[PATCH] [analyzer] Path-sensitive different.IntegerOverflow checker

Julia Trofimovich t.iuliia at samsung.com
Fri Oct 31 10:09:04 PDT 2014 

I'm sorry for two-month delay...
ExternalSym is the only way I can suggest to suppress the large number of FP's. I guess inter-unit analysis could have been helpful, but as such approach would require a lot more work, I found ignoring values which may be changed in other units to be the only viable option. But of course we are interested in any discussions and suggestions...

I've wrote some example but didn't find the proper place to add it, so I guess I just post it here:

main.cpp
```
#include "SomeClass.h"

void clang_analyzer_eval(bool);

int main() {
  SomeClass sc(0);
  bool b = (sc.someFunc() + 1) != 0;
  // FIXME: 'b' is always TRUE
  clang_analyzer_eval(b); // expected-warning{{TRUE}} expected-warning{{FALSE}}
  return 0;
}
```
SomeClass.h
```
#ifndef SOMECLASS_H
#define SOMECLASS_H

void someExternalFunc (int a) {
  unsigned k = a ? 2 * a : a; // A comparison with 0 to bifurcate the state
}

class SomeClass {
  unsigned a;
public:
  SomeClass();
  unsigned someFunc() {
    someExternalFunc(a);
    return a - 1;
  }
};

#endif // SOMECLASS_H
```
SomeClass.cpp
```
#include "SomeClass.h"

SomeClass::SomeClass(unsigned pa) {
  a = pa ? pa : -1; // a isn't 0
}
```
Unexpected "FALSE" warning here has the same nature as the FP in DrmPassthruPlugIn.cpp. Lack of information from another translation unit forces analyzer to consider that some variables may take values which cant't really be taken. So 'b' in main.cpp can't be false, but the 'FALSE' warning still happens.

================
Comment at: lib/StaticAnalyzer/Checkers/IntegerOverflowChecker.cpp:35
@@ +34,3 @@
+  mutable std::unique_ptr<BuiltinBug> BT;
+
+  mutable std::set<SourceLocation> OverflowLoc;
----------------
zaks.anna wrote:
> Are you getting multiple reports on the same location? I don't think that should be happening - the bug reporting infrastructure should unique reports.
In what way should bug reporting infrastructure unique reports? scan-build prevents existence of fully identical reports by computing digest (Digest::MD5->new->addfile(*FILE)->hexdigest; scan-build, line 247) but cases when alerts differs by message only aren't caught.

http://reviews.llvm.org/D4066

More information about the cfe-commits mailing list