Silence false positive clang-tidy warning #727

kkaefer · 2016-09-01T10:14:49Z

The existing check can't be understood by clang-analyze/clang-tidy and reports a null pointer dereference down the line and produces these warnings:

include/rapidjson/internal/itoa.h:52:19: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
        *buffer++ = cDigitsLut[d2 + 1];
                  ^
tidy.cpp:7:5: note: Calling 'Writer::Int'
    writer.Int(1);
    ^
include/rapidjson/writer.h:174:72: note: Calling 'Writer::WriteInt'
    bool Int(int i)             { Prefix(kNumberType); return EndValue(WriteInt(i)); }
                                                                       ^
include/rapidjson/writer.h:480:23: note: Calling 'i32toa'
    const char* end = internal::i32toa(i, buffer);
                      ^
include/rapidjson/internal/itoa.h:115:5: note: Taking false branch
    if (value < 0) {
    ^
include/rapidjson/internal/itoa.h:120:12: note: Calling 'u32toa'
    return u32toa(u, buffer);
           ^
include/rapidjson/internal/itoa.h:42:5: note: Taking true branch
    if (value < 10000) {
    ^
include/rapidjson/internal/itoa.h:46:9: note: Taking false branch
        if (value >= 1000)
        ^
include/rapidjson/internal/itoa.h:48:9: note: Taking false branch
        if (value >= 100)
        ^
include/rapidjson/internal/itoa.h:50:9: note: Taking false branch
        if (value >= 10)
        ^
include/rapidjson/internal/itoa.h:52:19: note: Dereference of null pointer
        *buffer++ = cDigitsLut[d2 + 1];
                  ^

(similar for other types of writers)

The sample program I used is

#include <rapidjson/writer.h>

int main(int, char*[]) {
    using namespace rapidjson;
    StringBuffer sb;
    Writer<StringBuffer> writer(sb);
    writer.Int(1);
    return 0;
}

It seems that clang-tidy is not sure that an allocation ever happens.

coveralls · 2016-09-01T10:32:24Z

Coverage remained the same at 99.937% when pulling 6c9a0f4 on mapbox:silence-dereference-null-pointer into cdb3454 on miloyip:master.

miloyip · 2016-09-01T14:03:33Z

Is there other ways to suppress the false alarm?
I do not want to please those checkers with potential performance overheads.

miloyip · 2018-06-21T09:16:45Z

Can it be done by adding a RAPIDJSON_ASSERT() instead?

mattgodbolt · 2018-10-01T19:46:32Z

I'm seeing this too. Adding // NOLINT on the include/rapidjson/internal/itoa.h:52 line is effective, if somewhat unfortunate. I don't think a RAPIDJSON_ASSERT() could help here: if it compiles out on release, then our clang-tidy checks will fail in release mode, and if it doesn't compile away it will pessimize performance.

pah · 2018-10-02T14:58:26Z

I don't think a RAPIDJSON_ASSERT() could help here: if it compiles out on release, then our clang-tidy checks will fail in release mode, and if it doesn't compile away it will pessimize performance.

Why would you want to run clang-tidy with NDEBUG defined? I assume there a tons of other places, where this would then trigger such false positives.

The existing checks triggered undefined behavior when the stack was empty (null pointer). This change avoid this: * If `stackTop_` and `stackEnd_` are null, it results in a `ptrdiff_t` of `0` * If `stackTop_` and `stackEnd_` are valid pointers, they produce a `ptrdiff_t` with the remaining size on the stack

kkaefer · 2018-10-05T07:26:36Z

Looking at this again, I believe that this is a valid bug, not merely a bogus clang-tidy warning: When stackTop_ is a null pointer ("dangling pointer"), arithmetic on it is undefined (see https://kristerw.blogspot.com/2016/03/c-pointers-are-not-hardware-pointers.html for more background). The check relies on this pointer arithmetic working like integer arithmetic. That's true in most cases and for most compilers, but not valid according to the specification. This pull request changes it to check for a valid stackTop_ pointer first before attempting to do pointer arithmetic.

