[LLVMbugs] [Bug 16025] New: static analyzer does not keep track of variable values

[bugzilla-daemon at llvm.org]

http://llvm.org/bugs/show_bug.cgi?id=16025

            Bug ID: 16025
           Summary: static analyzer does not keep track of variable values
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: austinenglish at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 10521
  --> http://llvm.org/bugs/attachment.cgi?id=10521&action=edit
report file

Noticed while analyzing wine. The code in question:
if(IsEqualCLSID((*iter)->pclsid, rclsid) && (*iter)->pfnGetClassObject) {
    if(!(*iter)->pCF)
        hres = (*iter)->pfnGetClassObject((*iter)->pfnCreateInstance,
&IID_IUnknown, (void**)&(*iter)->pCF);
     if((*iter)->pCF)
        hres = IUnknown_QueryInterface((*iter)->pCF, riid, ppv);
        TRACE("returning %p (%08x)\n", *ppv, hres);
     return hres;

the problem is that when analyzing, clang decides to take the false path
initially (so (*iter)->pCF is a valid pointer). It then takes the next false
path, where (*iter)->pCF is not valid.

This condition isn't possible, and makes the reports much less helpful.

The file in question is from wine/dlls/atl100/atl.c.

I've attached the html report from ccc-analyzer. Note lines 445/447.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130516/3e14beae/attachment.html>