[cfe-dev] [analyzer] RFC, garbage value => out of bounds

Daniel Marjamäki via cfe-dev cfe-dev at lists.llvm.org
Mon Mar 14 05:21:44 PDT 2016


Thanks!

Well.. if you don't think my suggestion would make the warnings better I can work on other stuff.. but..

Imho the 'array index out of bounds' would be more correct.

The real code is not this simple. So at first it looks like a FP when the message claims that the fully initialized array contains garbage values.

Also I classify this as a FP. In the real code it is known that nr is not greater than 2. Clang is just guessing for no reason that it can be bigger than 2. So to silence this, as far as I know we'll have to add a redundant assertion or something.

It's more straight forward to see what assertion is needed, if the warning claims that the array index is out of bounds.

The 'array index' check is currently an alpha check. I assume it's because of some FP, maybe array index is not calculated properly always. Unfortunately right now such wrong array index affects the garbage values core check also. I would prefer to limit the FP to the alpha checking.

Best regards,
Daniel Marjamäki

-----Original Message-----
From: Joerg Sonnenberger [mailto:joerg at britannica.bec.de] 
Sent: den 14 mars 2016 12:05
To: Daniel Marjamäki
Cc: cfe-dev at lists.llvm.org
Subject: Re: [cfe-dev] [analyzer] RFC, garbage value => out of bounds

On Mon, Mar 14, 2016 at 08:44:42AM +0000, Daniel Marjamäki via cfe-dev wrote:
> 
> Hello!
> 
> I would like to change the analyzer so the a[i] value is not undefined when i is out of bounds.. to improve the Clang warnings.
> 
> Code example:
> 
>     void dostuff(int);
> 
>     void f(int nr) {
>         int a[2] = {1,1};
>         for (int i = 0; i < nr; i++)
>             dostuff(a[i]);
>     }
> 
> 
> Output from Clang analyzer:
> 
>     /home/danielm/ossa/uninit.c:7:5: warning: Function call argument is an uninitialized value
>         dostuff(a[i]);
>         ^~~~~~~~~~~~~
> 
> The array a is fully initialized. So imho the message is a FP.
> 
> It is better to write "array index out of bounds". Like this:
> 
>     /home/danielm/ossa/uninit.c:7:13: warning: Access out-of-bound array element (buffer overflow)
>         dostuff(a[i]);
>                 ^~~~
> 
> So.. if I change the analyzer the warning will not be shown unless the array-index check is enabled.

Have you looked e.g. at the HTML version on how the analyzer arrived at this decision? It typically makes things like index out of bounds much clearer. It is often not easy to say which warning is more appropiate, so I'm not sure how much sense shuffling here really makes.

Joerg


More information about the cfe-dev mailing list