例如code触发锵的静态分析器 [英] Example code to trigger Clang's static analyser

问题描述

我想看到code，这将导致锵的静态分析器抱怨的一个小而完整的片段。我的动机主要是我想要得到它在我的PIC32 code工作，我需要一种方法之间的所有code是精，它实际上没有做任何事情来区别。这也部分好奇，因为我似乎无法拿出一个简单的例子，我自己。

C89 / ANSI C99或细，最好我想看看它拿起一个简单的内存泄漏。我的用法是

 铛--analyze test.c的
 

解决方案

我发现在我的code一个错误（通过触发只有一个;-)，即不能检测到 -Wall 。我做下来到以下

 结构ELEM {
  结构ELEM * preV;
  结构ELEM *接下来的;
};＃定义ELEM_INITIALIZER（NAME）{preV =＆放大器;（名称），=。接下来及（NAME），}结构头{
  结构ELEM头;
};＃定义HEAD_INITIALIZER（NAME）{.header = ELEM_INITIALIZER（NAME.header）}INT主（INT ARGC，字符** argv的）{
  结构头myhead = HEAD_INITIALIZER（myhead）;
}
 

这是一个相对简单的实施链表，但在这里，这并不重要。变量 myhead 是在词的常识应用未使用的，但由于初始内部使用它的编译器领域的地址服用。

铛正确分析此为

  / tmp中11:58和LT; 722 GT;％铛--analyze测试clang.c
测试clang.c：25：15：警告：它初始化过程中存储到myhead值永远不会读
  结构头myhead = HEAD_INITIALIZER（myhead）;
              ^ ~~~~~~~~~~~~~~~~~~~~~~~~
1诊断生​​成。
 

编辑：我找到了另外一个也检测堆栈存储器增殖

 字符常量* myBuggyFunction（无效）{
  回报（的char [LEN + 1]）{0};
}
 

这不是由 GCC ， open64 或铛与 -Wall ，但铛与 - 分析。

I would like to see a small but complete snippet of code that will cause Clang's static analyser to complain. My motivation is mostly that I'm trying to get it to work on my PIC32 code, and I need a way to distinguish between "all the code is fine" and "it's not actually doing anything". It's also partly curiosity, since I can't seem to come up with a simple example myself.

C89/ANSI or C99 is fine, and ideally I'd like to see it pick up a simple memory leak. My usage is

clang --analyze test.c

解决方案

I found a "bug" in my code (the only one ;-) that triggers by that, and that is not detected by -Wall. I cooked it down to the following

struct elem {
  struct elem *prev;
  struct elem *next;
};

#define ELEM_INITIALIZER(NAME) { .prev = &(NAME), .next = &(NAME), }

struct head {
  struct elem header;
};

#define HEAD_INITIALIZER(NAME) { .header = ELEM_INITIALIZER(NAME.header) }

int main(int argc, char ** argv) {
  struct head myhead = HEAD_INITIALIZER(myhead);
}

This is a relatively straight forward implementation of a linked list, but this is not important here. The variable myhead is unused in a common sense application of the term, but for the compiler it is used since inside the initializer the address of a field is taken.

clang correctly analyzes this as

/tmp 11:58 <722>% clang --analyze test-clang.c
test-clang.c:25:15: warning: Value stored to 'myhead' during its initialization is never read
  struct head myhead = HEAD_INITIALIZER(myhead);
              ^        ~~~~~~~~~~~~~~~~~~~~~~~~
1 diagnostic generated.

Edit: I found another one that also detects stack memory proliferation

char const* myBuggyFunction(void) {
  return (char[len + 1]){ 0 };
}

This is not detected by gcc, open64 or clang with -Wall, but by clang with --analyze.

这篇关于例如code触发锵的静态分析器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！