[cfe-dev] On heap variables and Clang SA
Bhargava Shastry
bshastry at sec.t-labs.tu-berlin.de
Mon Mar 16 10:37:17 PDT 2015
Hello,
Clang analyzer's checker dev page [1] talks of Clang SA being able to
track state of symbolic expressions and symbolic memory regions. Do
these concepts map to stack variables/expressions and heap
variables/expressions respectively?
For a construed example shown below, SA did not warn about comparison
against garbage value on Line 16. I concluded that, it's because Clang
SA doesn't reason about the program heap but wanted to make sure I'm not
looking at it superficially or drawing the wrong conclusion.
1. class bar {
2. public:
3. bar() {}
4. int m_x;
5. };
6.
7. class foo {
8. public:
9. foo() { ptrToBarObj = new bar(); }
10. void method();
11. int m_y;
12. bar *ptrToBarObj;
13. };
14.
15. void foo::method() {
16. if((ptrToBarObj->m_x > 0))
17. m_y = 0;
18. }
[1]: http://clang-analyzer.llvm.org/checker_dev_manual.html
Regards,
Bhargava
--
Learn more about COSADE 2015, the 6th Conference on
Constructive Side Channel Analysis and Secure Design
http://www.cosade.org
Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
Security in Telecommunications
TU Berlin / Telekom Innovation Laboratories
Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany
phone: +49 30 8353 58235
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150316/5e135fcb/attachment.sig>
More information about the cfe-dev
mailing list