[cfe-commits] [PATCH] review request: mempcpy() checker implementation for Static Analyzer
Lenny Maiorani
lenny at Colorado.EDU
Thu Mar 31 09:11:18 PDT 2011
On 03/30/2011 05:34 PM, Lenny Maiorani wrote:
>> As for the modeling of mempcpy() (and memcpy() for that matter): the
>> >> behavior is that if NULL is passed as either the src or dst there will
>> >> be a NULL pointer dereference unless the number of bytes to copy is 0. I
>> >> am re-working the flow through evalCopyCommon to accurately reflect that.
> > I'm fine with that coming in with a later patch. I just didn't know what the plan was. Please feel free to use FIXME comments in the code to indicate "things to do" in the future.
> >
> > If you want to regenerate the patch without tabs (and comments adjusted), I'll be happy to apply it!
Attached is a revised patch. The tabs and comments are reformatted.
More importantly, mempcpy() (and memcpy() for that matter) are being
properly modelled. Meaning, if 0 bytes are to be copied it ignores the
inputs. If the number of bytes to be copied is >0 then then the dest and
src inputs are verified to be non-NULL. NULL triggers a bug report.
Otherwise it is ensures that src and dest do not overlap and the dest
buffer is large enough for the incoming bytes and triggers a bug report
if it is not. Finally, it bind the return value (for mempcpy() is the
byte after the last byte copied).
-Lenny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mempcpy-checker.diff
Type: text/x-patch
Size: 9535 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20110331/7d17b432/attachment.bin>
More information about the cfe-commits
mailing list