[cfe-dev] Clang static analyzer checker seems to stop after seeing "typeid()"
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Mon Jun 10 19:38:16 PDT 2019
Yes, indeed, this is simply unimplemented. Like, so much unimplemented
that the analyzer is unable to figure out how to handle CXXTypeidExpr so
it gives up on the current execution path. See ExprEngine::Visit, the
top part of the switch.
It shouldn't be that hard to implement in a reasonable manner. I guess,
the values that it returns would always be symbolic (as in, an
invalidated structure), but consistent as long as we know the type (and
it should probably produce a new value every time we don't know the type
on the current path).
On 6/10/19 6:26 PM, Torry Chen via cfe-dev wrote:
> Hi all,
>
> I've been using the unix.Malloc checker to detect memory management
> issues in our code base. But we found the checker seems to stop
> exploring after seeing a call to typeid(). Below is a bad code example
> and unix.Malloc should warn about a double-free. But if I uncomment
> the line calling typeid(), the checker doesn't report any bug.
>
> This prevents it from checking some of our templated functions that
> call typeid(). Could someone please let me know why this happens and
> how do I make the checker continue to work after seeing typeid()?
>
> Thank you!
> Torry
>
> void double_free(int size) {
> char *data = (char *)malloc(size);
>
> for (int i = 0; i < size; i++)
> data[i] = i;
>
> // auto tname = typeid(uint64_t).name(); // typeid() seems to stop
> analyzer
> // printf("Type name is %s\n", tname);
>
> free(data);
> free(data); // Should warn: Attempt to free released memory
> }
>
> int main(int argc, char** argv) {
> double_free(argc);
>
> return 0;
> }
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190610/f7b34634/attachment.html>
More information about the cfe-dev
mailing list