如何使海湾合作委员会警告返回局部变量的地址？ [英] How to make gcc warn about returning the address of local variables?

问题描述

使用 GCC 4.4.5，我有以下code警告。

With gcc 4.4.5, I have a warning with the following code.

char *f(void)
{
    char c;
    return &c;
}

但是，当我使用一个临时指针，没有警告了（即使该行为是错误的）。

But, when I use a temporary pointer, there is no warning anymore (even if the behavior is wrong).

char *f(void)
{
    char c;
    char *p = &c;
    return p;
}

我听说指针分析是在C困难，但可以 GCC 警告如code？

推荐答案

编译器，和大多数静态分析仪，不要试图警告的一切错误的程序可能会做，因为这将带来太多的误报（不这样做的警告对应于源$ C ​​$ C的实际问题）。

Compilers, and most static analyzers, do not try to warn for everything wrong a program might do, because that would entail too many false positives (warnings that do not correspond to actual problems in the source code).

Macmade建议锵的意见，建议我可以秒。需要注意的是锵仍旨在通过最大限度地减少误报是对于大多数开发人员非常有用。这意味着它有假阴性，或者，换句话说，它错过了一些实际问题（不能确定是有问题的时候，它可能会误报浪费开发者的时间保持沉默，而不是风险）。

Macmade recommends Clang in the comments, a recommendation I can second. Note that Clang still aims at being useful for most developers by minimizing false positives. This means that it has false negatives, or, in other words, that it misses some real issues (when unsure that there is a problem, it may remains silent rather than risk wasting the developer's time with a false positive).

请注意，这是值得商榷的，甚至是否真的有在你的程序函数 F（）的一个问题。
功能 H（）下方显然是很好，虽然调用code不得使用 P 返回后

Note that it is even arguable whether there really is a problem in function f() in your program. Function h() below is clearly fine, although the calling code mustn't use p after it returns:

char *p;

void h(void)
{
    char c;
    p = &c;
}

---

另外一个静态分析，我可以推荐是邮资-C的价值分析（我是一个开发人员）。这一个不留任何漏报，错误的一些家庭（包括悬摆指针），在受控条件下使用时。

---

Another static analyzer I can recommend is Frama-C's value analysis (I am one of the developers). This one does not leave any false negatives, for some families of errors (including dangling pointers), when used in controlled conditions.

char *f(void)
{
    char c;
    return &c;
}

char *g(void)
{
    char c;
    char *p = &c;
    return p;
}

$ frama-c -val -lib-entry -main g r.c
...
r.c:11:[value] warning: locals {c} escaping the scope of g through \result
...
$ frama-c -val -lib-entry -main f r.c
...
r.c:4:[value] warning: locals {c} escaping the scope of f through \result
... 

以上只是信息的消息，他们并不意味着功能就一定是错的。有一个对我的功能 H（）太：

h.c:7:[value] warning: locals {c} escaping the scope of h through p

真正的错误，其特点是在邮资-C的输出单词断言，就是如果一个函数调用 H（），然后使用 p ：

void caller(void)
{
  char d;
  h();
  d = *p;
}

$ frama-c -val -lib-entry -main caller h.c
...
h.c:7:[value] warning: locals {c} escaping the scope of h through p
...
h.c:13:[kernel] warning: accessing left-value p that contains escaping addresses; assert(Ook)
h.c:13:[kernel] warning: completely undefined value in {{ p -> {0} }} (size:<32>).

邮资-C的价值分析称作上下文敏感。它分析功能 H（）为每次调用，与实际上传递给它的值。它还分析了code函数调用 H（）之后，是调用者（）通过这实际上可以通过返回^ h值（）。这比上下文敏感分析说锵或GCC通常做的，但更多的precise。

Frama-C's value analysis is called context-sensitive. It analyses function h() for each call, with the values that are actually passed to it. It also analyzes the code that comes after the call to h() in function caller() with the values that can actually be returned by h(). This is more expensive than the context-insensitive analyses that Clang or GCC typically do, but more precise.

这篇关于如何使海湾合作委员会警告返回局部变量的地址？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！