| Sam McCall | 8a06793 | 2023-05-08 02:01:29 -0700 | [diff] [blame] | 1 | # C++ nullability analysis |
| 2 | |
| 3 | Annotating C++ API boundaries with nullability information can improve their |
| 4 | Rust bindings (e.g. binding non-null pointers as `T&` rather than `Option<T&>`). |
| 5 | |
| 6 | This directory has tools for C++ codebases that use such annotations: |
| 7 | |
| 8 | - **Nullability inference** suggests annotations to add to APIs, by analyzing |
| 9 | the code that implements and uses them. |
| 10 | |
| 11 | - **Nullability verification** verifies that annotated APIs are used and |
| 12 | implemented safely, e.g. checking nullable pointers before dereferencing them. |
| 13 | This is a local analysis suitable for use in a clang-tidy check. |
| 14 | |
| 15 | They use Clang, its [dataflow framework][], and its [nullability annotations][]. |
| 16 | |
| 17 | ## Style |
| 18 | |
| 19 | This directory mostly uses [LLVM-style][] C++, rather than Google-style C++ used |
| 20 | in the rest of `crubit/`. The goal is to make it easy to upstream into |
| 21 | clang-tidy once mature. |
| 22 | |
| 23 | Specifically: |
| 24 | |
| 25 | - We follow the LLVM coding standards, with the exceptions listed here. |
| 26 | - We use absl `CHECK()` rather than `assert()`. |
| 27 | (This finds bugs more reliably, and is trivial to migrate later.) |
| 28 | - We otherwise avoid relying on absl, using llvm's Support libraries instead. |
| 29 | - We write `// TODO` instead of `// FIXME`. |
| 30 | |
| 31 | This list isn't set in stone: we can choose to diverge further from LLVM style, |
| 32 | if it's worth more cost of upstreaming later. |
| 33 | |
| 34 | [dataflow framework]: <https://github.com/llvm/llvm-project/tree/main/clang/include/clang/Analysis/FlowSensitive> |
| 35 | [nullability annotations]: <https://clang.llvm.org/docs/AttributeReference.html#nullability-attributes> |
| 36 | [LLVM-style]: <https://llvm.org/docs/CodingStandards.html> |
