head     1.1;
branch   1.1.1;
access   ;
symbols  start:1.1.1.1 project:1.1.1;
locks    ; strict;
comment  @# @;


1.1
date     2009.07.09.02.51.48;  author yo2dh;  state Exp;
branches 1.1.1.1;
next     ;

1.1.1.1
date     2009.07.09.02.51.48;  author yo2dh;  state Exp;
branches ;
next     ;


desc
@@



1.1
log
@Initial revision
@
text
@-  BUG: the lengths of string constants aren't counted correctly when
   they contain special escapes (e.g., "foo\n" is counted as length 6, not 5)
-  Add more "sources" for long buffers -- e.g. argv, etc.
-  Fix parseFmt to understand backslashes. :-)
-  Identify which lines cause buffer overruns.
   After finished doing the analysis, walk the AST tree a third time;
   for each line that writes to a buffer, check whether it creates an overflow
   using the already-known length and size information.
-  Add some simple aliasing analysis for string pointers.
-  Gracefully handle FunDecls and FunDefs for functions (like strcpy(), etc.)
   that we interpret internally.
-  Improve the constraint-sig interface: instead of having stuff like queryGe,
   just let the caller register a callback for the terms it is interested in,
   and call the callback with the value of the term when it is known.
-  Add points-to analysis.
-  Deal with 'char p[10+sizeof(q)];' or 'int x; char p[10+x];' gracefully.
-  Improve support for the `min' operation.
@


1.1.1.1
log
@CVS TEST
@
text
@@
