Hi David, Following your suggestion to look into kf.cc, I noticed that the analyzer didn't have known function handlers for atoi or atol.
I have implemented a kf_atoi class that verifies the incoming argument is a valid, null-terminated string and sets the LHS to a generic unknown value. I also added a regression test (atoi-1.c) which successfully flags uninitialized buffers passed to atoi. I've attached the patch (with the Signed-off-by tag and ChangeLog). I've run the DejaGnu test suite on this (make check-gcc RUNTESTFLAGS="analyzer.exp=atoi-1.c") and it passes with zero regressions. Simultaneously, I am continuing to study the new class api in the CPython plugin using my manual C extension to see how the new architecture handles reference counting. Best regards, Saksham Gupta On Mon, 9 Mar 2026 at 11:19, Saksham Gupta <[email protected]> wrote: > Hi David, >> >> Thank you for the thoughtful review and the constructive feedback! >> >> Your point about "papering over" the issue makes complete sense. I now >> understand the design philosophy of wanting the analyzer to fail loudly so >> that unimplemented features aren't silently ignored. I'll leave the nested >> function architecture to the experts for now! >> >> (Also, regarding Bugzilla: my account creation is still pending admin >> approval, which is why the patch hasn't appeared there yet.) >> >> Taking your advice on testing and workflow to heart, I will make sure to >> run a full bootstrap and make check for future patches, and I will adopt >> the ice-*.c naming convention for crash testcases. >> >> Moving forward, I would love to take up the starter project you >> suggested. I am currently looking through kf.cc to find a standard C >> library function that the analyzer doesn't know about yet, and I will >> attempt to implement a known_function handler for it. >> >> Simultaneously, I am pulling your latest CPython plugin refactor (PR >> 112520) into my local build. Reading through the commit, it makes total >> sense why the Python 3.11 anonymous union change for ob_refcnt broke the >> old lookup method. The new class api structure looks like a much cleaner >> foundation for me to hook the new state machine into! To get a better grasp >> of the API, I am also writing a basic Python C extension by hand, >> intentionally introducing reference leaks to use as a testbed. >> >> Thanks again for taking the time to guide me through this. >> >> Best regards, >> Saksham Gupta > >
0001-analyzer-add-known-function-handling-for-atoi-and-at.patch
Description: Binary data
