Google Git
Sign in
bazel / crubit / refs/heads/main / . / nullability
tree: 01460e46b9b4a35200067fd0d20e3e1a0652d5da [path history] [tgz]
  1. formal_methods/
  2. inference/
  3. test/
  4. ast_helpers.h
  5. bluze.textproto
  6. BUILD
  7. loc_filter.cc
  8. loc_filter.h
  9. loc_filter_test.cc
  10. macro_arg_capture.h
  11. pointer_nullability.cc
  12. pointer_nullability.h
  13. pointer_nullability_analysis.cc
  14. pointer_nullability_analysis.h
  15. pointer_nullability_analysis_benchmark.cc
  16. pointer_nullability_analysis_test.cc
  17. pointer_nullability_diagnosis.cc
  18. pointer_nullability_diagnosis.h
  19. pointer_nullability_lattice.cc
  20. pointer_nullability_lattice.h
  21. pointer_nullability_lattice_test.cc
  22. pointer_nullability_matchers.cc
  23. pointer_nullability_matchers.h
  24. pointer_nullability_matchers_test.cc
  25. pointer_nullability_test.cc
  26. pragma.cc
  27. pragma.h
  28. pragma_test.cc
  29. proto_matchers.cc
  30. proto_matchers.h
  31. README.md
  32. type_and_maybe_loc_visitor.h
  33. type_nullability.cc
  34. type_nullability.h
  35. type_nullability_test.cc
nullability/README.md

C++ nullability analysis

Annotating C++ API boundaries with nullability information can improve their Rust bindings (e.g. binding non-null pointers as T& rather than Option<T&>).

This directory has tools for C++ codebases that use such annotations:

  • Nullability inference suggests annotations to add to APIs, by analyzing the code that implements and uses them.

  • Nullability verification verifies that annotated APIs are used and implemented safely, e.g. checking nullable pointers before dereferencing them. This is a local analysis suitable for use in a clang-tidy check.

They use Clang, its dataflow framework, and its nullability annotations.

Style

This directory mostly uses LLVM-style C++, rather than Google-style C++ used in the rest of crubit/. The goal is to make it easy to upstream into clang-tidy once mature.

Specifically:

  • We follow the LLVM coding standards, with the exceptions listed here.
  • We use absl CHECK() rather than assert(). (This finds bugs more reliably, and is trivial to migrate later.)
  • We otherwise avoid relying on absl, using llvm's Support libraries instead.
  • We write // TODO instead of // FIXME.

This list isn‘t set in stone: we can choose to diverge further from LLVM style, if it’s worth more cost of upstreaming later.