[cfe-dev] Why these problems below were not found by Clang Static Analyzer?
apache
ehcapa at qq.com
Tue Mar 11 19:53:11 PDT 2014
As below, these problems can be found be Coverity. But no BUGS were reported useing scan-build;(
Is the reason that I did not choose the right checkers?
Hers is my command line:
scan-build --use-analyzer=/usr/local/bin/clang -enable-checker llvm.Conventions -enable-checker alpha.core.BoolAssignment -enable-checker alpha.core.CastSize -enable-checke
r alpha.core.CastToStruct -enable-checker alpha.core.FixedAddr -enable-checker alpha.core.IdenticalExpr -enable-checker alpha.core.PointerArithm -enable-checker alpha.core.
PointerSub -enable-checker alpha.core.SizeofPtr -enable-checker alpha.cplusplus.NewDeleteLeaks -enable-checker alpha.cplusplus.VirtualCall -enable-checker alpha.deadcode.Id
empotentOperations -enable-checker alpha.deadcode.UnreachableCode -enable-checker alpha.security.ArrayBound -enable-checker alpha.security.ArrayBoundV2 -enable-checker alph
a.security.MallocOverflow -enable-checker alpha.security.ReturnPtrRange -enable-checker alpha.security.taint.TaintPropagation -enable-checker alpha.unix.Chroot -enable-chec
ker alpha.unix.MallocWithAnnotations -enable-checker alpha.unix.PthreadLock -enable-checker alpha.unix.SimpleStream -enable-checker alpha.unix.Stream -enable-checker alpha.
unix.cstring.BufferOverlap -enable-checker alpha.unix.cstring.NotNullTerminated -enable-checker alpha.unix.cstring.OutOfBounds -enable-checker security.FloatLoopCounter -en
able-checker security.insecureAPI.rand -enable-checker security.insecureAPI.strcpy clang -c test2.c
----------------------------------------------------------------------
1.case without break
e.g.
int test(const int n) {
int ret = 0;
switch(n) {
case 1:
ret = 1;
break;
case 2:
ret = 2; // this case branch has no 'break' statement.(coverity gived a warning here, but Clang didn't)
default:
break;
}
return ret;
}
----------------------------------------------------------------------
2.Dead code like below
#define MAX_NUM 10
void test(const int n) {
if(n >= MAX_NUM && n < MAX_NUM) {
printf("yes\n"); // this code will never be executed!(coverity gived a warning here, but Clang didn't)
}
}
----------------------------------------------------------------------
3.NULL-Pointer reference like below
typedef struct {
int age;
int sex;
}Person;
Person *one_person(char flag)
{
static Person p = {0, 0};
if(flag == 1) {
return &p;
}
return NULL;
}
void test()
{
Person *p = on_person(0);
p->age = 24; // NULL-Pointer reference(coverity gived a warning here, but Clang didn't)
p->sex = 0;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140312/c30ee5b1/attachment.html>
More information about the cfe-dev
mailing list