[cfe-dev] static analyzer bug && diagnostics about suspicious casts
Anna Zaks
ganna at apple.com
Tue Jun 18 13:30:25 PDT 2013
On Jun 18, 2013, at 8:36 AM, Pavel Labath <labath at google.com> wrote:
> Greetings,
>
> recently I've found a bug in the static analyzer <http://llvm.org/bugs/show_bug.cgi?id=16308>, where it crashed processing code like this:
> -----
> struct A;
> struct B{ virtual ~B(); };
> class B2 : public B { };
> void f(A *a) {
> B *b=(B *)a;
> B2 *b2=dynamic_cast<B2 *>(b);
> }
> -----
> because A has incomplete type. Besides fixing the crash, I was thinking I could add a diagnostic which would detect patterns like this. The problem here is the reinterpret_cast to a non-standard-layout type, which invokes undefined behavior. Since this is fairly easy to detect, I started wondering if there is a reason it is not implemented yet. Is it because the pattern is too common in the code and would be an annoyance? Or am I missing something obvious here ?
As far as I know we have not tried adding this diagnostic. I am not sure what the false positive rate would be.
>
> cheers,
> pl
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130618/90903958/attachment.html>
More information about the cfe-dev
mailing list