Ali Ãehreli Wrote: > Sean Kelly wrote: > > bearophile Wrote: > > > >> C++ Static Analysis as done on the large Mozilla codebase: > >> http://blog.ezyang.com/2010/06/static-analysis-mozilla/ > >> It shows that it's important to have a more powerful static > reflection in D. It works well with scoped user-defined attributes too. > > > > As much as I like static analysis, it still has a long way to go. > For example, here's some C code that a static analysis tool recently > flagged as broken: > > > > size_t fn( char** pdst, char* src, size_t srclen ) { > > __thread static char* dst = NULL; > > __thread static size_t dstcap = 0; > > if( dstcap < srclen ) { > > dstcap = srclen; > > dst = realloc( dst, dstcap ); > > } > > memcpy( dst, src, srclen ); // Purify: ERROR - uninitialized > write > > *pdst = dst; > > return srclen; > > } > > > > Basically, it wasn't smart enough to realize that dst would > > always be non-NULL when the memcpy occurred, let alone that it > > would also always be large enough. For such false positives, > > it's generally necessary to insert pointless code simply to > > silence the error, thus complicating the function and > > increasing the cost of maintenance. I still believe that the > > benefits of static analysis vastly outweigh the cost, but I'd > > love to see more intelligence in branch analysis if nothing > > else. > > realloc may return NULL. Perhaps they are catching that condition?
I suppose so. Maybe I should change the if statement to a loop and see what happens.
