[cfe-dev] [StaticAnalyzer] Threshold on number of checks
Gupta Nikhil via cfe-dev
cfe-dev at lists.llvm.org
Tue Aug 1 07:25:11 PDT 2017
Thanks Stefan,
The bug is being caught now. Our present use case favors precision over speed so this would solve our problem.
From: Stefan Ciobaca [mailto:stefan.ciobaca at gmail.com]
Sent: Monday, July 31, 2017 3:59 PM
To: Gupta Nikhil <nikhgupt at codeaurora.org>
Cc: cfe-dev at lists.llvm.org
Subject: Re: [cfe-dev] [StaticAnalyzer] Threshold on number of checks
Hello,
you are probably seeing this behavior as a result of the maximum number of times a loop is unrolled during the symbolic execution of the program (by default, 4 times).
You can change the unroll limit with the following command line argument:
clang -cc1 -analyze -analyzer-max-loop 100 -analyzer-checker=core [...]
The command above will change the unroll limit to 100 (however, you will probably see performance issues). The loop widening project ( <http://lists.llvm.org/pipermail/cfe-dev/2017-March/053060.html> http://lists.llvm.org/pipermail/cfe-dev/2017-March/053060.html) might help with your issue once finished.
Best,
Stefan
On Mon, Jul 31, 2017 at 11:26 PM, Gupta Nikhil via cfe-dev <cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org> > wrote:
Hi,
I have a trivial case where the Static Analyzer is not catching a double free bug:
==============
char *s;
for(int i = 0; i < 4; i++)
{
s = (char*)malloc(10);
free(s);
}
free(s);
================
However, if I change the code to:
==============
char *s;
for(int i = 0; i < 3; i++)
{
s = (char*)malloc(10);
free(s);
}
free(s);
================
A double free warning is thrown.
On exploring this further, I noticed that the function MallocChecker::FreeMemAux is called no more than 4 times. Ie: I can place as many “free(s)” after the last one in the first code chunk and it will never be caught.
Its calling method MallocChecker::CheckPostStmt seems to be limited to being called a maximum of 8 times.
Is there a threshold set on the number of times a checker can be called? If so, can that be tweaked?
Thanks in advance!
Regards,
Nikhil
_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170801/ef3c112d/attachment.html>
More information about the cfe-dev
mailing list