<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - false positive: Forming reference to null pointer after dynamic cast to this"

   href="https://bugs.llvm.org/show_bug.cgi?id=41463">41463</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>false positive: Forming reference to null pointer after dynamic cast to this

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>8.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Static Analyzer

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>dcoughlin@apple.com

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>Burlog@seznam.cz

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>The code bellow emits this warning:

┣━ /tmp/ ❱ scan-build -o /tmp/report clang++ b.cc

scan-build: Using '/usr/lib64/llvm/8/bin/clang-8' for static analysis

b.cc:24:30: warning: Forming reference to null pointer

    throw std::runtime_error("error type: " + type);

                             ^~~~~~~~~~~~~~~~~~~~~

1 warning generated.

scan-build: 1 bug found.

scan-build: Run 'scan-view /tmp/report/2019-04-11-122032-4644-1' to examine bug

reports.

┣━ /tmp/ ❱ cat b.cc

#include <map>

#include <iostream>

#include <memory>

struct V {

    V(std::string type): type(std::move(type)) {}

    virtual ~V() = default;

    virtual void some_method() = 0;

    template <typename T> T f();

    std::string type;

};

template <typename T>

struct R: public V {

    R(): V("R") {}

    void some_method() override {}

    T value;

};

template <typename T>

T V::f() {

    if (auto *res = dynamic_cast<R<T> *>(this))

        return res->value;

    throw std::runtime_error("error type: " + type);

}

struct C {

    struct E {V *values[2]; bool second_valid;};

    template <typename T>

    T get(const std::string &n) {

        auto ival = map.find(n);

        if (ival == map.end())

            throw std::runtime_error("error name: " + n);

        return ival->second.values[ival->second.second_valid]->f<T>();

    }

    std::map<std::string, E> map;

};

int main(int, char *[]) {

    C c;

    C::E e;

    e.second_valid = false;

    e.values[0] = new R<int>();

    e.values[1] = new R<int>();

    c.map.emplace("r", e);

    std::cerr << c.get<int>("r") << std::endl;

    return EXIT_SUCCESS;

}

When the lines 22 and 23 are removed, the analyzer doesn't report any warning.

It looks like, that dynamic_cast of this confuses the analyzer.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>