What is the Abstract Interpreter

The Abstract Interpreter is code checking mechanism that detects various problems in the source code by evaluating function bodies from the top to the bottom.

Here are examples of problem detections by the Abstract Interpreter.

Lack of error handlings

int *p = (int *) malloc(sizeof(int) * 10);

if (p) {
    memset(p, 0, sizeof(int) * 10);
}
/* No malloc() error handling in the else branch */

...snip...

p[2] = 5; /* W0422: Dereferencing a pointer possibly be NULL! */

Deadcodes

int i = all_possible_values_of_int();

...snip...

if (i < 0) {
    unsigned int ui = zero_if_succeeded();

    if (ui > 0) {
        return;
    }

    /* "ui" is equal to zero at this point */

    ...snip...

    /* Always be true?  No, it'll be false all the time */
    if (i < ui) {
        return; /* W9001: Control never reaches here! */
    }

/* ISO standard says;
 *   Usual Arithmetic Conversion performed before evaluating
 *   the expression "i < ui".
 * Usual Arithmetic Conversion makes "i < ui" into
 * "(unsigned int) i < ui" and then the value of "i" which
 * is less than 0 will be converted into a new value which
 * is greater than 0 because of the wrap-around.
 * So, the expression ("a value greater than 0" < 0) makes
 * always false.
 */

>> Return to Top