<div dir="ltr"><br><div>Hi, I am new here and I am wondering... does the frontend or the static analyzer have any support for generic abstract interpretation?</div><div><br></div><div>I would imagine most of the static analysis done in the frontend is abstract interpretation in some form, but I am utterly lost in the code so I have no clue how much of it may be generic and how much is just hardcoded special cases.</div>
<div class="gmail_extra"><br clear="all"><div><br>-- Jiří Zárevúcky</div>
<br><br><div class="gmail_quote">On 8 July 2014 23:34, Jordan Rose <span dir="ltr"><<a href="mailto:jordan_rose@apple.com" target="_blank">jordan_rose@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word"><div>The static analyzer <i>does</i> have this check:</div><div><br></div><div><div style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(148,58,32);background-color:rgb(223,219,196)">
<b><stdin>:3:5: </b><span style="color:#c02ec0"><b>warning: </b></span><b>Memory allocated by 'new[]' should be deallocated by</b></div><div style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(148,58,32);background-color:rgb(223,219,196)">
<b> 'delete[]', not 'delete'</b></div><div style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(76,47,45);background-color:rgb(223,219,196)"> delete a;</div><div style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(0,165,0);background-color:rgb(223,219,196)">
<b> ^~~~~~~~</b></div></div><div><br></div><div>...but only if it can see both the allocation and deallocation sites in the same path.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Jordan</div></font></span><div>
<div class="h5"><br><div><div>On Jul 8, 2014, at 10:17 , Rafael Auler <<a href="mailto:rafaelauler@gmail.com" target="_blank">rafaelauler@gmail.com</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr">This is an interesting analysis that would really help a lot of people. However, if the analysis intend to be truly accurate, I think it should be implemented in the static analyzer. <div>
<br></div><div>For example:</div>
<div><br></div><div>if (cond)</div><div> a = new int[5];</div><div>else</div><div> a = (int*) malloc(sizeof(int)*5);</div><div><br></div><div>would easily trick a CFG-based analysis because it can't know at compile-time whether cond is true or false.</div>
<div><br></div><div>Nevertheless, I still believe that a front-end analysis can help in simpler cases, but we can't expect to be 100% accurate.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 8, 2014 at 1:57 PM, Ismail Pazarbasi <span dir="ltr"><<a href="mailto:ismail.pazarbasi@gmail.com" target="_blank">ismail.pazarbasi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi,<br>
<br>During a demo, audience caught that I forgot [] in delete expression. clang didn't warn about it. I was wondering whether this is due to the cost of analysis. My sample was something like:<br>
<br>
class A {<br>
int *a;<br>
public:<br>
A() : a(new int[5]) { }<br>
~A() { delete /*[]*/ a; }<br>
};<br>
<br>but following doesn't seem like to analyze missing [] either:<div><br><div> % clang++ -fsyntax-only -x c++ -pedantic -Wall -Wextra -</div><div><div> void f() {</div><div> int *a = new int[5];</div><div> delete a;</div>
<div> }</div> %</div><div><br></div><div>Is this analysis omitted due to performance concerns or simply an oversight?</div><div><br>Analyzing my sample requires clang to analyze all ctor-initializers, then in-class initializers, to check whether member was new[]'ed each time it sees delete expression where pointee is a MemberExpr. For the latter case, I think checking whether VarDecl initialized with new[] is enough. Did I get this right? I already have a patch for this, but I didn't test its performance impact on a sufficiently large code base. Do we have previous implementation experience with this?<span><font color="#888888"><br>
</font></span></div></div><span><font color="#888888"><div><br></div><div>Ismail</div></font></span></div>
<br>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br></div>
_______________________________________________<br>cfe-dev mailing list<br><a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br><a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
</blockquote></div><br></div></div></div><br>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@cs.uiuc.edu">cfe-dev@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br></div></div>