[PATCH] D13126: New static analyzer checker for loss of sign/precision
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 10 09:53:40 PDT 2016
NoQ added a comment.
Wow, i've completely forgot about this one. Sorry about that... I think this checker is good to have in the current shape, and probably incrementally developed. It'd probably move out of alpha whenever it's tweaked to somehow make sure it finds enough real bugs among intentional integer truncations, which would most likely require some nontrivial heuristics.
Added a few very minor comments, once they're fixed i'd consider committing(?)
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:10
@@ +9,3 @@
+// Check that there is not loss of sign/precision in assignments, comparisons
+// and multiplications.
~~not~~ => no
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:21
@@ +20,3 @@
+// Many compilers and tools have similar checks that are based on semantic
+// analysis. Those checks are sound but has poor precision. ConversionChecker
+// is an alternative to those checks.
~~has~~ => have
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:66
@@ +65,3 @@
+ const Stmt *Parent = PM.getParent(Cast);
+ if (!Parent)
I think you can assert that the parent exists here.
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:87
@@ +86,3 @@
+ // Generate an error node.
+ ExplodedNode *N = C.generateErrorNode(C.getState());
+ if (!N)
You are generating a fatal error node, which stops the analysis on the path on which the bug is found. I don't think it's desired, because the program isn't known to terminate upon loss of sign/precision, and it suppresses other warnings by other checkers. I think you need to use `generateNonFatalErrorNode()` here. But then you need to make sure you generate this node exactly once per callback and re-use for all reports in case there are multiple reports, otherwise the execution path behind this node may be duplicated.
More information about the cfe-commits