Uploaded image for project: 'SonarCFamily'
  1. SonarCFamily
  2. CPP-2981

Fix: Symbolic execution does not cover all code paths when modeling fopen

    XMLWordPrintable

    Details

      Description

      In some circumstances , in a piece of code like the following

       

      FILE* fp = fopen(filename, "r");
      if(NULL == fp) {
        // block A
        // do something
      }
      // block B

      Symbolic execution will not go through block B and only block A will be visited.

      There is no obvious reason to this behavior. fp does not have a fixed NULL symbolic value.
      This behavior happens only if clang checker alpha.unix.Stream is enabled.
      This checker happens to model the behavior of streams including function fopen.

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            geoffray.adde Geoffray Adde
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: