[cfe-dev] one suggestion for Clang static analyzer
Aleksei Sidorin
a.sidorin at samsung.com
Mon Aug 11 00:05:11 PDT 2014
Hello. It seems like the source of problem is the method analyzer deals
with loops: it just inlines them for a limited number of times (less
then 10 usually) so it just doesn't execute a loop with such a big value
to find a mistake in ArrayBoundChecker.
> Dear All,
>
> I am wondering if Clang static analyzer could extend to find out the
> bug in the following code.
>
> #include <stdio.h>
>
> #include <stdlib.h>
> #include <string.h>
> #include <unistd.h>
>
> #define SIZE 1024*1024*1024
> int main()
> {
> printf("%ld,%ld,%ld\n",sizeof(int),sizeof(long),sizeof(size_t));//output
> 4,8,8
> printf("%ld\n",SIZE); //output 1073741824
>
> int *p = (int*)malloc(SIZE);
> if(!p){
> perror("malloc");
> exit(1);
> }
>
> memset(p,0,SIZE); //this works fine
>
> size_t i=0;
> for(;i<SIZE;++i){
> p[i] = 10; //gdb shows when crashed i = 268436476
> }
> }
--
Best regards,
Aleksei Sidorin
Software Engineer,
IMSWL-IMCG, SRR, Samsung Electronics
More information about the cfe-dev
mailing list