[cfe-dev] [cfe-users] Questionable dereference of null pointer warning

Anna Zaks ganna at apple.com
Mon Feb 4 13:39:08 PST 2013 

On Feb 4, 2013, at 11:31 AM, "Morrell, Michael" <michael.morrell at intel.com> wrote:

> I haven't received any response yet, so I figured I'd try cfe-dev.
> 
>  Michael
> 
> Begin forwarded message:
> 
> From: "Morrell, Michael" <michael.morrell at intel.com<mailto:michael.morrell at intel.com>>
> Subject: [cfe-users] Questionable dereference of null pointer warning
> Date: January 31, 2013 11:09:38 AM PST
> To: "cfe-users at cs.uiuc.edu<mailto:cfe-users at cs.uiuc.edu>" <cfe-users at cs.uiuc.edu<mailto:cfe-users at cs.uiuc.edu>>
> 
> I'm getting a "dereference of null pointer" warning from the Clang static analyzer (checker-270 on MacOS) that I don't understand.  A simplified example is:
> 
> =========================
> void set_x1(int *&);
> void set_x2(void *&);
> 
> int foo(void)
> {
>   int *x = 0, *y = 0;
> 
>   set_x1(x);
>   set_x2((void *&)y);
>   return *x + *y;
> }
> =========================
> 
> When I run "scan-build c++ -c" on this file, it complains about the dereference of y, but not x.  Should there be a difference between these two cases?

This is a false positive. There should be no bug reported. Please, file a bug report.

> 
> On a related note, it appears that the analyzer assumes that a function like set_x1 will always set the argument to a non-NULL value (presumably unless it can see the source and know otherwise).  Is that the best assumption and are such assumptions made by the analyzer documented anywhere?
> 

That is correct. The analyzer does assume that the value of the pointer can be anything after a call to 'set_x2', unless it can see inside 'set_x2'. The analyzer currently only preforms inter-procedural analyzes within a single translation unit (source file + headers). The idea is to be conservative and report as few false positives as possible. We do not have a document describing what the reasoning is in each case.

> Thanks,
> 
> Michael
> _______________________________________________
> cfe-users mailing list
> cfe-users at cs.uiuc.edu<mailto:cfe-users at cs.uiuc.edu>
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-users
> 
> 
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list