[cfe-dev] [analyzer] Why this null pointer dereference error doesn't report
Anna Zaks via cfe-dev
cfe-dev at lists.llvm.org
Wed Nov 4 13:36:40 PST 2015
We have a heuristic that is used to suppress common false positives. Specifically, the function may never return ‘0’ when called from the given call site. It is not the case here, but the heuristic is coarse grained and would benefit from tuning.. See -suppress-null-return-paths.
Anna.
> On Nov 3, 2015, at 10:16 PM, 邹越 via cfe-dev <cfe-dev at lists.llvm.org> wrote:
>
> Hi!
>
>
> The code sample as below:
>
> -------------main.cpp----------------
>
> int* func(int b)
> {
> if (b > 0)
> {
> return new int[3];
> }
> return 0;
> }
>
> void np_1(int* p, int b)
> {
> p = func(b);
> *p = 123;
> return;
> }
>
> ---------------------------------------
>
> The command I ran: "clang -cc1 -analyze -analyzer-checker=core.NullDereference main.cpp".
> In my opinion,there should report a null pointer dereference error at code "*p = 123", since "func" would return 0 if b is not greater than zero.
> Howerver, no error reported. I debugged clang and found that "CheckerContext::emitReport()" indeed has been invoked when derefencing pointer p.
>
> clang version:
> clang version 3.8.0 (trunk 248698)
> Target: x86_64-apple-darwin15.0.0
> Thread model: posix
>
> Can somebody tell me where the problem is?
> Thanks in advance, Quark
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev <http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20151104/07bf5fe4/attachment.html>
More information about the cfe-dev
mailing list