This may still trigger undefined behavior because we're producing an out of bound value when adding to stackTop_ though, so a better check would be:

if (RAPIDJSON_UNLIKELY(sizeof(T) * count > stackEnd_ - stackTop_)) {

I believe this avoid UB:

If stackTop_ and stackEnd_ are null, it results in a ptrdiff_t of 0
If stackTop_ and stackEnd_ are valid pointers, they produce a ptrdiff_t with the remaining size on the stack.

I pushed an update to this branch with the new fix.

tencent-adm · 2018-10-05T07:27:06Z

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

coveralls · 2018-10-05T07:51:57Z

Coverage increased (+0.001%) to 99.922% when pulling 16872af on mapbox:silence-dereference-null-pointer into 663f076 on Tencent:master.

rigtorp · 2019-03-05T21:12:40Z

I can confirm this fix silences the warning. Would be great if it could be merged.

The macOS Monterey OS upgrade broke glog 0.3.5, moreover building Kudu with LLVM 9 on Apple silicon is not really feasible. There has been multiple non-merged patches submitted to tackle these issues: Upgrade glog to 0.6.0 [1] Fix codegen build on MacOS Monterey [2] Fix building on Apple M1 [3] Upgrade to LLVM 11 and IWYU 0.15 [4] This patch squashes all of the above and provides the necessary glue changes. LLVM is updated to version 11 and glog to version 0.6.0 to fix the initial build issues. Building the glog tests has to be turned off as it causes linker error in TSAN build. The optional ZLIB dependency in LLVM-IWYU is removed as the original issue -mentioned in the comments- has been resolved, and this caused build issues on Unix. [5] Building Kudu on different OS and compiler combinations resulted in various errors. Using Clang from the new LLVM 11 thridparty build resulted in consisted successful builds. Therefore the thirparty clang is used both in the local cmake and the distributed test script. The homebrew prefix is changed from /usr/local to /opt/homebrew on ARM macs. In places where package locations are provided, and ARM alternative location has been added. Added a patch to fix null pointer dereference in rapidjson. [6] Added another patch containing assertions to a similar issue, to fix suppress clang warnings in rapidjson. [7] Building tests in glog has to be turned off as it causes linker error in tsan build. [8] With the clang upgrade it now links against libatomic in TSAN builds. In dist-test.py libatomic is added to the list of shipped libraries as it was missing on the target machines. A couple of new TSAN race occurences came up with LLVM regexes, added those to the sanitizer suppression list. pstack_watcher uses gdb, pstack or gstack to examine a process. None of those are available on ARM macs. Added lldb support, to have a fallback on ARM macs. Finally libcurl needed to be upgraded to 7.80 as the old version gave symbol errors during release build on M1 mac. [1] Change-Id: I21abd1749fdfdcde412f5a2ca2245c42da20d4f3 [2] Change-Id: Idc5721cb2445303b2e79d08b547e746929c7486d [3] Change-Id: I029a858d2da77cea84e7e6856b8a5ac02713152d [4] Change-Id: Id9c32abe256978158617a4fe3a3c34e9bfd00fb2 [5] https://github.com/include-what-you-use/include-what-you-use/ issues/539 [6] Tencent/rapidjson#727 [7] Tencent/rapidjson#757 [8] google/glog#54 Change-Id: I9877f95340b969308c317a6bac50665ff78e329e

The macOS Monterey OS upgrade broke glog 0.3.5, moreover building Kudu with LLVM 9 on Apple silicon is not really feasible. There has been multiple non-merged patches submitted to tackle these issues: Upgrade glog to 0.6.0 [1] Fix codegen build on MacOS Monterey [2] Fix building on Apple M1 [3] Upgrade to LLVM 11 and IWYU 0.15 [4] This patch squashes all of the above and provides the necessary glue changes. LLVM is updated to version 11 and glog to version 0.6.0 to fix the initial build issues. Building the glog tests has to be turned off as it causes linker error in TSAN build. The optional ZLIB dependency in LLVM-IWYU is removed as the original issue -mentioned in the comments- has been resolved, and this caused build issues on Unix. [5] The homebrew prefix is changed from /usr/local to /opt/homebrew on ARM macs. In places where package locations are provided, an ARM alternative location has been added. Added a patch [6] to fix null pointer dereference in rapidjson. Added another patch [7] containing assertions to a similar suppress clang warnings in rapidjson. Building tests in glog has to be turned off [8] as it causes linker error in tsan build. With the clang upgrade it now links against libatomic in TSAN builds. In dist-test.py libatomic is added to the list of shipped libraries as it was missing on the target machines. A couple of new TSAN races came up with LLVM regexes, added those to the sanitizer suppression list. [1] Change-Id: https://gerrit.cloudera.org/#/c/18460/ [2] Change-Id: https://gerrit.cloudera.org/#/c/18461/ [3] Change-Id: https://gerrit.cloudera.org/#/c/18464/ [4] Change-Id: https://gerrit.cloudera.org/#/c/16768/ [5] https://github.com/include-what-you-use/include-what-you-use/ issues/539 [6] Tencent/rapidjson#727 [7] Tencent/rapidjson#757 [8] google/glog#54 Change-Id: I9877f95340b969308c317a6bac50665ff78e329e

