[cfe-commits] r146144 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/CMakeLists.txt lib/StaticAnalyzer/Checkers/Checkers.td lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp test/Analysis/malloc-sizeof.c
Peter Collingbourne
peter at pcc.me.uk
Fri Dec 9 06:06:50 PST 2011
On Thu, Dec 08, 2011 at 08:54:42AM -0800, Ted Kremenek wrote:
> Hi Peter,
>
> This looks very well written. Have you run it over a reasonable body of code to see if it finds bugs in practice or what kind of false positives it may trigger?
Hi Ted,
Not yet, but I can imagine the sorts of false positives that will
be encountered (for example, allocations of sizeof(x) cast to y*,
where sizeof(x) is guaranteed by the standard to be at least as large
as sizeof(y), such as y being an unsigned variant of x, or x and y
being structs and y's field list being a prefix of x's). I don't
think we have a general mechanism for identifying these sorts of
false positives at the moment, do we?
(Incidentally, possible false negatives may involve use of size_t
or other platform-dependent typedefs... not sure what to do about
these, other than perhaps testing that the same typedef is used in
both cases).
Thanks,
--
Peter
More information about the cfe-commits
mailing list