> If this is still correct, I will just restrict the analyzer to not > infer any property from data defined in structs.
This is wrong :). > > If accessing "p->bar" via "p->before_end[5]" is not correct, I can > restrict the analyzer to work only on "non last array in a struct". > You can't guarantee that the access there is actually to p->bar, AFAIK. You know only that it is somewhere in the structure :) Anyway, the real fix is to simply not attempt to derive information when the access is through a pointer (IE it is not related to structs at all, it's the fact that these are heap allocated), unless you have info about the malloc sites and the upper bound on what size it is allocating. I'll actually soon be providing you such malloc site size info :) I didn't think we tried to estimate anything when dealing with indirect pointers right now.
