[cfe-dev] uncovered path (wrong constraint?)

Yuval Shahar yuval.shahar.007 at gmail.com
Sun Apr 21 01:54:43 PDT 2013 

Anton, thanks for taking the time to review the code and answer.
I ran a few more tests and noticed that the analyzer never reaches the if
statement.
Here's a refined example to illustrate this:

void use(int);
void checkchecker(char *s) {
    int i=0;
    int j;
    int k;
    while(*(s++)!=0) {
        i++;
                k = 0;
use(j);
    }
if(i>0)
           use(k);
}

pathtest.c:9:5: warning: Function call argument is an uninitialized value
                                use(j);
                                ^   ~

As you can see, the analyzer does indeed walks through the while loop
(therefore increments i), but never reaches into the if statement.
So as I understand , not all paths are covered. Am I missing something here?

Thanks again,
Yuval



On Thu, Apr 18, 2013 at 9:56 PM, Anton Yartsev <anton.yartsev at gmail.com>wrote:

> On 18.04.2013 10:51, YuvalShahar wrote:
>
>> yes, sorry for this mistake.
>> I was trying to build a small program to understand why not all paths are
>> covered.
>> How about this example:
>>
>> void use(int);
>> void checkchecker(char *s) {
>>         int i=0;
>>         int j;
>>         while(*(s++)!=0) {
>>                 i++;
>>         }
>>         if(i>4) {
>>                 use(j);   //no report - if predicate is changed to i<4
>> there is a report
>>         }
>> }
>>
>> I see in the code that loops are covered 4 times,
>>
> Hi, Yuval.
>
> There is an analyzer option -analyzer-max-loop <value> that establishes
> how many times the analyzer iterates the loop.
> In your example if the contents of 's' is unknown the loop will iterate up
> to this value.
>
>
>  but I'd like to add
>> another path and remove all constraints on variables that are changed in
>> the
>> loop (in the style of a widening operation). Any ideas on how to do this?
>> Thanks, Yuval
>>
> As I understand the analyzer tries to cover all possible paths. In your
> example the first paths is when the while condition is considered false at
> the very beginning and the loop iterates 0 times; the following code
> illustrates this:
>
>
> void use(int);
> void checkchecker(char *s) {
>     int i=0;
>     int j;
>     int k;
>     while(*(s++)!=0) {
>         i++;
>                 k = 0;
>     }
>         use(k);
> }
>
> z_zzz.cpp:11:9: warning: Function call argument is an uninitialized value
>         use(k);
>         ^   ~
>
> Here no constrains from the loop are applied.
> Does it help?
>
>
>
>>
>> --
>> View this message in context: http://clang-developers.42468.**
>> n3.nabble.com/uncovered-path-**wrong-constraint-**tp4031492p4031559.html<http://clang-developers.42468.n3.nabble.com/uncovered-path-wrong-constraint-tp4031492p4031559.html>
>> Sent from the Clang Developers mailing list archive at Nabble.com.
>> ______________________________**_________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/**mailman/listinfo/cfe-dev<http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev>
>>
>
>
> --
> Anton
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130421/dc6cb945/attachment.html>

More information about the cfe-dev mailing list