Daniel Pittman wrote:
> > Well a trivial example:
> >
> > int pos, array [100] ;
> > read (fd, &pos, sizeof (pos));
> > array [pos] = 0 ;
> >
> > I know analysis tools like coverity can find stuff like this.
>
> *nod* I don't think that is one of the problems that sparse tests
> for[1], in large part because GCC already has a warning for
> use-without-initialization and sparse tends to be "things GCC can't
> test".
Well in the above case, pos is initialized, but any value outside
[0, 99] can potentially have very bad effects.
> In the bigger picture, your original question about static analysis
> tools for C missed one critical detail: what do you actually want it to
> statically analyse?
I'm the author of libsndfile:
http://www.mega-nerd.com/libsndfile/
which is a library for reading and writing sound files. These sound
files have to be considered untrusted (ie downloaded from the big
bad internet).
In addition, most sound files types have binary 16 and 32 bit integer
values in their headers which then need to be used as things like indexes
into arrays.
Obviously, values retrieved from an untrusted source need to be validated
before they are used but its very easy to forget. I'd like to have a
static analyser that can tell me when a untrusted value is used before it
is validated.
Erik
--
-----------------------------------------------------------------
Erik de Castro Lopo
-----------------------------------------------------------------
Moore's Law: hardware speed doubles every 18 months
Gates' Law: software speed halves every 18 months
_______________________________________________
coders mailing list
coders@slug.org.au
http://lists.slug.org.au/listinfo/coders
