[llvm-bugs] [Bug 38199] New: false positive null pointer analysis due to not inlined list operator == and !=

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Jul 17 12:25:32 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=38199

            Bug ID: 38199
           Summary: false positive null pointer analysis due to not
                    inlined list operator == and !=
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: chh at google.com
                CC: llvm-bugs at lists.llvm.org

To reproduce:

$ cat /tmp/null.cpp
#include <list>
typedef std::list<int*> MyList;
extern MyList &mylist;
struct A {
  A();
  void f0();
};
extern void f1(), f2();
void foo()
{
  A *p = nullptr;
  MyList::iterator begin = mylist.begin();
  MyList::iterator end = mylist.end();
  if (begin != end) {
    f1();
    p = new A();
  }
  if (!(begin != end)) {
    f2();
    if (p != nullptr) delete p;
    p = new A();
  }
  p->f0();
  delete p;
}


$ clang-tidy -checks=-*,clang-analy* /tmp/null.cpp -- -std=c++11 -O2
/tmp/null.cpp:23:3: warning: Called C++ object pointer is null
[clang-analyzer-core.CallAndMessage]
  p->f0();
  ^
/tmp/null.cpp:11:3: note: 'p' initialized to a null pointer value
  A *p = nullptr;
  ^
/tmp/null.cpp:14:7: note: Assuming the condition is false
  if (begin != end) {
      ^
/tmp/null.cpp:14:3: note: Taking false branch
  if (begin != end) {
  ^
/tmp/null.cpp:18:7: note: Assuming the condition is false
  if (!(begin != end)) {
      ^
/tmp/null.cpp:18:3: note: Taking false branch
  if (!(begin != end)) {
  ^
/tmp/null.cpp:23:3: note: Called C++ object pointer is null
  p->f0();
  ^



If compiled with clang -O2, we can see that all calls to the list and iterator
functions can be inlined and it is impossible to have both !(begin != end) and
!!(begin != end)

The clang static analyzer does not seem be inlining the != and == operators of
the list::iterator.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180717/6b0d9aa7/attachment.html>

More information about the llvm-bugs mailing list