NoQ added a subscriber: NoQ.
NoQ added a comment.
Hmm. If we want to catch bugs resulting from alternative `strcmp()`
implementations, then probably a test case that demonstrates the improvement
would be worth it, eg.:
int x = strcmp("foo", "bar"));
if (x == 1 || x == -1)
clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}
if (x > 1 || x < -1)
clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}
However, now we don't quite pass it yet, because the hardcoded implementation
of `strcmp()` is still specific, just different depending on how the clang code
was compiled (which may be similar to or different from the implementation on
which the code under analysis relies).
In order to pass such test, we could conjure a symbol for return value of
`strcmp()` and only enforce range on this symbol (such as `[INT_MIN, -1]` or
`[1, INT_MAX]`), rather than returning a concrete value.
http://reviews.llvm.org/D16317
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
