Google Git
Sign in
bazel / crubit / refs/heads/main / . / nullability
tree: 45f37ab27e9708a2498bcd6404ed497e1e12d2b4 [path history] [tgz]
  1. formal_methods/
  2. inference/
  3. test/
  4. annotations.h
  5. ast_helpers.h
  6. bluze.textproto
  7. BUILD
  8. forwarding_functions.cc
  9. forwarding_functions.h
  10. loc_filter.cc
  11. loc_filter.h
  12. loc_filter_test.cc
  13. macro_arg_capture.h
  14. pointer_nullability.cc
  15. pointer_nullability.h
  16. pointer_nullability_analysis.cc
  17. pointer_nullability_analysis.h
  18. pointer_nullability_analysis_benchmark.cc
  19. pointer_nullability_analysis_test.cc
  20. pointer_nullability_diagnosis.cc
  21. pointer_nullability_diagnosis.h
  22. pointer_nullability_lattice.cc
  23. pointer_nullability_lattice.h
  24. pointer_nullability_lattice_test.cc
  25. pointer_nullability_matchers.cc
  26. pointer_nullability_matchers.h
  27. pointer_nullability_matchers_test.cc
  28. pointer_nullability_test.cc
  29. pragma.cc
  30. pragma.h
  31. pragma_test.cc
  32. proto_matchers.cc
  33. proto_matchers.h
  34. README.md
  35. type_and_maybe_loc_visitor.h
  36. type_nullability.cc
  37. type_nullability.h
  38. type_nullability_test.cc
nullability/README.md

C++ nullability analysis

Annotating C++ API boundaries with nullability information can improve their Rust bindings (e.g. binding non-null pointers as T& rather than Option<T&>).

This directory has tools for C++ codebases that use such annotations:

  • Nullability inference suggests annotations to add to APIs, by analyzing the code that implements and uses them.

  • Nullability verification verifies that annotated APIs are used and implemented safely, e.g. checking nullable pointers before dereferencing them. This is a local analysis suitable for use in a clang-tidy check.

They use Clang, its dataflow framework, and its nullability annotations.

Style

This directory mostly uses LLVM-style C++, rather than Google-style C++ used in the rest of crubit/. The goal is to make it easy to upstream into clang-tidy once mature.

Specifically:

  • We follow the LLVM coding standards, with the exceptions listed here.
  • We use absl CHECK() rather than assert(). (This finds bugs more reliably, and is trivial to migrate later.)
  • We otherwise avoid relying on absl, using llvm's Support libraries instead.
  • We write // TODO instead of // FIXME.

This list isn‘t set in stone: we can choose to diverge further from LLVM style, if it’s worth more cost of upstreaming later.