[cfe-dev] [analyzer] limits in reasoning about memory regions
Alexander Droste via cfe-dev
cfe-dev at lists.llvm.org
Thu Oct 8 05:16:09 PDT 2015
Hi,
I'd like to know in which cases the static analyzer
cannot fully reason about a memory region, especially
with respect to the amount of elements the region holds.
To my knowledge, the analyzer cannot fully reason about
a region in the following cases, as those are not
represented as TypedRegions:
- heap memory
Why is this actually the case? Wouldn't it be possible
to reason about the type, element count and size of a
region even if it is allocated with calloc, new or malloc
(if the region is allocated with a simple pattern).
- pointers returned from functions defined in a different translation
unit than the function is called in
Are there more situations I'm not aware of?
-Alex
More information about the cfe-dev
mailing list