[cfe-dev] Why these problems below were not found by Clang Static Analyzer?

apache ehcapa at qq.com
Tue Mar 11 19:53:11 PDT 2014


As below, these problems can be found be Coverity. But no BUGS were reported useing scan-build;(
Is the reason that I did not choose the right checkers?
Hers is my command line:
scan-build --use-analyzer=/usr/local/bin/clang -enable-checker llvm.Conventions -enable-checker alpha.core.BoolAssignment -enable-checker alpha.core.CastSize -enable-checke
    r alpha.core.CastToStruct -enable-checker alpha.core.FixedAddr -enable-checker alpha.core.IdenticalExpr -enable-checker alpha.core.PointerArithm -enable-checker alpha.core.
    PointerSub -enable-checker alpha.core.SizeofPtr -enable-checker alpha.cplusplus.NewDeleteLeaks -enable-checker alpha.cplusplus.VirtualCall -enable-checker alpha.deadcode.Id
    empotentOperations -enable-checker alpha.deadcode.UnreachableCode -enable-checker alpha.security.ArrayBound -enable-checker alpha.security.ArrayBoundV2 -enable-checker alph
    a.security.MallocOverflow -enable-checker alpha.security.ReturnPtrRange -enable-checker alpha.security.taint.TaintPropagation -enable-checker alpha.unix.Chroot -enable-chec
    ker alpha.unix.MallocWithAnnotations -enable-checker alpha.unix.PthreadLock -enable-checker alpha.unix.SimpleStream -enable-checker alpha.unix.Stream -enable-checker alpha.
    unix.cstring.BufferOverlap -enable-checker alpha.unix.cstring.NotNullTerminated -enable-checker alpha.unix.cstring.OutOfBounds -enable-checker security.FloatLoopCounter -en
    able-checker security.insecureAPI.rand -enable-checker security.insecureAPI.strcpy clang -c test2.c



----------------------------------------------------------------------
1.case without break
e.g.
int test(const int n) {
    int ret = 0;
    switch(n) {
    case 1:
        ret = 1;
        break;
    case 2:
        ret = 2; // this case branch has no 'break' statement.(coverity gived a warning here, but Clang didn't)
    default:
        break;
    }
    return ret;
}
----------------------------------------------------------------------
2.Dead code like below
#define MAX_NUM 10
void test(const int n) {
    if(n >= MAX_NUM && n < MAX_NUM) {
        printf("yes\n"); // this code will never be executed!(coverity gived a warning here, but Clang didn't)
    }
}
----------------------------------------------------------------------
3.NULL-Pointer reference like below
typedef struct {
    int age;
    int sex;
}Person;


Person *one_person(char flag)
{
    static Person p = {0, 0};
    if(flag == 1) {
        return &p;
    }
    return NULL;
}


void test()
{
    Person *p = on_person(0); 
    p->age = 24; // NULL-Pointer reference(coverity gived a warning here, but Clang didn't)
    p->sex = 0;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140312/c30ee5b1/attachment.html>


More information about the cfe-dev mailing list