<html>
    <head>
      <base href="http://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - Member variable initialization not tracked after object construction"
   href="http://llvm.org/bugs/show_bug.cgi?id=18491">18491</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Member variable initialization not tracked after object construction
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>3.3
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Macintosh
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>MacOS X
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>kremenek@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>aburnson@museami.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvmbugs@cs.uiuc.edu
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=11876" name="attach_11876" title="Minimal case showing false positive">attachment 11876</a> <a href="attachment.cgi?id=11876&action=edit" title="Minimal case showing false positive">[details]</a></span>
Minimal case showing false positive

The attached test case is from a stripped down reference-counting class. The
issue
appears to be that the true value of ReferenceCount is not tracked properly
following the construction of its parent. This causes a false positive "Use of
memory after it is freed." See the comment and commented out line below for an
example of how the variable can be hinted to cause the static analyzer to see
the true value.

$ c++ --version
Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn)
Target: x86_64-apple-darwin13.0.0
Thread model: posix

$ c++ --analyze AnalyzerError.cpp
AnalyzerError.cpp:43:5: warning: Use of memory after it is freed
    Reference->ReferenceCount--;
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>