NoQ added a comment.
In D71607#2112228 <https://reviews.llvm.org/D71607#2112228>, @MaskRay wrote:
> +@NoQ on comments whether clang static analyzer can catch these cases.
>
> `clang++ --analyze a.cc` does not warn on `a.size()-2` AFAICT.
Implementing such check in the static analyzer with the help of path-sensitive
analysis would ultimately allow you to potentially eliminate (in a very precise
and fairly principled/non-hacky way) false positives such as your example with
`.empty()` or even this one:
void foo(vector &v) {
v.push_back(a);
v.push_back(b);
// Size is known to be at least 2, therefore overflow never occurs.
for (size_t i = 0; i < v.size() - 2; ++i) {
// ...
}
}
That won't happen immediately though; it'll require some routine work that'll
consist in teaching the analyzer facts such as "only empty containers have size
0" or "vectors grow when pushed into". The analyzer would automagically refute
such false positives (in all of its checkers!) once it acquires such knowledge.
That said, it's still a fairly large amount of routine work, so i'd rather not
have you blocked on this and recommend committing into clang-tidy. We can
always move or duplicate the check later if you decide to proceed with this
approach.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71607/new/
https://reviews.llvm.org/D71607
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
