[cfe-dev] [StaticAnalyzer] Threshold on number of checks

Stefan Ciobaca via cfe-dev cfe-dev at lists.llvm.org
Mon Jul 31 13:59:03 PDT 2017 

Hello,

you are probably seeing this behavior as a result of the maximum number of
times a loop is unrolled during the symbolic execution of the program (by
default, 4 times).

You can change the unroll limit with the following command line argument:

clang -cc1 -analyze -analyzer-max-loop 100 -analyzer-checker=core [...]

The command above will change the unroll limit to 100 (however, you will
probably see performance issues). The loop widening project (
http://lists.llvm.org/pipermail/cfe-dev/2017-March/053060.html) might help
with your issue once finished.

Best,
Stefan

On Mon, Jul 31, 2017 at 11:26 PM, Gupta Nikhil via cfe-dev <
cfe-dev at lists.llvm.org> wrote:

> Hi,
>
> I have a trivial case where the Static Analyzer is not catching a double
> free bug:
>
> ==============
>   char *s;
>
>   for(int i = 0; *i < 4*; i++)
>
>  {
>
>      s = (char*)malloc(10);
>
>      free(s);
>
>   }
>
>   free(s);
>
> ================
>
> However, if I change the code to:
>
>
>
> ==============
>   char *s;
>
>   for(int i = 0; *i < 3*; i++)
>
>   {
>
>      s = (char*)malloc(10);
>
>      free(s);
>
>   }
>
>   free(s);
>
> ================
>
> A double free warning is thrown.
>
>
>
>
>
> On exploring this further, I noticed that the function
> MallocChecker::FreeMemAux is called no more than 4 times. Ie: I can place
> as many “free(s)” after the last one in the first code chunk and it will
> never be caught.
>
> Its calling method MallocChecker::CheckPostStmt seems to be limited to
> being called a maximum of 8 times.
>
>
>
> Is there a threshold set on the number of times a checker can be called?
> If so, can that be tweaked?
>
>
>
> Thanks in advance!
>
>
>
> Regards,
>
> Nikhil
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170731/72be17f3/attachment.html>

More information about the cfe-dev mailing list