[cfe-dev] How to force Clang static checker to check the code that will not be executed in some situations???

George Karpenkov via cfe-dev cfe-dev at lists.llvm.org
Thu Jan 3 14:03:52 PST 2019 

Do you mean Klee or the Clang Static Analyzer?

For Klee, there is a separate mailing list. For CSA, you could just have two invocations: with and without -DSTATS=1.
You could also try to write a tool to generate all possible invocations if you want to consider all possible combinations of defined/undefined macros.

> On Jan 3, 2019, at 2:27 AM, changze cui via cfe-dev <cfe-dev at lists.llvm.org> wrote:
> 
> Hi all,
>    Recently, I am using Clang static checker to find buffer overflow related bugs. There is one case that the buggy code will be executed only if STATS is defined  (#ifdef STATS). I hope my checker can find all the bugs in a program even in the cases that the code will not be executed for now. Do you have any idea how can I achieve this?
>    The following is a part of the buggy code. Since "STATS" is not defined, variable a and ns will be NULL. Thus, some code will not be checked by Clang and the checker will miss one bug.
>    I put the full code as the attached file. Let me know if you have any solution. Thanks in advance!!
> 
> Regards,
> Chaz
>     
> static void nslookupComplain(sysloginfo, queryname, complaint, dname, a_rr, nsdp)
>      const char *sysloginfo, *queryname, *complaint, *dname;
>      const struct databuf *a_rr, *nsdp;
> {
> #ifdef STATS
>   char nsbuf[20];
>   char abuf[20];
> #endif
>   char *a, *ns;  
>   if (sysloginfo && queryname)
>    {
>    char buf[999];
> 
>     a = ns = (char *)NULL;
> #ifdef STATS 
>  /* this part will not be executed because STATS is not defined */
>  /* so a and ns will be equal to NULL */
>     if (nsdp) {
>      /* assign value to a and ns */
>     }
> #endif
>     if ( a != NULL || ns != NULL)
>      {
>         /* the code here will not be checked by Clang because a and ns are equal to NULL */
>      /*This line is a buggy point, but it cannot be found by Clang static checker now*/
>      sprintf(buf, "%s: query(%s) %s (%s:%s) learnt (A=%s:NS=%s)",
>        sysloginfo, queryname,
>        complaint, dname,
>        inet_ntoa(data_inaddr(a_rr->d_data)),
>        a ? a : "<Not Available>",
>        ns ? ns : "<Not Available>" );
>      }
>     else{
>      /*This is another buggy point, can be found by Clang static checker*/
>      sprintf(buf, "%s: query(%s) %s (%s:%s)",
>        sysloginfo, queryname,
>        complaint, dname,
>        inet_ntoa(data_inaddr(a_rr->d_data)));
>      }
>    }
> }
> <ns-lookup-klee.c>_______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190103/535a83d9/attachment.html>

More information about the cfe-dev mailing list