[cfe-dev] [cfe-users] Questionable dereference of null pointer warning
ganna at apple.com
Mon Feb 4 13:39:08 PST 2013
On Feb 4, 2013, at 11:31 AM, "Morrell, Michael" <michael.morrell at intel.com> wrote:
> I haven't received any response yet, so I figured I'd try cfe-dev.
> Begin forwarded message:
> From: "Morrell, Michael" <michael.morrell at intel.com<mailto:michael.morrell at intel.com>>
> Subject: [cfe-users] Questionable dereference of null pointer warning
> Date: January 31, 2013 11:09:38 AM PST
> To: "cfe-users at cs.uiuc.edu<mailto:cfe-users at cs.uiuc.edu>" <cfe-users at cs.uiuc.edu<mailto:cfe-users at cs.uiuc.edu>>
> I'm getting a "dereference of null pointer" warning from the Clang static analyzer (checker-270 on MacOS) that I don't understand. A simplified example is:
> void set_x1(int *&);
> void set_x2(void *&);
> int foo(void)
> int *x = 0, *y = 0;
> set_x2((void *&)y);
> return *x + *y;
> When I run "scan-build c++ -c" on this file, it complains about the dereference of y, but not x. Should there be a difference between these two cases?
This is a false positive. There should be no bug reported. Please, file a bug report.
> On a related note, it appears that the analyzer assumes that a function like set_x1 will always set the argument to a non-NULL value (presumably unless it can see the source and know otherwise). Is that the best assumption and are such assumptions made by the analyzer documented anywhere?
That is correct. The analyzer does assume that the value of the pointer can be anything after a call to 'set_x2', unless it can see inside 'set_x2'. The analyzer currently only preforms inter-procedural analyzes within a single translation unit (source file + headers). The idea is to be conservative and report as few false positives as possible. We do not have a document describing what the reasoning is in each case.
> cfe-users mailing list
> cfe-users at cs.uiuc.edu<mailto:cfe-users at cs.uiuc.edu>
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
More information about the cfe-dev