The macOS Monterey OS upgrade broke glog 0.3.5, moreover building Kudu with LLVM 9 on Apple silicon is not really feasible. There has been multiple non-merged patches submitted to tackle these issues: Upgrade glog to 0.6.0 [1] Fix codegen build on MacOS Monterey [2] Fix building on Apple M1 [3] Upgrade to LLVM 11 and IWYU 0.15 [4] This patch squashes all of the above and provides the necessary glue changes. LLVM is updated to version 11 and glog to version 0.6.0 to fix the initial build issues. Building the glog tests has to be turned off as it causes linker error in TSAN build. The optional ZLIB dependency in LLVM-IWYU is removed as the original issue -mentioned in the comments- has been resolved, and this caused build issues on Unix. [5] The homebrew prefix is changed from /usr/local to /opt/homebrew on ARM macs. In places where package locations are provided, an ARM alternative location has been added. Added a patch [6] to fix null pointer dereference in rapidjson. Added another patch [7] containing assertions to a similar suppress clang warnings in rapidjson. Building tests in glog has to be turned off [8] as it causes linker error in tsan build. With the clang upgrade it now links against libatomic in TSAN builds. In dist-test.py libatomic is added to the list of shipped libraries as it was missing on the target machines. A couple of new TSAN races came up with LLVM regexes, added those to the sanitizer suppression list. [1] Change-Id: https://gerrit.cloudera.org/#/c/18460/ [2] Change-Id: https://gerrit.cloudera.org/#/c/18461/ [3] Change-Id: https://gerrit.cloudera.org/#/c/18464/ [4] Change-Id: https://gerrit.cloudera.org/#/c/16768/ [5] https://github.com/include-what-you-use/include-what-you-use/ issues/539 [6] Tencent/rapidjson#727 [7] Tencent/rapidjson#757 [8] google/glog#54 Change-Id: I9877f95340b969308c317a6bac50665ff78e329e Reviewed-on: http://gerrit.cloudera.org:8080/18770 Tested-by: Kudu Jenkins Reviewed-by: Alexey Serbin <alexey@apache.org>

The macOS Monterey OS upgrade broke glog 0.3.5, moreover building Kudu with LLVM 9 on Apple silicon is not really feasible. There has been multiple non-merged patches submitted to tackle these issues: Upgrade glog to 0.6.0 [1] Fix codegen build on MacOS Monterey [2] Fix building on Apple M1 [3] Upgrade to LLVM 11 and IWYU 0.15 [4] This patch squashes all of the above and provides the necessary glue changes. LLVM is updated to version 11 and glog to version 0.6.0 to fix the initial build issues. Building the glog tests has to be turned off as it causes linker error in TSAN build. The optional ZLIB dependency in LLVM-IWYU is removed as the original issue -mentioned in the comments- has been resolved, and this caused build issues on Unix. [5] The homebrew prefix is changed from /usr/local to /opt/homebrew on ARM macs. In places where package locations are provided, an ARM alternative location has been added. Added a patch [6] to fix null pointer dereference in rapidjson. Added another patch [7] containing assertions to a similar suppress clang warnings in rapidjson. Building tests in glog has to be turned off [8] as it causes linker error in tsan build. With the clang upgrade it now links against libatomic in TSAN builds. In dist-test.py libatomic is added to the list of shipped libraries as it was missing on the target machines. A couple of new TSAN races came up with LLVM regexes, added those to the sanitizer suppression list. [1] Change-Id: https://gerrit.cloudera.org/#/c/18460/ [2] Change-Id: https://gerrit.cloudera.org/#/c/18461/ [3] Change-Id: https://gerrit.cloudera.org/#/c/18464/ [4] Change-Id: https://gerrit.cloudera.org/#/c/16768/ [5] https://github.com/include-what-you-use/include-what-you-use/ issues/539 [6] Tencent/rapidjson#727 [7] Tencent/rapidjson#757 [8] google/glog#54 Change-Id: I9877f95340b969308c317a6bac50665ff78e329e

