Thanks a lot for reviewing!
Unfortunately we have no ability to share our code before it satisfies some
quality level...
Could you propose description for "different" package?
You are correct in your assumption about ExternalSym goals. But there are some
cases where analyzer fails to determine right value for a symbol, i.e two
alerts from android codebase:
* report-7f4011.html
| File | external/mesa3d/src/glsl/linker.cpp |
| Location | line 779, column 42 |
| Description | Integer overflow while subtraction. 0 U32b AND 1 U32b |
This alert happens because analyzer have no information about num_shaders and
while cross_validate_globals proccessing assumes that num_shaders can be 0. But
actually it's never happened because num_shaders is checked for 0 every time
before link_intrastage_shaders calling (external/mesa3d/src/glsl/linker.cpp,
lines 1602 and 1617).
* report-51bc27.html
| File |
frameworks/av/drm/libdrmframework/plugins/passthru/src/DrmPassthruPlugIn.cpp |
| Location | line 66, column 41|
| Description | Integer overflow while addition. 4294967295 U32b AND 1 U32b |
This alert happens because constructor for value(line 64) doesn't inlined
(because this constructor is defined in another translation unit
frameworks/native/libs/utils/String8.cpp) and class member mString is
assumed to be 0. So, when value.length() is called(line 66) underflow happens
and (0 - 1) is returned. Further addition 1 results in FP overflow.
We tested IntegerOverflow checker on Android codebase where it produced 236
alerts. In brief I guess about 70% of alerts are TP.
If you would like to inspect full results of analysis with enabled/disabled
heuristic please suggest place for uploading(size is about 100mb).
I'll try to change the checker according to your comments and it would be nice
if you'll find time to review it again!)
{F110916}
{F110918}
http://reviews.llvm.org/D4066
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
