[PATCH] D16317: [Analyzer] Fix for PR23790: bind real value returned from strcmp when modelling strcmp.

Tue Jan 19 07:27:07 PST 2016

NoQ added a subscriber: NoQ.
NoQ added a comment.

Hmm. If we want to catch bugs resulting from alternative `strcmp()` implementations, then probably a test case that demonstrates the improvement would be worth it, eg.:

  int x = strcmp("foo", "bar"));
  if (x == 1 || x == -1)
    clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}
  if (x > 1 || x < -1)
    clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}

However, now we don't quite pass it yet, because the hardcoded implementation of `strcmp()` is still specific, just different depending on how the clang code was compiled (which may be similar to or different from the implementation on which the code under analysis relies).

In order to pass such test, we could conjure a symbol for return value of `strcmp()` and only enforce range on this symbol (such as `[INT_MIN, -1]` or `[1, INT_MAX]`), rather than returning a concrete value.

http://reviews.llvm.org/D16317