[cfe-commits] r59232 - /cfe/trunk/lib/Analysis/GRExprEngine.cpp

[Mike Stump]

On Nov 14, 2008, at 9:49 AM, Ted Kremenek wrote:
> Also consider:
>
>   void* p = alloca(...);
>   ...
>   char *q = (char*) p;
>   *q = 'c';
>   ...
>   double *d = (double*) p;
>   *d = 1.0;
>   ...
>   char ch = *q;  // we should be able to flag this as an error, since
> that chunk of memory now binds to 'd'

If the intent of the code is to access the first character of the  
double 1.0, the code is fine.  Certainly it is safe and portable  
according to the language standard.

> Another horrible case:
>
>   void* p = alloca(...);
>     ...
>   char *q = (char*) p;
>   *q = 'c';
>   ...
>   double *d = ((double*) p) + 1;
>   *d = 1.0;
>   ...
>   char ch = *q;  // whether or not this is an error is subjective.

Again, safe and portable according to the language standard.