Miscellaneous-InvalidEffectAttributes

Do not use invalid effect attributes

Required inputs: IR

Several rules involving "side effects" can be configured with the effect-specifying attributes listed below. This rule validates that the effect-specifying attributes are used correctly: it will complain if any effects are detected in the method bodies that are not allowed by the specified attribute.

In a full analysis it is typically not necessary to use these attributes, as the analysis can infer them from the method body. However, use of these attributes can improve analysis of individual source files (single-file analysis). These attributes can also be used to specify effects for third party libraries for which the source code is not available during analysis.

[[axivion::pure]]: when this attribute is applied to a routine, it means that:

• The routine does not write any nonlocal memory
  • Any pointers or references passed into the function are dereferenced only for reading, never for writing
  • exception: pure constructors may write to *this
• The routine may read global variables
• The routine does not perform any syscalls
• The routine does not allocate memory
• The routine does not have any memory barriers or volatiles/atomics accesses
• The routine may throw C++ exceptions (unless otherwise marked, e.g. as noexcept)

Examples for some standard routines that satisfy [[axivion::pure]]: strlen, memcmp, isdigit. Functions like sin, pow do not satisfy this definition because they may write errno.

[[gnu::pure]] or __attribute__((pure)): Same as [[axivion::pure]].

[[gnu::const]] or __attribute__((const)): Similar to [[axivion::pure]], but does not allow reading global variables or dereferencing pointer parameters (only local memory may be accessed).

Warning: Use of the GNU attributes causes undefined behavior if used incorrectly, as the GNU compiler will use these attributes for optimizing the code.

Possible Messages

Key	Text	Severity	Disabled
invalid_effect	Function has effect {}, which is not allowed by the attribute.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

• This rule has no individual options.