[cfe-commits] PATCH: Enhance array bounds checking

Ted Kremenek kremenek at apple.com
Thu Jul 14 10:38:39 PDT 2011 

More directly, I don't think we should warn here unless there is a really compelling argument.  I just see this as producing way too much noise.  I can only see warning about these cases if it was put under a different warning flag, and that warning wasn't on by default.

On Jul 14, 2011, at 10:28 AM, Ted Kremenek wrote:

> Hi Kaelyn,
> 
> I was reviewing this patch (which I think is a great step), and I had a high-level comment about the following test case:
> 
> +void swallow (const char *x) { (void)x; }
> +void test_pointer_arithmetic() {
> +  const char hello[] = "Hello world!"; // expected-note 2 {{declared here}}
> +  const char *helloptr = hello;
> +
> +  swallow("Hello world!" + 6); // no-warning
> +  swallow("Hello world!" - 6); // expected-warning {{refers before the beginning of the array}}
> +  swallow("Hello world!" + 14); // expected-warning {{refers past the end of the array}}
> 
> Do we really want this to be a warning?  There are plenty of examples where an out-of-bounds pointer is computed for legit reasons.  As long as that address is not dereferenced, there isn't necessarily a problem.  I'm fearful this may generate a fair amount of noise on codebases that do elaborate tricks with pointer offsets.  Indeed this very example doesn't actually exhibit a "bug".
> 
> Ted
> 
> On Jul 11, 2011, at 4:25 PM, Kaelyn Uhrain wrote:
> 
>> Here's the updated patch that includes the changes Nick suggested and rebased against the current TOT.
>> 
>> On Mon, Jul 11, 2011 at 3:30 PM, Ted Kremenek <kremenek at apple.com> wrote:
>> Hi Kaelyn,
>> 
>> This looks great.  Nick already made some great comments on the code. If you could address the last couple review comments I think this is ready to push back to mainline.
>> 
>> Cheers,
>> Ted
>> 
>> On Jul 8, 2011, at 5:03 PM, Kaelyn Uhrain wrote:
>> 
>>> The attached patch enhances the existing array bounds checking to include support for bounds checking on pointer arithmetic when possible (e.g. "Foo" + 5 or somearray - 7 when the size of somearray is known). It also fixes the bounds checking to work with unary operators like & and *; without this patch, for "char foo[4]", foo[15] would trigger the warning but &foo[15] wouldn't.
>>> 
>>> You can also view and comment on the changes at: http://codereview.appspot.com/4675068
>>> 
>>> Cheers,
>>> Kaelyn
>>> _______________________________________________
>>> cfe-commits mailing list
>>> cfe-commits at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>> 
>> 
>> <array-bounds-enhancement.diff>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20110714/02e05e6a/attachment.html>

More information about the cfe-commits mailing list