Adding Checks for pure, const Attributes

The gcc compiler supports several “attributes” that you can tag a function with. The semantics of those attributes is described informally and, indeed, gcc doesn’t check that they attributes are observed. In other words, the attributes are just decorative, and really have no semantics at all.

Two attributes that are often used are `pure’ and `const’. Yes, the `const’ keyword is horribly overloaded in C/C++, and yet here’s another use. For example, you’d tag a function as pure with syntax like:

int __attribute__((pure)) foo(void) {
return 42;
}

I guess the ugliness of the attribute syntax is meant to stand out from the rest of the code. In that, gcc has succeeded!

Informally, `const’ means “no reads or writes to or from global state”, and `pure’ means “reading global state is OK, but not writing it”.

From a static analysis point of view, global state operations include reading or writing global variables, heap allocation or deallocation, reading or writing heap data, or calling functions without the `pure’ or `const’ attributes.

So far, Goanna checks for reads and writes of global variables in `pure’ and `const’ functions, and issues warnings if appropriate. We’re in the process of adding the other bits to check the attributes more thoroughly.

Tags:
No Comments

Post a Comment