New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[analyzer] Overly eager assumption combinations before/after invalidation #53338
Comments
This is actually a much simpler case. It has nothing to do with lvalues and references and such. See the following note:
This function invalidates globals, regardless of whether Then later:
... the value produced during invalidation is assumed to be null, which is perfectly reasonable. So this is probably a false positive but the reason is the loss of information during invalidation of globals, combined with our policy to eagerly make state splits on every if-statement. Simulation of every operation is perfectly fine. You can confirm my observation by putting
and the warning disappears. |
So I guess the question remains whether we should have warned earlier in this case, i.e. at operator |
But yeah, regardless of how we treat (Sry for the noise!) |
Oh, thanks for the detailed explanation! If this is the case, then we should have some notes about invalidation. What do you think, could we have a note when encountering serious information loss, such as invalidations? |
As of today my best plan to combat this issue is to outright suppress bug reports that assume unusual things happening during invalidation. In particular, I think the following sequence of events can be banned:
I.e., specifically when invalidation causes seemingly contradictory choices to be made on two similar expressions, The alternative of explaining the very concept of invalidation to the users seems daunting to me. It's educational at best but we're still mostly making excuses. It sounds much more reasonable to actively search for a different path to the same bug that doesn't contain any surprises. Which is exactly what |
I like it. I guess we need and PoC implementation to experiment with it. It seems like something worth investigating. We will see if we can put it on the roadmap. Thanks for the discussion. I'll close this ticket in a week, to let others to join to the discussion. |
I and @martong thought about the implementation possibilities and the easiest we could come up with is this: We could later use the connection between WDYT @haoNoQ? |
Invalidation never removes Environment bindings. Environment contains values of expressions that have already been computed. If you've computed that 2+2=4, it wouldn't suddenly become 5 just because some global variable changed value. Only future loads from that variable are affected.
It'll most likely be a different expression. I.e., in our motivating example
expressions I suggest focusing on Store bindings instead. I.e., if a |
Imagine this example: https://godbolt.org/z/reavrz7vq
IMO this is a false-positive, since we take the address of the lvalue
entries[i]
, and the address of a valid object is never null.Currently, within the analyzer, we model reference locations the same way as pointers.
I understand the motivation and I can see the rationale behind it, but when I see a FP like this I question myself.
I tried experimenting with constraining the address of the lvalue to be non-null, but there are several test cases expecting "null references" to be a thing, but it would break a lot of tests, which explicitly test for the existence of "null references".
What should we do about this?
The standard feels fuzzy about this: ISO C11
6.5.3.2 Address and indirection operators
:In C++, we could query this by using constexpr evaluator like here: https://godbolt.org/z/5dx7rhjs3
By which we can conclude that
&*(p + i)
is a valid expression (aka. ha no UB) ifp
isnullptr
andi
is0
, but invalid ifi
is anything else, e.g.1
.To wrap this up, I'm not sure how to go about this, but seeing examples like the first one I wish "null references" were not a thing.
WDYT? @haoNoQ @martong @ASDenysPetrov
The text was updated successfully, but these errors were encountered: