[cfe-dev] clang analyzer question.

Ted Kremenek kremenek at apple.com
Mon Apr 29 10:08:15 PDT 2013

There is experimental support for buffer overflow checking:

$ clang --analyze -Xclang -analyzer-checker-help t5.c  | grep ArrayBound
  alpha.security.ArrayBound       Warn about buffer overflows (older checker)
  alpha.security.ArrayBoundV2     Warn about buffer overflows (newer checker)

Neither of these checkers are enabled by default, and neither of them can detect the error in this example.  It wouldn't take much work to get those to handle this example, but buffer overflow checking in general requires a lot more work in the analyzer engine as it often involves reasoning about linear equations involving symbolic values, e.g:

  symbolic_index * element size < symbolic_bounds

That kind of reasoning is currently beyond the analyzer's ability.


On Apr 29, 2013, at 9:54 AM, James Courtier-Dutton <james.dutton at gmail.com> wrote:

> Which command line do I use to detect the obvious bounds error in the
> attached C program?
> Kind Regards
> James
> <t5.c>_______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130429/04013d96/attachment.html>

More information about the cfe-dev mailing list