[PATCH] [analyzer] Implementation of potential undefbehavior.ZeroAllocDereference checker.
Anna Zaks
zaks.anna at gmail.com
Thu Mar 12 17:01:31 PDT 2015
**As a rule of thumb, checkers should be stateless.
-
http://clang-analyzer.llvm.org/checker_dev_manual.html
When you introduce mutable members you are most likely making a mistake. The state should track properties of symbols; specifically to check with symbol corresponds to a '0' allocation.
The specific example that might break with your patch (depending on the order in which the states are being explored) is something along these lines:
if (b)
s= 10;
else
s = 0;
p = malloc(s);
if (b)
*p = 1;
When the checker explores "malloc(s)" along the "s=0" path, the expression will be added to the set. If "*p = 1" along the "s=10" path is explored later on, we are going to produce a false positive.
Please, provide better testing so the cases like this one are exposed.
http://reviews.llvm.org/D8273
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
More information about the cfe-commits
mailing list