[cfe-commits] r86252 - in /cfe/trunk: include/clang/Analysis/PathSensitive/Checker.h lib/Analysis/CMakeLists.txt lib/Analysis/GRExprEngineInternalChecks.cpp lib/Analysis/GRExprEngineInternalChecks.h lib/Analysis/ReturnPointerRangeChecker.cpp test/Analysis/region-only-test.c
Ted Kremenek
kremenek at apple.com
Fri Nov 6 14:56:31 PST 2009
On Nov 6, 2009, at 2:02 PM, Cédric Venet wrote:
>
>>> +int a[10];
>>> +
>>> +int *f0() {
>>> + int *p = a+10;
>>> + return p; // expected-warning{{Return of Pointer Value Outside of
>>> Expected Range}}
>>> +}
>>>
>>>
>
> This could leads to false positive in case like:
>
> struct Array10 {
> int a[10];
> typedef int* iterator;
> iterator begin() { return a; }
> iterator end() { return a+10; }
> }
>
> since while it is not allowed to dereference the p, it is legal to
> have
> a pointeur one element after the end.
> On the other hand, only triggering the warning if the pointer is two
> elements (or more) after the end would limit the usefulness of the
> analysis.
This is a reasonable concern. I'd prefer a false negative here
instead of a commonly occurring false positive. The strategy I see:
(1) If the pointer returned points before the buffer, ERROR
(2) If the pointer returned points to >= 2 bytes beyond the buffer,
ERROR
(3) If the pointer returned points to 1 byte beyond the buffer, only
ERROR when we have a higher confidence that this is valid
Clearly (3) is going to be black art, but that seems reasonable. We
start with not ERRORing in this case, and gradually expand.
More information about the cfe-commits
mailing list