24Hours.mp4
http://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf
You can find a bit more resources on the Clang Static Analyzer development here:
http://clang-analyzer.llvm.org/checker_dev_manual.html
Cheers,
Anna.
Hello Anna,
Thanks for slides/video, great talk!
Now I do understand how it works and why variable was underconstrained. But I have faced another obstacle with ConstraintManager, CallAndMessageChecker might alter ProgramState with wrong transition. I have described details in cfe-commits mailing list here http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20160321/153848.html