Greater precision from fine grained control flow analysis

To make Goanna fast enough for the desktop, we have to keep our control flow models simple. In the past we combined short-circuit operators in our models into single events, which means we missed some bugs. But some new tricks mean we can have finer-grained control flow models.

int ret;
if (x > 0 && (ret = foo()) > 0) {
/* ... */
return ret;

There’s a bug here, and that is that if x <= 0, ret is not initialised when you try to return it. With the condition statement as a single event, Goanna could not tell that the first half of the && could run without the second half running.

Well, we developed some techniques that let us handle larger control flow graphs. So that latest nightly version of Goanna reports this:

Goanna - analyzing file example.c
Number of functions: 1
example.c:12: warning: Goanna - Variable `ret' may be uninitialized
Total runtime : 0.04 seconds

So our next release will help you catch even more bugs!

No Comments

Post a Comment