On 08/02/2018 09:42 AM, Martin Sebor wrote:
> The warning bits are definitely not okay by me. The purpose
> of the warnings (-W{format,sprintf}-{overflow,truncation} is
> to detect buffer overflows. When a warning doesn't have access
> to string length information for dynamically created strings
> (like the strlen pass does) it uses array sizes as a proxy.
> This is useful both to detect possible buffer overflows and
> to prevent false positives for overflows that cannot happen
> in correctly written programs.
So how much of this falling-back to array sizes as a proxy would become
unnecessary if sprintf had access to the strlen pass as an analysis module?
As you know we've been kicking that around and from my investigations
that doesn't really look hard to do. Encapsulate the data structures in
a class, break up the statement handling into analysis and optimization
and we should be good to go. I'm hoping to start prototyping this week.
If we think that has a reasonable chance to eliminate the array-size
fallback, then that seems like the most promising path forward.
>
> By changing the logic to not consider the bounds of the array
> the warnkngs will become prone to many false positives as is
> evident from your changes to the tests (you had to explicitly
> enable the new option).
ISTM that a reasonable goal to shoot for is to be able to run the
existing warning tests without the array-size fallback once we've got a
string length analysis module.
Jeff