The macOS Monterey OS upgrade broke glog 0.3.5, moreover building Kudu with LLVM 9 on Apple silicon is not really feasible. There has been multiple non-merged patches submitted to tackle these issues: Upgrade glog to 0.6.0 [1] Fix codegen build on MacOS Monterey [2] Fix building on Apple M1 [3] Upgrade to LLVM 11 and IWYU 0.15 [4] This patch squashes all of the above and provides the necessary glue changes. LLVM is updated to version 11 and glog to version 0.6.0 to fix the initial build issues. Building the glog tests has to be turned off as it causes linker error in TSAN build. The optional ZLIB dependency in LLVM-IWYU is removed as the original issue -mentioned in the comments- has been resolved, and this caused build issues on Unix. [5] The homebrew prefix is changed from /usr/local to /opt/homebrew on ARM macs. In places where package locations are provided, an ARM alternative location has been added. Added a patch [6] to fix null pointer dereference in rapidjson. Added another patch [7] containing assertions to a similar suppress clang warnings in rapidjson. Building tests in glog has to be turned off [8] as it causes linker error in tsan build. With the clang upgrade it now links against libatomic in TSAN builds. In dist-test.py libatomic is added to the list of shipped libraries as it was missing on the target machines. A couple of new TSAN races came up with LLVM regexes, added those to the sanitizer suppression list. [1] Change-Id: https://gerrit.cloudera.org/#/c/18460/ [2] Change-Id: https://gerrit.cloudera.org/#/c/18461/ [3] Change-Id: https://gerrit.cloudera.org/#/c/18464/ [4] Change-Id: https://gerrit.cloudera.org/#/c/16768/ [5] https://github.com/include-what-you-use/include-what-you-use/ issues/539 [6] Tencent/rapidjson#727 [7] Tencent/rapidjson#757 [8] google/glog#54 Change-Id: I9877f95340b969308c317a6bac50665ff78e329e Reviewed-on: http://gerrit.cloudera.org:8080/18770 Tested-by: Kudu Jenkins Reviewed-by: Alexey Serbin <alexey@apache.org>

patcheng mentioned this pull request Sep 30, 2016

added assertion to help suppress clang warnings #757

Merged

kkaefer force-pushed the silence-dereference-null-pointer branch from 6c9a0f4 to 16872af Compare October 5, 2018 07:26

miloyip merged commit 3cf4f7c into Tencent:master Mar 6, 2019

nyh mentioned this pull request Oct 7, 2020

Release status #1774

Open

Spixmaster mentioned this pull request Apr 4, 2021

clang-tidy shows several null pointer dereferences (Version 1.1.0) #1855

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Silence false positive clang-tidy warning #727

Silence false positive clang-tidy warning #727

kkaefer commented Sep 1, 2016

coveralls commented Sep 1, 2016 •

edited

Loading

miloyip commented Sep 1, 2016

miloyip commented Jun 21, 2018

mattgodbolt commented Oct 1, 2018

pah commented Oct 2, 2018

kkaefer commented Oct 5, 2018

tencent-adm commented Oct 5, 2018

coveralls commented Oct 5, 2018

rigtorp commented Mar 5, 2019

Silence false positive clang-tidy warning #727

Silence false positive clang-tidy warning #727

Conversation

kkaefer commented Sep 1, 2016

coveralls commented Sep 1, 2016 • edited Loading

miloyip commented Sep 1, 2016

miloyip commented Jun 21, 2018

mattgodbolt commented Oct 1, 2018

pah commented Oct 2, 2018

kkaefer commented Oct 5, 2018

tencent-adm commented Oct 5, 2018

coveralls commented Oct 5, 2018

rigtorp commented Mar 5, 2019

coveralls commented Sep 1, 2016 •

edited

Loading