[PATCH] D13126: New static analyzer checker for loss of sign/precision

Anna Zaks via cfe-commits cfe-commits at lists.llvm.org
Wed Mar 23 11:33:46 PDT 2016 

zaks.anna added a comment.

Could you add the reduced false positives to the tests file?

> As far as I see the diagnostics are showing the proper path now..


What do you mean? Does this refer to supplying more information the the path about why the error occurs?


================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:12
@@ +11,3 @@
+//
+// ConversionChecker generates a subset of the warnings that are reported by
+// Wconversion. It is designed to be an alternative to Wconversion.
----------------
danielmarjamaki wrote:
> Thanks! I have tried to do that.
Can you describe what it does without referencing Wconversion? A reader might not know what that warning does.

================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:85
@@ +84,3 @@
+  if (!N)
+    return;
+
----------------
danielmarjamaki wrote:
> I renamed and changed these functions. Hope we all like it better now. The name is now "greaterEqualState" and it returns the state when the value is greater or equal. If there is no such state it returns nullptr.
> 
> As far as I see the diagnostics are showing the proper path now..
Cppcheck is probably performing control-flow sensitive analysis, which is completely different than the algorithm that is used by the Clang Static Analyzer, which performs path-sensitive analysis. The meaning of may and must are different. It is very important to understand the fundamentals behind how the analyzer works. Please, watch the video and let me know if you are interested in more information on symbolic execution.

When we talk about possible values for a variable(or a symbol) along one path in the static analyzer we can have both may and must:
 - may be greater than: StGE != nullptr
 - is greater than: StGE && !StLT

The whole point behind "assumeDual" is to allow us to differentiate between them. Your function specifically only cares about the "must" case. It would be a bug if it checked that the state is a "may" state.


http://reviews.llvm.org/D13126

More information about the cfe-commits mailing list