[cfe-dev] Clang static analyzer checker seems to stop after seeing "typeid()"
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Tue Jun 11 09:49:33 PDT 2019
As a quick-and-dirty solution i'd rather recommend moving this 'case:'
to the list of
1301 // Cases not handled yet; but will handle some day.
On 6/11/19 12:43 AM, Torry Chen wrote:
> Thank you! I will investigate how to implement that.
>
> As a dirty hack, will it be fine to simply ignore typeid() as follows?
> There aren't many calls to it in our code base.
> case Stmt::CXXTypeidExprClass:
> break;
>
> On Mon, 10 Jun 2019 at 19:38, Artem Dergachev <noqnoqneo at gmail.com
> <mailto:noqnoqneo at gmail.com>> wrote:
>
> Yes, indeed, this is simply unimplemented. Like, so much
> unimplemented that the analyzer is unable to figure out how to
> handle CXXTypeidExpr so it gives up on the current execution path.
> See ExprEngine::Visit, the top part of the switch.
>
> It shouldn't be that hard to implement in a reasonable manner. I
> guess, the values that it returns would always be symbolic (as in,
> an invalidated structure), but consistent as long as we know the
> type (and it should probably produce a new value every time we
> don't know the type on the current path).
>
> On 6/10/19 6:26 PM, Torry Chen via cfe-dev wrote:
>> Hi all,
>>
>> I've been using the unix.Malloc checker to detect memory
>> management issues in our code base. But we found the checker
>> seems to stop exploring after seeing a call to typeid(). Below is
>> a bad code example and unix.Malloc should warn about a
>> double-free. But if I uncomment the line calling typeid(), the
>> checker doesn't report any bug.
>>
>> This prevents it from checking some of our templated functions
>> that call typeid(). Could someone please let me know why this
>> happens and how do I make the checker continue to work after
>> seeing typeid()?
>>
>> Thank you!
>> Torry
>>
>> void double_free(int size) {
>> char *data = (char *)malloc(size);
>>
>> for (int i = 0; i < size; i++)
>> data[i] = i;
>>
>> // auto tname = typeid(uint64_t).name(); // typeid() seems to
>> stop analyzer
>> // printf("Type name is %s\n", tname);
>>
>> free(data);
>> free(data); // Should warn: Attempt to free released memory
>> }
>>
>> int main(int argc, char** argv) {
>> double_free(argc);
>>
>> return 0;
>> }
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
More information about the cfe-dev
mailing list