[cfe-dev] [analyzer] RFC, garbage value => out of bounds
Joerg Sonnenberger via cfe-dev
cfe-dev at lists.llvm.org
Mon Mar 14 04:04:37 PDT 2016
On Mon, Mar 14, 2016 at 08:44:42AM +0000, Daniel Marjamäki via cfe-dev wrote:
>
> Hello!
>
> I would like to change the analyzer so the a[i] value is not undefined when i is out of bounds.. to improve the Clang warnings.
>
> Code example:
>
> void dostuff(int);
>
> void f(int nr) {
> int a[2] = {1,1};
> for (int i = 0; i < nr; i++)
> dostuff(a[i]);
> }
>
>
> Output from Clang analyzer:
>
> /home/danielm/ossa/uninit.c:7:5: warning: Function call argument is an uninitialized value
> dostuff(a[i]);
> ^~~~~~~~~~~~~
>
> The array a is fully initialized. So imho the message is a FP.
>
> It is better to write "array index out of bounds". Like this:
>
> /home/danielm/ossa/uninit.c:7:13: warning: Access out-of-bound array element (buffer overflow)
> dostuff(a[i]);
> ^~~~
>
> So.. if I change the analyzer the warning will not be shown unless the array-index check is enabled.
Have you looked e.g. at the HTML version on how the analyzer arrived at
this decision? It typically makes things like index out of bounds much
clearer. It is often not easy to say which warning is more appropiate,
so I'm not sure how much sense shuffling here really makes.
Joerg
More information about the cfe-dev
mailing list