[cfe-dev] Clang Static Analyzer does not show all bugs in function
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Sun Sep 30 21:43:45 PDT 2018
Because behavior of the code that contains the first bug is undefined,
Static Analyzer doesn't proceed to "execute" the rest of the program on
that execution path - i.e., the program has already "crashed", it is
irrelevant what happened next. It is tempting but dangerous to try to
recover from the error because it is very likely that other bugs found
on such execution path are false positives: after all, they happen only
when the program already crashed. And if there's another execution path
on which the other bug happens but the program doesn't crash, Static
Analyzer would still find it when it explores the other path.
For example, in the following code all three bugs are found, because
they occur on different execution paths:
extern bool coin();
int main()
{
if (coin()) {
int* c = new int[10];
free(c);
}
if (coin()) {
int* d = new int;
free(d);
}
if (coin()) {
int* e = (int*)malloc(10);
delete e;
}
}
On 9/30/18 6:03 PM, Alexander Zaitsev via cfe-dev wrote:
> Hello.
>
> I am testing Clang Static Analyzer (CSA) on this code sample:
>
>
> int main()
> {
> int* c = new int[10];
> free(c);
>
> int* d = new int;
> free(d);
>
> int* e = (int*)malloc(10);
> delete e;
> }
>
>
> For testing I have built clang from trunk and run analysis as
> './scan-build -k --use-analyzer=clang ./clang++ main.cpp'. Then I get
> only one report about first bug:
>
>
> main.cpp:11:14: warning: Memory allocated by 'new[]' should be
> deallocated by 'delete[]', not free()
> free(c);
> ^~~~~~~
> 1 warning generated.
> scan-build: 1 bug found.
>
>
> No information about errors on the next lines. When I comment first two
> lines with bug, CSA is able to find next bug and so on.
>
> Is there any workaround for this? Is it a bug? (at least for me for now
> it looks like a bug)
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list