[cfe-commits] [PATCH] Fix for PR7218, and analyzer support for calloc()

Ted Kremenek kremenek at apple.com
Fri May 28 18:19:57 PDT 2010


Thanks Jordy.  My initial thought is that this looks great, but I need to test it out a bit and verify that it has the right semantics.

On May 28, 2010, at 5:28 PM, Jordy Rose wrote:

> Ah, right. That would be necessary, huh. Thanks.
> 
> Jordy
> 
> 
> On Fri, 28 May 2010 17:20:36 -0700, Ted Kremenek <kremenek at apple.com>
> wrote:
>> Hi Jordy,
>> 
>> I don't see your patch.  Did you forget to attach it?
>> 
>> Ted
>> 
>> On May 28, 2010, at 5:11 PM, Jordy Rose wrote:
>> 
>>> 
>>> Fixes PR7218 "Assigning to buf[0] makes buf[1] valid" by not allowing
>>> arrays and symbolic regions to have direct bindings, only bindings to
>>> element 0. (The exception is symbolic regions for references, since
> they
>>> don't have elements.)
>>> 
>>> On top of that, adds support for calloc(), treating its result as a
>>> malloc-region that needs freeing, whose contents are initialized to 0.
>>> 
>>> I'm not entirely happy with the replacement of *p with p[0] in
>>> GRExprEngine, but that seems to be the last place where you can tell
> the
>>> difference between a binding to p and a binding to p[0].
>>> 
>>> This could be split into two patches, of course, though I worked on it
>>> all
>>> simultaneously. The calloc() part requires a way to set default
> elements
>>> for regions -- I did it by using the assumption that arrays and
> symbolic
>>> regions couldn't get direct bindings, only default ones, but it could
>>> also
>>> be done by adding another method to Store (really RegionStore).
>>> 
>>> Jordy
>>> _______________________________________________
>>> cfe-commits mailing list
>>> cfe-commits at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
> <calloc-and-first-element.patch>





More information about the cfe-commits mailing list