[PATCH] D71607: [clang-tidy] Add unsigned subtraction warning, with suggestion to convert to unsigned literals.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Jun 24 19:33:47 PDT 2020
NoQ added a comment.
In D71607#2112228 <https://reviews.llvm.org/D71607#2112228>, @MaskRay wrote:
> + at NoQ on comments whether clang static analyzer can catch these cases.
>
> `clang++ --analyze a.cc` does not warn on `a.size()-2` AFAICT.
Implementing such check in the static analyzer with the help of path-sensitive analysis would ultimately allow you to potentially eliminate (in a very precise and fairly principled/non-hacky way) false positives such as your example with `.empty()` or even this one:
void foo(vector &v) {
v.push_back(a);
v.push_back(b);
// Size is known to be at least 2, therefore overflow never occurs.
for (size_t i = 0; i < v.size() - 2; ++i) {
// ...
}
}
That won't happen immediately though; it'll require some routine work that'll consist in teaching the analyzer facts such as "only empty containers have size 0" or "vectors grow when pushed into". The analyzer would automagically refute such false positives (in all of its checkers!) once it acquires such knowledge. That said, it's still a fairly large amount of routine work, so i'd rather not have you blocked on this and recommend committing into clang-tidy. We can always move or duplicate the check later if you decide to proceed with this approach.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71607/new/
https://reviews.llvm.org/D71607
More information about the cfe-commits
mailing list