[cfe-dev] More static analysis...
Ben Laurie
benl at google.com
Thu Feb 26 02:18:26 PST 2009
On Wed, Feb 25, 2009 at 5:27 PM, Ted Kremenek <kremenek at apple.com> wrote:
>
> On Feb 25, 2009, at 8:56 AM, Ben Laurie wrote:
>
>> I'm interested in looking at detecting "known bad" patterns, for example:
>>
>> (<expr> & 0) == 0 (this example is stolen from FindBugs)
>>
>> if(<non-boolean value>) (cause of recent OpenSSL vuln)
>
> Both of these would be easy to add. We've been mainly focusing on gradually
> enhancing the base symbolic reasoning of integer values, providing the
> substrate to write checks like these. We can talk about specifics if you
> are interested.
Yes, please. Though note that doing the second example properly
requires global analysis...
> I believe it wouldn't take more than a few lines of code to
> add checks for these.
Cool!
More information about the cfe-dev
mailing list