[cfe-dev] GSOC Static Analyzer Proposal
John Regehr
regehr at cs.utah.edu
Fri Apr 12 08:43:29 PDT 2013
> I think it could be very interesting to check some behaviors not covered
> in the sanitizers statically. Do you have thoughts about static versus dynamic
> checking?
I think the only real answer is to devise the most appropriate solution
for each kind of undefined behavior. Obviously static checking is great
when it can be done reliably and efficiently.
A random undefined behavior that I find interseting and that nobody has
ever checked for in a systematic way (that I know of) is the one
concerning multiple references to an lvalue (one of which is a store) that
are in between a pair of sequence points.
Clearly some versions can be detected statically and both GCC and LLVM
provide a warning for "i = i++;".
On the other hand it's easy to come up with versions of this code that
defeat static analysis, but that would not be hard to detect dynamically.
A separate question is whether this particular undefined behavior (which
is seen in real codes) is worth checking for. I'm not sure about that,
but Clang/LLVM actually does put a different value into i for the code
above than do gcc and icc.
John
More information about the cfe-dev
mailing list