[cfe-dev] Variable out of scope
David Blaikie
dblaikie at gmail.com
Thu Apr 17 08:25:54 PDT 2014
On Thu, Apr 17, 2014 at 12:21 AM, Csaba Raduly <rcsaba at gmail.com> wrote:
> Hi Anders,
>
> On Tue, Apr 15, 2014 at 2:29 PM, Anders Rönnholm wrote:
>> Hi,
>>
>> How do i see that a variable is out of scope in a checker? Like in the example below i'd like to see that p is dead when assigning 0 to it as x is out of scope.
>>
>> void f() {
>> int *p;
>> {
>> int x;
>> p = &x;
>> }
>> *p = 0; // <-- error! p is dead.
>> }
>
> You are using the wrong words. "in scope" has a specific meaning in
> C++ (a variable is in scope == the name can be referenced). The fact
> that the compiler accepts " *p = 0 " means that p is in scope.
>
> In the line indicated, p is not "dead". It is a perfectly fine pointer
> with a non-null value. It does however point to a variable which *has*
> gone out of scope (x). This looks like a use-after-free bug.
Yes - and "x is out of scope" is the thing that Anders was trying to
ask/answer, so I don't think he was using the wrong words there.
But I don't know anything about the static analyzers to actually say
whether there's a good way to implement such a check.
>
> Csaba
> --
> GCS a+ e++ d- C++ ULS$ L+$ !E- W++ P+++$ w++$ tv+ b++ DI D++ 5++
> The Tao of math: The numbers you can count are not the real numbers.
> Life is complex, with real and imaginary parts.
> "Ok, it boots. Which means it must be bug-free and perfect. " -- Linus Torvalds
> "People disagree with me. I just ignore them." -- Linus Torvalds
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list