[Toybox] LLVM sanitizers
enh
enh at google.com
Thu Jul 21 10:08:57 PDT 2016
On Wed, Jul 20, 2016 at 10:33 PM, Andy Chu <andychup at gmail.com> wrote:
>>> Feel free to run it. I've never had much interest in false positive
>>> generators myself.
>
> I also have to point out the insanity of this statement, because ASAN
> found a bug that YOU INTRODUCED on top of my code, in expr.c.
i think some of the static analyzers have really pissed in the pool
here... even as someone who's a supporter of "all the help we can
get", something like clang-tidy, for example, seems to be mostly
noise[*]. i don't think it's clear to folks who aren't already using
the sanitizers that they're fundamentally different.
[of course, judging a static analyzer on a mature codebase is always
tricky, because the chances are you've found and fixed the most
interesting stuff already.]
> I sent you a correct patch to free memory in expr.c. You ignored my
> patch because you were refactoring already, and introduced a bug (use
> after free I think). I sent you demonstration of ASAN finding your
> bug. You didn't apply the correct patch or the ASAN patches. The bug
> is still in the tree AFAIK.
>
> expr is in pending, but ships on Android.
>
> I hope that was clear! I thought you were just busy, but I think you
> never really understood what I was saying and what the tools do. If
> there were any parts of my messages that weren't clear, I'm happy to
> clarify.
>
> Andy
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net
--
Elliott Hughes - http://who/enh - http://jessies.org/~enh/
Android native code/tools questions? Mail me/drop by/add me as a reviewer.
More information about the Toybox
mailing list