Re: static analyzer
Re: static analyzer
- Subject: Re: static analyzer
- From: vincent habchi <email@hidden>
- Date: Wed, 7 Jul 2010 22:29:30 +0200
Le 7 juil. 2010 à 20:35, Bill Bumgarner a écrit :
>> Is that generally true? I mean, first of all, false positives are a
>> well-known phenomenon with this static analyzer (the Web page at llvm.org
>> talks about this). Second, they do no harm. I get a false positive in *any*
>> of my apps that uses NSURLConnection, for example:
>
> Yup. That is really true. False positives are taken very seriously.
At the end, as I wrote, it turns out it was not really a false positive, but the message was somewhat unclear (sibylline, is that English?). The warning has gone away when I put the test before, so I assume this is normal and desired behavior. However it does raise the question to know if the static analyzer can figure out twisted initialization with functions such as memcpy.
The response as far I can fathom it out of a few simple tests is yes in most cases but sometimes no.
The following code:
int main (int argc, const char * argv[]) {
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
int foo;
int fee;
// insert code here...
NSLog(@"Hello, World!");
// memcpy (& fee, & foo, sizeof (foo));
Logit (fee);
[pool drain];
return 0;
}
correctly produces a warning about 'foo' not be used and the famous message "Pass-by-value argument in function call is undefined" that should best be written as "passED-by-value argument in function call is undefined" (as far as my understanding of the English grammar goes).
Now, this code:
int main (int argc, const char * argv[]) {
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
int foo;
int fee;
// insert code here...
NSLog(@"Hello, World!");
fee = foo;
// memcpy (& fee, & foo, sizeof (foo));
Logit (fee);
[pool drain];
return 0;
}
itches the analyzer with an "Assigned value is garbage or undefined" message on the line fee = foo, which is nice. Was it right to cancel the warning about the undefined parameter? That's questionable but admissible.
Now this version :
int main (int argc, const char * argv[]) {
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
int foo;
int fee;
// insert code here...
NSLog(@"Hello, World!");
memcpy (& fee, & foo, sizeof (foo));
Logit (fee);
[pool drain];
return 0;
}
does not make the static analyzer protest, so I assume its default behavior is to assume that any variable used as a destination of memcpy is initialized, regardless of the source. But, IMO, we have already encroached on a semantic realm beyond the reach of any decent general purpose code analyzer.
Vincent (with my excuses to the moderator for being also borderline as to the contents. I swear I will post further responses off list)._______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden