[cfe-dev] Analyser - variadic arguments

[Artem Dergachev via cfe-dev]

Uhm.

You can enable IPA for variadic functions for your experiments, but i 
guess the problem was that it's not truly modeled - eg., va_arg() 
doesn't really return the variadic argument values. Which is bad, 
because it makes the analyzer make false assumptions (eg., suppose we 
inline scanf(), but do not understand that the place scanf() writes into 
is our local variable - we'd keep thinking that this variable is 
uninitialized and throw a false warning when it's used.

So you can just disable this check in your experiments (and deal with 
some false positives, which might not be too many), but a proper fix 
would need to be done before this check is disabled in the mainline 
analyzer.

In order to produce a proper fix, we'd need to model VAArgExpr's - in 
the ExprEngine or in Gabor's checker. In fact, a checker might be a good 
place for it, because it would already have all the necessary 
infrastructure (va_start() also needs to be modeled in the same place, 
perhaps through evalCall() to reduce invalidations). The modeling itself 
is not hard, but would require some understanding.


On 8/1/16 3:09 PM, Michael Tandy wrote:
> Thanks for your reply! I agree that va_start/copy/arg/end call 
> ordering should be reasonably easy to check.
>
> Unfortunately I'm still having trouble getting the number of arguments 
> - I suspect this is because IPA is disabled for variadic functions at 
> https://github.com/llvm-mirror/clang/blob/4ab9d6e02b29c24ca44638cc61b52cde2df4a888/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp#L735 
>
>
> Unfortunately, the details are tracked at rdar://problem/12147064 
> which seems to be private so I don't know the full details. Can anyone 
> give me any pointers as to what the issue is, and whether it's a task 
> it would be feasible for a new developer to attempt?
>