[cfe-dev] Static Analyzer Rocks Hard

Ted Kremenek kremenek at apple.com
Sat Jun 28 10:46:15 PDT 2008

On Jun 26, 2008, at 12:54 AM, Holger Schurig wrote:

> On Wednesday 25 June 2008 18:49:06 Ted Kremenek wrote:
>> Another kind of "taint property" is tracking the use of
>> kernel/user pointers in kernel space; this is more of an
>> address-space qualifier problem, but it can also be viewed as
>> a form of taint propagation.
> AFAIK this is done e.g. by the sparse tool when you compile linux
> with "make C=1".

Yep, Sparse has been a great tool for the Linux kernel folks.  It  
doesn't have a full-fledged C parser/semantic analyzer, so it would be  
interesting to see what would happen if the same checks were  
implemented in Clang (more code coverage?  more bugs caught?).  These  
checks could be implemented as an ASTConsumer in Clang, potentially  
built in the Analysis library.  Adding Sparse's annotation support to  
clang would also not be difficult.

Microsoft also implemented some great annotations for doing modular  
buffer overflow checking:


I would love to see something like SAL (and other great, well-scoped  
use of annotations) implemented in Clang as well.

More information about the cfe-dev mailing list