Re: [PATCH] [analyzer] Path-sensitive different.IntegerOverflow checker

Thu, 13 Nov 2014 17:17:44 -0800 

I suspect, this code below explains why you are getting the false positives.

The issue you highlight in the example is that sometimes the analyzer doesn't 
know what the value of a variable is. The existing checkers minimize false 
positives by issuing a warning only when it's known that a value is "bad". For 
example, we would only warn if StateOverflow && !StateNotOverflow. This will 
flag much less issues, but should not produce a lot of false positives.

Are the false positives you are getting being flagged by the first if clause? 

 if (StateOverflow && StateNotOverflow) {
    if (Pack.LValueIsTainted) {
      Msg.assign("Possible integer overflow while " + Pack.Operation +
                 ". Left operand is tainted: " + Pack.LValue + " AND " +
                 Pack.RValue);
      reportBug(Msg, C, SL);
    } else if (Pack.RValueIsTainted) {
      Msg.assign("Possible integer overflow while " + Pack.Operation +
                 ". Right operand is tainted: " + Pack.LValue + " AND " +
                 Pack.RValue);
      reportBug(Msg, C, SL);
    }
    return;
  }

  if (StateOverflow) {
    Msg.assign("Integer overflow while " + Pack.Operation + ". " + Pack.LValue +
               " AND " + Pack.RValue);
    reportBug(Msg, C, SL);
  }

================
Comment at: lib/StaticAnalyzer/Checkers/IntegerOverflowChecker.cpp:35
@@ +34,3 @@
+  mutable std::unique_ptr<BuiltinBug> BT;
+
+  mutable std::set<SourceLocation> OverflowLoc;
----------------
j.trofimovich wrote:
> zaks.anna wrote:
> > Are you getting multiple reports on the same location? I don't think that 
> > should be happening - the bug reporting infrastructure should unique 
> > reports.
> In what way should bug reporting infrastructure unique reports? scan-build 
> prevents existence of fully identical reports by computing digest 
> (Digest::MD5->new->addfile(*FILE)->hexdigest; scan-build, line 247) but cases 
> when alerts differs by message only aren't caught.
Identical issues should have the same message. Do you have identical issues 
with different messages?

http://reviews.llvm.org/D4066



_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

Reply via email to