[cfe-dev] clang static analyzer fails to find bug it found previously

Dennis Cote DennisC at harding.ca
Fri Apr 5 07:31:21 PDT 2013 

Hi Anna,

 

I added the following line to the beginning of the function to create an
unpaired new. I used the nothrow array variation of new since that is
what is used where I am having the problem. 

 

                char* bogus = new(nothrow) char[100];

 

I got an additional "Value stored to 'bogus' during its initialization
is never read" error report, but nothing about the memory leak.

 

I then tried a basic new without the nothrow argument and the leak was
detected and reported. The source has always used the nothrow argument
to new, and the leak was detected in the past.

 

It looks like a regression in the checker. It seems to work for 'new'
but not for 'new(nothrow)' any longer.

 

Dennis Cote

 

From: Anna Zaks [mailto:ganna at apple.com] 
Sent: April 3, 2013 6:06 PM
To: Dennis Cote
Cc: cfe-dev at cs.uiuc.edu
Subject: Re: [cfe-dev] clang static analyzer fails to find bug it found
previously

 

I did not see your second email before sending that the checker should
be in alpha package.

 

Can you try inserting a bogus leak into the function and see if it is
reported. This way we will know if the issue if the checker is on or
off.

 

Anna.

On Apr 3, 2013, at 3:31 PM, Dennis Cote <DennisC at harding.ca> wrote:





 

From: Anna Zaks 

I've just realized that the checker's package changed after the commit,
so it's now called alpha.cplusplus.NewDelete.

 

 

Hi Anna,

 

I had seen this already, as mentioned in my previous post. I get the
same diagnostics with and without this checker enabled.

 

I have verified (using the verbose scan-build output) that the
-enable-checker option is being processed and an -analyze-checker option
is being passed to clang++ for this file (near the end of the command
line). I noticed that the format of this option is different than the
"-analyzer-checker=..." format used for the other checkers, but I don't
know if it is a significant difference.

 

'/mingw/bin/clang++' '-cc1' '-triple' 'i686-pc-mingw32' '-analyze'
'-disable-free' '-disable-llvm-verifier' '-main-file-name' 'astyl

e_main.cpp' '-analyzer-store=region'
'-analyzer-opt-analyze-nested-blocks' '-analyzer-eagerly-assume'
'-analyzer-checker=core' '-ana

lyzer-checker=unix' '-analyzer-checker=deadcode'
'-analyzer-checker=security.insecureAPI.UncheckedReturn'
'-analyzer-checker=securit

y.insecureAPI.getpw' '-analyzer-checker=security.insecureAPI.gets'
'-analyzer-checker=security.insecureAPI.mktemp' '-analyzer-checke

r=security.insecureAPI.mkstemp'
'-analyzer-checker=security.insecureAPI.vfork' '-analyzer-output'
'plist' '-w' '-mrelocation-model'

'static' '-mdisable-fp-elim' '-fmath-errno' '-mconstructor-aliases'
'-target-cpu' 'pentium4' '-resource-dir' 'C:/MinGW/bin\..\lib\cl

ang\3.3' '-fdeprecated-macro' '-fno-dwarf-directory-asm'
'-fdebug-compilation-dir' 'c:/cmd_line_tools/AStyle/build/gcc'
'-ferror-lim

it' '19' '-fmessage-length' '0' '-mstackrealign' '-fno-use-cxa-atexit'
'-fobjc-runtime=gcc' '-fobjc-default-synthesize-properties' '

-fcxx-exceptions' '-fexceptions' '-fdiagnostics-show-option'
'-backend-option' '-vectorize-loops' '-analyzer-display-progress' '-ana

lyzer-checker' 'alpha.cplusplus.NewDelete' '-analyzer-output=html' '-o'
'C:/Users/DennisC/AppData/Local/Temp/scan-build-2013-04-03-8

' '-x' 'c++' 'c:/cmd_line_tools/AStyle/src/astyle_main.cpp'

 

I also noticed that the analyzer is seeing the problematic function. So
_WIN32 must be defined.

 

ANALYZE (Syntax): c:/cmd_line_tools/AStyle/src/astyle_main.cpp
getNumberFormat

 

Was the behavior of this checker changed when it was demoted to alpha
status?

 

The behavior of the analyzer is changing all the time; we did made
changes to suppress possible false positives coming from new/delete
checker.

Can you attach a preprocessed file for this source file? Otherwise we
cannot tell for sure.

 

Here is one possibility. Do you pass outBuf as const pointer to one of
the calls between 'new' and 'return'? We've added a suppression for this
recently.

 

Anna.





 

Dennis Cote

_______________________________________________
cfe-dev mailing list
cfe-dev at cs.uiuc.edu <mailto:cfe-dev at cs.uiuc.edu> 
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
<http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130405/17588987/attachment.html>

More information about the cfe-dev mailing list