[LLVMbugs] [Bug 15679] New: static analyser reports null dereference when it clearly cannot happen

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Thu Apr 4 16:05:15 PDT 2013


            Bug ID: 15679
           Summary: static analyser reports null dereference when it
                    clearly cannot happen
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: gryzman at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 10291
  --> http://llvm.org/bugs/attachment.cgi?id=10291&action=edit
formatting.c from postgresql project

checker-272 on mac

fe-lobj.c from postgresql got flagged (attaching the result file and source
But it clearly is visible in the same source file, that the condition could
never work out ! Clearly clang is unable to figure it out, and throws in loads
of false positives. 

In short this looks like so:

void some_funct(struct f *foo)
  if (foo==null || foo->bar==0)

    if (initialise_f(foo) < 0)

  // this gets flagged as dereference of null pointer if foo is null

int initialise_f(struct f* foo)
  if (!foo)
    return -1'

// ....

so in the example above (and attached code, look at function lo_tell64 and
lo_initialise) - this condition (dereference of null pointer) cannot happen.
Yet clang insists it does. After dozens of reports like that - and wasted time
on my pard - I decided to bug it here.

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130404/eb2eaed6/attachment.html>

More information about the llvm-bugs mailing list