[cfe-commits] r59232 - /cfe/trunk/lib/Analysis/GRExprEngine.cpp

Ted Kremenek kremenek at apple.com
Fri Nov 14 13:17:27 PST 2008


On Nov 14, 2008, at 12:03 PM, Mike Stump wrote:

> On Nov 14, 2008, at 9:49 AM, Ted Kremenek wrote:
>> Also consider:
>>
>>  void* p = alloca(...);
>>  ...
>>  char *q = (char*) p;
>>  *q = 'c';
>>  ...
>>  double *d = (double*) p;
>>  *d = 1.0;
>>  ...
>>  char ch = *q;  // we should be able to flag this as an error, since
>> that chunk of memory now binds to 'd'
>
> If the intent of the code is to access the first character of the  
> double 1.0, the code is fine.  Certainly it is safe and portable  
> according to the language standard.

Hi Mike,

I wasn't referring to whether or not it was safe according to the  
language standard.  I was talking about whether or not this should be  
flagged as a potential bug.  I'm not arguing that we do so in this  
particular case, but the idea is that we want to be able to catch path- 
sensitive type violations.

Ted



More information about the cfe-commits mailing list