[cfe-dev] StaticAnalyzer: Implementing checks for std::string

[Jared Grubb]

I was looking at trying to implement a checker and thought a fun one would be to try to implement checkers around std::string. For example, I figured I could start with trying to detect out-of-bound access when the length of the string can be determined.

One clang doc(*) suggested that there should be BodyFarm implementations of std::string functions. Would that be the best way to try to solve the OOB check problem? Or is it better to try to "emulate" interactions with std::string objects and try to track the size of the string? 

It seems that providing an actual implementation of the functions will be more accurate than an emulation, but then I'm not sure why that's not already visible from <string>? Is there some limitation in the static analyzer that keeps it from already having the source from <string>? Or will an emulation provide something richer than the raw <string> source could provide?

I'll probably have follow up questions, but my questions branch out from those basic approaches, so I figured I'd start there.

Jared

(*) http://clang-analyzer.llvm.org/open_projects.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130720/9296fc22/attachment.html>