[cfe-dev] one suggestion for Clang static analyzer
Jordan Rose
jordan_rose at apple.com
Tue Aug 12 19:40:18 PDT 2014
Yup, this is it. We'd like to have a way to handle constant-bounded loops better (say, by evaluating the loop at iterations 0, 1, and "N"), but it's a non-trivial problem, and no one's actively working on it right now.
Jordan
On Aug 11, 2014, at 0:05 , Aleksei Sidorin <a.sidorin at samsung.com> wrote:
> Hello. It seems like the source of problem is the method analyzer deals with loops: it just inlines them for a limited number of times (less then 10 usually) so it just doesn't execute a loop with such a big value to find a mistake in ArrayBoundChecker.
>
>> Dear All,
>>
>> I am wondering if Clang static analyzer could extend to find out the
>> bug in the following code.
>>
>> #include <stdio.h>
>>
>> #include <stdlib.h>
>> #include <string.h>
>> #include <unistd.h>
>>
>> #define SIZE 1024*1024*1024
>> int main()
>> {
>> printf("%ld,%ld,%ld\n",sizeof(int),sizeof(long),sizeof(size_t));//output
>> 4,8,8
>> printf("%ld\n",SIZE); //output 1073741824
>>
>> int *p = (int*)malloc(SIZE);
>> if(!p){
>> perror("malloc");
>> exit(1);
>> }
>>
>> memset(p,0,SIZE); //this works fine
>>
>> size_t i=0;
>> for(;i<SIZE;++i){
>> p[i] = 10; //gdb shows when crashed i = 268436476
>> }
>> }
>
> --
> Best regards,
> Aleksei Sidorin
> Software Engineer,
> IMSWL-IMCG, SRR, Samsung Electronics
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list