testing the clang static code analyzer

Hi,

I installed the Clang Static Code Analyzer and tried testing it with a very simple example:

#include <stdio.h>

#include <stdlib.h>

Int main(int ac, char* argv[])

{

int a;

char *string;

string = (char*) malloc(10);

string[11] = ‘X’;

return *(int *)0;

}

I expected 4 errors to be discover:

  1. Unused variable: a

  2. Out of bound access to array string

  3. Memory leak: string

  4. Dereference of null pointer at the return statement

But instead only one error was discovered (error number 4)

Can you please help me figure out why I don’t get all the errors?

Thanks,

Lior Brafman

R&D
CheckPoint

Hi,

I installed the Clang Static Code Analyzer and tried testing it with a very simple example:
#include <stdio.h>
#include <stdlib.h>

Int main(int ac, char* argv[])
{
                int a;
                char *string;

                string = (char*) malloc(10);
                string[11] = ‘X’;
                return *(int *)0;
}

I expected 4 errors to be discover:
1. Unused variable: a

We are warning about this one if the value is being assigned to:
                int a;
                a = 2;

Though, we do not warn when it's not being assigned to to allow code like this:
int a;
if (flag) {
  a = 1;
  use (a);
}
// We don't want to warn here.

2. Out of bound access to array string

Currently, we do not have any on-by-default checker that would catch this.

3. Memory leak: string

We suppress leaks and other less critical issues if they occur on the same path as a very serious issue (such as a null ptr dereference). This is a heuristic which is supposed to show only the most important from a set of related issues. The heuristic is very simple, so it works agains us in this case. If you remove the null pointer dereference, you'll see the leak warning.

The analyzer also generally doesn't show errors that the compiler knows how to catch:

  warning: unused variable 'a' [-Wunused-variable]

-Wunused and -Wall include -Wunused-variable.

Jordan