[cfe-dev] clang analyzer question.
Ted Kremenek
kremenek at apple.com
Mon Apr 29 10:08:15 PDT 2013
There is experimental support for buffer overflow checking:
$ clang --analyze -Xclang -analyzer-checker-help t5.c | grep ArrayBound
alpha.security.ArrayBound Warn about buffer overflows (older checker)
alpha.security.ArrayBoundV2 Warn about buffer overflows (newer checker)
Neither of these checkers are enabled by default, and neither of them can detect the error in this example. It wouldn't take much work to get those to handle this example, but buffer overflow checking in general requires a lot more work in the analyzer engine as it often involves reasoning about linear equations involving symbolic values, e.g:
symbolic_index * element size < symbolic_bounds
That kind of reasoning is currently beyond the analyzer's ability.
Cheers,
Ted
On Apr 29, 2013, at 9:54 AM, James Courtier-Dutton <james.dutton at gmail.com> wrote:
> Which command line do I use to detect the obvious bounds error in the
> attached C program?
>
> Kind Regards
>
> James
> <t5.c>_______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130429/04013d96/attachment.html>
More information about the cfe-dev
mailing list