[LLVMbugs] [Bug 14784] New: Analysis result depends on used integer type

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Jan 2 07:53:22 PST 2013


http://llvm.org/bugs/show_bug.cgi?id=14784

             Bug #: 14784
           Summary: Analysis result depends on used integer type
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: florob at babelmonkeys.de
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


Created attachment 9794
  --> http://llvm.org/bugs/attachment.cgi?id=9794
Minimal test case

I stumbled upon an interesting false positive today in some memory allocation
code.

The code uses a struct with a size field and a memory field. It is written such
that the size is only zero when no memory has been allocated yet.

The analyzer complains that the memory could be NULL when a resize function is
called and decides do nothing, because the memory already has the correct size.
This could only happen if the requested size is zero, which is explicitly
checked for.

The curious thing is that the analyzer only produces a diagnostic when the
integer conversion rank of the size field is lower than that of an unsigned
int.

I'm attaching a test case which is as minimal as I managed to get it.
With clang 3.2 as well as trunk I get a diagnostic when using a uin16_t as the
size field, but none when using a uint32_t (or larger).

I have not yet ruled out that this is a true positive and I'm completely
overlooking something, but having played with this quite a bit it seems
suspicious.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



More information about the llvm-bugs mailing list