[cfe-dev] [analyzer] limits in reasoning about memory regions

Alexander Droste via cfe-dev cfe-dev at lists.llvm.org
Thu Oct 8 05:16:09 PDT 2015


Hi,

I'd like to know in which cases the static analyzer
cannot fully reason about a memory region, especially
with respect to the amount of elements the region holds.

To my knowledge, the analyzer cannot fully reason about
a region in the following cases, as those are not
represented as TypedRegions:

- heap memory
Why is this actually the case? Wouldn't it be possible
to reason about the type, element count and size of a
region even if it is allocated with calloc, new or malloc
(if the region is allocated with a simple pattern).

- pointers returned from functions defined in a different translation
   unit than the function is called in

Are there more situations I'm not aware of?

-Alex



More information about the cfe-dev mailing list