[cfe-dev] [StaticAnalyzer] C++ related checkers

Manuel Klimek klimek at google.com
Tue Mar 17 06:16:45 PDT 2015 

On Tue, Mar 17, 2015 at 1:52 PM Adam Romanek <romanek.adam at gmail.com> wrote:

> Could you be more specific about these limitations of the engine? Are
> they documented somewhere?


Not that I'm aware of. The analyzer works well for a large set of code, and
people like us for whom it doesn't work well enough yet don't use it.


> Are there any plans or ongoing work on
> getting rid of them?
>

 It's an open source project, so help is always welcome :)


>
> Best regards,
> Adam Romanek
>
> On 17.03.2015 12:11, Manuel Klimek wrote:
> > There are still a few core issues to resolve in the analyzer before
> > it'll get really useful for large C++ codebases (<- opinion :) and I
> > think that's why we're not seeing that many C++ related checks.
> >
> > Specifically, temporary constructors/destructors still have work to do,
> > especially regarding passing temporaries as by-value function parameters.
> >
> > On Mon, Mar 16, 2015 at 11:22 PM Adam Romanek <romanek.adam at gmail.com
> > <mailto:romanek.adam at gmail.com>> wrote:
> >
> >     Hi!
> >
> >     I'm new to this list and to Clang development. Nevertheless I've
> >     been interested in Clang Static Analyzer for a while. I've been
> >     using it on a large code base with a lot of success. So let me start
> >     by saying: thanks for this amazing piece of code!
> >
> >     But... Some time ago I realized there are hardly any strictly C++
> >     related checkers in CSA. I was wondering if there's any movement in
> >     this area. I was thinking about some checkers for use-after-free for
> >     STL containers like std::string, for example:
> >
> >     const char* x = NULL;
> >     {
> >        std::string foo("foo");
> >        x = foo.c_str();
> >     }
> >     printf("%s", x); // boom
> >
> >     There are also some other common types of errors in C++ like use of
> >     iterator after it has been invalidated. FYI this one in particular
> >     is detected by cppcheck.
> >
> >     So I decided to dig a bit to find out whether it is hard to write a
> >     checker for use-after-free like in the example with std::string. It
> >     looks like MallocChecker deals with a similar class of issues.
> >
> >     I was wondering whether it would be the right approach to try to
> >     "bend" MallocChecker to my needs (but it's already 2.5k lines of
> >     code) or to start something new on my own.
> >
> >     Honestly it took me some time even to detect a simple std::string
> >     constructor call so the road looks rather long and bumpy...
> >
> >     Any hints, pointers? Any related work?
> >
> >     Thanks in advance.
> >
> >     Best regards,
> >     Adam Romanek
> >     _________________________________________________
> >     cfe-dev mailing list
> >     cfe-dev at cs.uiuc.edu <mailto:cfe-dev at cs.uiuc.edu>
> >     http://lists.cs.uiuc.edu/__mailman/listinfo/cfe-dev
> >     <http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev>
> >
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150317/1d5c07a8/attachment.html>

More information about the cfe-dev mailing list