[cfe-commits] PATCH: Enhance array bounds checking

[Ted Kremenek]

On Jul 14, 2011, at 10:39 AM, Joerg Sonnenberger wrote:

> On Thu, Jul 14, 2011 at 10:28:52AM -0700, Ted Kremenek wrote:
>> Hi Kaelyn,
>> 
>> I was reviewing this patch (which I think is a great step), and I had a high-level comment about the following test case:
>> 
>> +void swallow (const char *x) { (void)x; }
>> +void test_pointer_arithmetic() {
>> +  const char hello[] = "Hello world!"; // expected-note 2 {{declared here}}
>> +  const char *helloptr = hello;
>> +
>> +  swallow("Hello world!" + 6); // no-warning
>> +  swallow("Hello world!" - 6); // expected-warning {{refers before the beginning of the array}}
>> +  swallow("Hello world!" + 14); // expected-warning {{refers past the end of the array}}
>> 
>> Do we really want this to be a warning?  There are plenty of examples where an out-of-bounds pointer is computed for legit reasons.  As long as that address is not dereferenced, there isn't necessarily a problem.  I'm fearful this may generate a fair amount of noise on codebases that do elaborate tricks with pointer offsets.  Indeed this very example doesn't actually exhibit a "bug".
> 
> I'm not sure yet, but I think this is something that really should be
> investigated on real code bases first (and it should be a separate
> option for that reason).

Years ago one example I saw was the "Numerical Recipes" library, which tried to turn all C one-dimensional arrays into arrays with a "base index" of 1 (to be amendable for scientists previously coding with Fortran).  I'm not arguing that this is a good idea, but on that example this warning would likely fire thousands of times.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20110714/39653c76/attachment.html>