Date: Wed, 23 Apr 2014 22:21:04 +0200 From: Erik Cederstrand <erik+lists@cederstrand.dk> To: Charles Swiger <cswiger@mac.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <546CE3A8-FC87-472F-8A63-0497D0D28789@cederstrand.dk> In-Reply-To: <B4A7F879-588B-4414-B416-601066C4E61A@mac.com> References: <10999.1398215531@server1.tristatelogic.com> <50CA7E78-BB5E-4872-A272-B7374627EC12@cederstrand.dk> <B4A7F879-588B-4414-B416-601066C4E61A@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Den 23/04/2014 kl. 21.14 skrev Charles Swiger <cswiger@mac.com>:
> The most straightforward changes to this snippet would be either:
>=20
> int foo(int y, int z) {
> int x;
> if (y =3D=3D z) {
> x =3D 0;
> } else {
> x =3D 1;
> }
> return x;
> }
>=20
> ...or:
>=20
> int foo(int y, int z) {
> int x =3D 0;
> if (y !=3D z) {
> x =3D 1;
> }
> return x;
> }
>=20
> Not only are both of these shorter and they pass clang's static =
analyzer without a warning, I'd argue that the second version is =
noticeably cleaner.
I don't disagree with you, but rewriting 1000 if-else cases in =
single-threaded userland programs just so the analyzer understands them =
is 1) tedious and 2) bound to accidentally introduce at least 50 new =
bugs, since most real-life examples are considerably more complicated =
than the minimal example I posted.
Erik=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?546CE3A8-FC87-472F-8A63-0497D0D28789>