[cfe-dev] How to fix null-deref-ps.c on FreeBSD?
Ben Laurie
benl at google.com
Wed Feb 25 08:53:32 PST 2009
On Wed, Feb 18, 2009 at 4:15 PM, Ted Kremenek <kremenek at apple.com> wrote:
> On Feb 18, 2009, at 2:00 AM, Ben Laurie <benl at google.com> wrote:
>
>> On Tue, Feb 17, 2009 at 6:51 PM, Ted Kremenek <kremenek at apple.com> wrote:
>>>
>>> In general, doing this kind of analysis doesn't just require
>>> inter-procedural analysis, but it requires doing a whole-program analysis
>>> across multiple source files. This is necessary because the definition
>>> for
>>> the panic function itself likely occurs in one specific file. Doing this
>>> kind of whole-program analysis requires some infrastructure that is a big
>>> TODO for the analyzer. Having this kind of whole-program analysis in
>>> place
>>> would also open the door for doing a lot more sophisticated checks.
>>
>> Yes please - so does this TODO have any kind of shape yet?
>
> Unfortunately no. I have been a little overwhelmed lately, and sadly it
> hasn't had any love from me yet. If anyone is interested, it would be great
> help to mock up a skeleton TODO that we could post to the website and
> revise over time.
I'd certainly be interested, but I'm not really sure where to start,
even. The kind of analysis I imagine would require either loading the
whole program up at once, or being able to go back to stuff you'd
already seen and do another pass over it, now that you know more.
Plus some kind of global database might be needed. And serialisation
of data structures?
It just seems there are many ways to approach this, and some clue
which is something of a prerequisite...
More information about the cfe-dev
mailing list