[cfe-dev] GSOC Static Analyzer Proposal

John Regehr regehr at cs.utah.edu
Fri Apr 12 08:43:29 PDT 2013

> I think it could be very interesting to check some behaviors not covered
> in the sanitizers statically. Do you have thoughts about static versus dynamic
> checking?

I think the only real answer is to devise the most appropriate solution 
for each kind of undefined behavior.  Obviously static checking is great 
when it can be done reliably and efficiently.

A random undefined behavior that I find interseting and that nobody has 
ever checked for in a systematic way (that I know of) is the one 
concerning multiple references to an lvalue (one of which is a store) that 
are in between a pair of sequence points.

Clearly some versions can be detected statically and both GCC and LLVM 
provide a warning for "i = i++;".

On the other hand it's easy to come up with versions of this code that 
defeat static analysis, but that would not be hard to detect dynamically.

A separate question is whether this particular undefined behavior (which 
is seen in real codes) is worth checking for.  I'm not sure about that, 
but Clang/LLVM actually does put a different value into i for the code 
above than do gcc and icc.


More information about the cfe-dev mailing list