[cfe-dev] clang static analyzer fails to find bug it found previously

Anna Zaks ganna at apple.com
Fri Apr 5 10:48:10 PDT 2013


CC-ing Anton who is developing the checker.

Anna.
On Apr 5, 2013, at 7:31 AM, Dennis Cote <DennisC at harding.ca> wrote:

> Hi Anna,
>  
> I added the following line to the beginning of the function to create an unpaired new. I used the nothrow array variation of new since that is what is used where I am having the problem.
>  
>                 char* bogus = new(nothrow) char[100];
>  
> I got an additional “Value stored to 'bogus' during its initialization is never read” error report, but nothing about the memory leak.
>  
> I then tried a basic new without the nothrow argument and the leak was detected and reported. The source has always used the nothrow argument to new, and the leak was detected in the past.
>  
> It looks like a regression in the checker. It seems to work for ‘new’ but not for ‘new(nothrow)’ any longer.
>  
> Dennis Cote
>  
> From: Anna Zaks [mailto:ganna at apple.com] 
> Sent: April 3, 2013 6:06 PM
> To: Dennis Cote
> Cc: cfe-dev at cs.uiuc.edu
> Subject: Re: [cfe-dev] clang static analyzer fails to find bug it found previously
>  
> I did not see your second email before sending that the checker should be in alpha package.
>  
> Can you try inserting a bogus leak into the function and see if it is reported. This way we will know if the issue if the checker is on or off.
>  
> Anna.
> On Apr 3, 2013, at 3:31 PM, Dennis Cote <DennisC at harding.ca> wrote:
> 
> 
>  
> From: Anna Zaks 
> 
> I've just realized that the checker's package changed after the commit, so it's now called alpha.cplusplus.NewDelete.
>  
>  
> Hi Anna,
>  
> I had seen this already, as mentioned in my previous post. I get the same diagnostics with and without this checker enabled.
>  
> I have verified (using the verbose scan-build output) that the –enable-checker option is being processed and an -analyze-checker option is being passed to clang++ for this file (near the end of the command line). I noticed that the format of this option is different than the “-analyzer-checker=…” format used for the other checkers, but I don’t know if it is a significant difference.
>  
> '/mingw/bin/clang++' '-cc1' '-triple' 'i686-pc-mingw32' '-analyze' '-disable-free' '-disable-llvm-verifier' '-main-file-name' 'astyl
> e_main.cpp' '-analyzer-store=region' '-analyzer-opt-analyze-nested-blocks' '-analyzer-eagerly-assume' '-analyzer-checker=core' '-ana
> lyzer-checker=unix' '-analyzer-checker=deadcode' '-analyzer-checker=security.insecureAPI.UncheckedReturn' '-analyzer-checker=securit
> y.insecureAPI.getpw' '-analyzer-checker=security.insecureAPI.gets' '-analyzer-checker=security.insecureAPI.mktemp' '-analyzer-checke
> r=security.insecureAPI.mkstemp' '-analyzer-checker=security.insecureAPI.vfork' '-analyzer-output' 'plist' '-w' '-mrelocation-model'
> 'static' '-mdisable-fp-elim' '-fmath-errno' '-mconstructor-aliases' '-target-cpu' 'pentium4' '-resource-dir' 'C:/MinGW/bin\..\lib\cl
> ang\3.3' '-fdeprecated-macro' '-fno-dwarf-directory-asm' '-fdebug-compilation-dir' 'c:/cmd_line_tools/AStyle/build/gcc' '-ferror-lim
> it' '19' '-fmessage-length' '0' '-mstackrealign' '-fno-use-cxa-atexit' '-fobjc-runtime=gcc' '-fobjc-default-synthesize-properties' '
> -fcxx-exceptions' '-fexceptions' '-fdiagnostics-show-option' '-backend-option' '-vectorize-loops' '-analyzer-display-progress' '-ana
> lyzer-checker' 'alpha.cplusplus.NewDelete' '-analyzer-output=html' '-o' 'C:/Users/DennisC/AppData/Local/Temp/scan-build-2013-04-03-8
> ' '-x' 'c++' 'c:/cmd_line_tools/AStyle/src/astyle_main.cpp'
>  
> I also noticed that the analyzer is seeing the problematic function. So _WIN32 must be defined.
>  
> ANALYZE (Syntax): c:/cmd_line_tools/AStyle/src/astyle_main.cpp getNumberFormat
>  
> Was the behavior of this checker changed when it was demoted to alpha status?
>  
> The behavior of the analyzer is changing all the time; we did made changes to suppress possible false positives coming from new/delete checker.
> Can you attach a preprocessed file for this source file? Otherwise we cannot tell for sure.
>  
> Here is one possibility. Do you pass outBuf as const pointer to one of the calls between 'new' and 'return'? We've added a suppression for this recently.
>  
> Anna.
> 
> 
>  
> Dennis Cote
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130405/5dd9d67c/attachment.html>


More information about the cfe-dev mailing list