On 04/08/2011 05:37 PM, Ted Kremenek wrote:
> Hi Lenny,
>
> I understand the intent is to model comparing raw string literals, but I
> think the use of getCStringLiteral() discards too much information. For
> example, I don't think the following will be handled correctly:
>
> const char *s1 = "foobar";
> const char *s2 = "bar";
> return strcmp(&s1[3], s2);
>
> In order to model strcmp() properly, you will also need to take into account
> the offset within the string literal.
>
> Also, could you add a FIXME indicating that this logic only handles comparing
> string literals (albeit, it handles flow analysis)? Conceptually, we could
> enhance this to also handle non-literals as well in a variety of ways.
Nice catch Ted!
In fact, I think the entire CString checker needs this. I just tested
strlen and that didn't work in this case either:
void strlen_with_offset(const char *x) {
if (strlen(x) != 5)
return;
if (strlen(&x[2]) != 3)
(void)*(char*)0; // no-warning
}
Is this patch ok to be committed in lieu of this change? The next task I
will take on will be fixing the modeling of all the functions in the
CString checker to accommodate for this oversight. It will probably be a
small change, but pervasive throughout the checker.
-Lenny
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
