[cfe-commits] PATCH: Enhance array bounds checking
Ted Kremenek
kremenek at apple.com
Thu Jul 14 10:49:21 PDT 2011
On Jul 14, 2011, at 10:39 AM, Joerg Sonnenberger wrote:
> On Thu, Jul 14, 2011 at 10:28:52AM -0700, Ted Kremenek wrote:
>> Hi Kaelyn,
>>
>> I was reviewing this patch (which I think is a great step), and I had a high-level comment about the following test case:
>>
>> +void swallow (const char *x) { (void)x; }
>> +void test_pointer_arithmetic() {
>> + const char hello[] = "Hello world!"; // expected-note 2 {{declared here}}
>> + const char *helloptr = hello;
>> +
>> + swallow("Hello world!" + 6); // no-warning
>> + swallow("Hello world!" - 6); // expected-warning {{refers before the beginning of the array}}
>> + swallow("Hello world!" + 14); // expected-warning {{refers past the end of the array}}
>>
>> Do we really want this to be a warning? There are plenty of examples where an out-of-bounds pointer is computed for legit reasons. As long as that address is not dereferenced, there isn't necessarily a problem. I'm fearful this may generate a fair amount of noise on codebases that do elaborate tricks with pointer offsets. Indeed this very example doesn't actually exhibit a "bug".
>
> I'm not sure yet, but I think this is something that really should be
> investigated on real code bases first (and it should be a separate
> option for that reason).
Years ago one example I saw was the "Numerical Recipes" library, which tried to turn all C one-dimensional arrays into arrays with a "base index" of 1 (to be amendable for scientists previously coding with Fortran). I'm not arguing that this is a good idea, but on that example this warning would likely fire thousands of times.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20110714/39653c76/attachment.html>
More information about the cfe-commits
mailing list