Divide by zero reporting

Hi,

While running clang tool on a code it was found that if there are multiple divide by zero violations(more than 1) in same file then only the first one is reported and rest of them are not reported.

Even it was found that when a Prestmt check detects/emits a bugreport, it skips the subsequent binary operator nodes from the same file.

Example Code:

int a=23/0; //Detected and reported

int b=34/0; //Not detected

Regards,

Sujit Kamthe

Hi, Sujit. The checkers in the analyzer can choose to treat errors as fatal or non-fatal. In the case of divide-by-zero errors, we treat them as fatal, because (a) they will in fact trap in most runtimes, and (b) it's hard to continue evaluating if the division is used in a larger expression:

int a = 23 / 0;
int b = 34 / a; // ??

Note that the analyzer only stops analyzing a particular path when it sees a fatal error, not the entire file. Both divide-by-zero violations should be reported in compute(), as well as the one in again(), even if both functions are in the same file.

int compute(int a) {
  if (coin()) {
    a = a / 0;
  } else {
    a = a / 0;
  }
}

int again() {
  return 24 / 0;
}

Best,
Jordan

Hi Jordan,

Thanks for your reply.

I think this is achieved using C.generateSink() method where C is CheckerContext, which stops further exploration of the AST path.

In one of the checkers which is a Pre-stmt checker, I have used C.addTransition(); which should not stop the further analysis, but in my case it stops the further analysis of the AST nodes in same file and only reports the first violation.

This is correct, as detailed in our recent talk about the static analyzer (available at http://llvm.org/devmtg/2012-11/). However, my point is that it was correct behavior. There is not a reasonable way for the analyzer to continue simulating a program after the user has divided by zero. You have to fix the divide-by-zero error and run the analyzer again.

Jordan