Detecting infinite loops

[llvmbot]

Bugzilla Link	11683
Version	2.9
OS	All
Reporter	LLVM Bugzilla Contributor
CC	@AnnaZaks,@gribozavr,@tkremenek,@sunfishcode

Extended Description

It seems like it would be possible to cat a small subset of simple but common infinite loops by checking whether the variables in the loop condition are changed by either the condition check or the loop body. Sample code that this would trigger on might look like this (yes, I've actually written this kind of code, frequently, and it's not an error to gcc for obvious reasons).

int main() { int i=10;

while (i>0); //notice the semicolon
{
    i--;
}

return 0;

}

This would also possibly be useful in a large set of cases where critical parts of loops have been malformed.

[gribozavr]

The original example would be caught by the new behavior of -Wempty-body introduced in r150515.

[0f73b9cf-134f-41af-a8b1-14d9f305ee95]

This is also related to http://llvm.org/bugs/show_bug.cgi?id=11329, which is a request for empty loop warning.

A syntactic static analysis patch for it has been submitted for review today.

[llvmbot]

This is a restricted form of dead code analysis. Potentially very useful. This case in particular could be caught easily with a syntactic check, but there are others that are more interesting.

Although the specific example I gave could have been caught by a very simple syntactic check, it would seem that much more complicated versions of the same bug could only be caught by a tool like the static analyzer. For example if the variables in the loop condition were only changed in a path that's never run or if they were changed as part of the loop but then changed back. (There are also good reasons why you can't just raise a warning for loops that are followed by semi-colons).

[tkremenek]

This is a restricted form of dead code analysis. Potentially very useful. This case in particular could be caught easily with a syntactic check, but there are others that are more interesting.

[llvmbot]

assigned to @tkremenek