[cfe-dev] [StaticAnalyzer] Threshold on number of checks
Gupta Nikhil via cfe-dev
cfe-dev at lists.llvm.org
Mon Jul 31 13:26:04 PDT 2017
Hi,
I have a trivial case where the Static Analyzer is not catching a double
free bug:
==============
char *s;
for(int i = 0; i < 4; i++)
{
s = (char*)malloc(10);
free(s);
}
free(s);
================
However, if I change the code to:
==============
char *s;
for(int i = 0; i < 3; i++)
{
s = (char*)malloc(10);
free(s);
}
free(s);
================
A double free warning is thrown.
On exploring this further, I noticed that the function
MallocChecker::FreeMemAux is called no more than 4 times. Ie: I can place as
many "free(s)" after the last one in the first code chunk and it will never
be caught.
Its calling method MallocChecker::CheckPostStmt seems to be limited to being
called a maximum of 8 times.
Is there a threshold set on the number of times a checker can be called? If
so, can that be tweaked?
Thanks in advance!
Regards,
Nikhil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170731/70938b8f/attachment.html>
More information about the cfe-dev
mailing list