[cfe-dev] Static Analyzer Rocks Hard
Ted Kremenek
kremenek at apple.com
Sat Jun 28 10:46:15 PDT 2008
On Jun 26, 2008, at 12:54 AM, Holger Schurig wrote:
> On Wednesday 25 June 2008 18:49:06 Ted Kremenek wrote:
>> Another kind of "taint property" is tracking the use of
>> kernel/user pointers in kernel space; this is more of an
>> address-space qualifier problem, but it can also be viewed as
>> a form of taint propagation.
>
> AFAIK this is done e.g. by the sparse tool when you compile linux
> with "make C=1".
Yep, Sparse has been a great tool for the Linux kernel folks. It
doesn't have a full-fledged C parser/semantic analyzer, so it would be
interesting to see what would happen if the same checks were
implemented in Clang (more code coverage? more bugs caught?). These
checks could be implemented as an ASTConsumer in Clang, potentially
built in the Analysis library. Adding Sparse's annotation support to
clang would also not be difficult.
Microsoft also implemented some great annotations for doing modular
buffer overflow checking:
http://msdn.microsoft.com/en-us/library/ms235402(VS.80).aspx
http://blogs.msdn.com/michael_howard/archive/2006/05/19/602077.aspx
I would love to see something like SAL (and other great, well-scoped
use of annotations) implemented in Clang as well.
More information about the cfe-dev
mailing list