D-Scanner icon indicating copy to clipboard operation
D-Scanner copied to clipboard

Published 20 hours ago verified publisher icon dlang-community

null check

Open Imperatorn opened this issue 4 years ago • 4 comments

How hard would it be to include a null check for uninitialized objects?

Example: class C { int n = 42; }

void main() { C c;

int b = c.n; // null-reference, c is null, hence show warning / error

}

Imperatorn avatar Mar 17 '21 21:03 Imperatorn

The basics could be caught relatively easily I suppose, however to find bugs from scratch you must first create the universe (so to speak...)

maxhaton avatar Mar 18 '21 01:03 maxhaton

The basics could be caught relatively easily I suppose, however to find bugs from scratch you must first create the universe (so to speak...)

https://youtu.be/zSgiXGELjbc

Imperatorn avatar Mar 18 '21 06:03 Imperatorn

@wilzbach @Hackerpilot @WebFreak001 Any ideas?

I don't have the courage to try changing d-scanner yet. If you could give me some pointers I could take a stab at it though

Imperatorn avatar Mar 24 '21 07:03 Imperatorn

there are a few types of things to implement:

  • check: variable access in functions
  • check: member access in classes (only ctor may initialize properly)
  • keep in mind: delegates may or may not have the same semantics for their caller parent (respecting scope attribute)
  • keep in mind: branches need to resolve or return in all cases for any given variable
  • idea: sometimes there will be false positives, the user needs some way to initialize a variable with explicit non-null (even if the value that's being assigned is null)
  • idea: some @nullable, @nonnullable UDA which can be used on return value and function attributes to hint about return values (you want to use dsymbol here)
  • idea: abstract the data flow analysis algorithms from the AST, so it's possible to add more than just classes, like Nullable (also makes it easier to write/test it)

You would run the tests on each (nullable) variable that is being accessed in a function from the point where it's defined.

In D-Scanner every check is running pretty standalone so you can add one without needing to learn much D-Scanner specific stuff. Unittests can help you keep track of things. The AST works using libdparse so you have to traverse it like it's usual there. (See other D-Scanner checks or other projects using libdparse like workspace-d)

feel free to ping me on discord if you need help, I have worked on something similar before

WebFreak001 avatar Apr 06 '21 06:04 WebFreak001