<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/68699>68699</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
[analyzer] In case of null member de reference the notes are not "following" the member reference
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
spaits
</td>
</tr>
</table>
<pre>
In the following code:
```cpp
int main() {
struct Wrapper {char c; int &ref; };
Wrapper w = {.c = 'a', .ref = *(int *)0 };
w.ref = 1;
}
```
The clang static analyzer will produce the following warnings and notes:
```
test.cpp:12:11: warning: Dereference of null pointer [core.NullDereference]
12 | w.ref = 1;
| ~~~~~~^~~
test.cpp:11:5: note: 'w' initialized here
11 | Wrapper w = {.c = 'a', .ref = *(int *)0 };
| ^~~~~~~~~
test.cpp:12:11: note: Dereference of null pointer
12 | w.ref = 1;
| ~~~~~~^~~
1 warning generated.
```
In the line where `w` is created, the note gives information about the initialization of `w` instead of `w.ref`. Let's compare it to a similar case where a null pointer de reference happens to a pointer member:
```cpp
int main() {
struct Wrapper {char c; int *ptr; };
Wrapper w = {.c = 'a', .ptr = nullptr };
*w.ptr = 1;
}
```
Here the following error and notes are seen:
```
test.cpp:18:12: warning: Dereference of null pointer (loaded from field 'ptr') [core.NullDereference]
18 | *w.ptr = 1;
| ~~~ ^
test.cpp:17:5: note: 'w.ptr' initialized to a null pointer value
17 | Wrapper w = {.c = 'a', .ptr = nullptr };
| ^~~~~~~~~
test.cpp:18:12: note: Dereference of null pointer (loaded from field 'ptr')
18 | *w.ptr = 1;
| ~~~ ^
1 warning generated.
```
Here the note that shows the initialization the initialization of `w.ptr` in shown instead of `w`.
The initialization of member reference should be shown instead of the struct or class or union that has that member.
The notes for the initialization should instead look like this:
```
test.cpp:12:11: warning: Dereference of null pointer [core.NullDereference]
12 | w.ref = 1;
| ~~~~~~^~~
test.cpp:11:5: note: 'w.ref' initialized to a null pointer value
11 | Wrapper w = {.c = 'a', .ref = *(int *)0 };
| ^~~~~~~~~
test.cpp:12:11: note: Dereference of null pointer
12 | w.ref = 1;
| ~~~~~~^~~
1 warning generated.
```
Here the initialization of `w.ref` is shown instead of `w`.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsV82O4zYMfhrlQqxhy4kdH3LIbDroAkVPBXqWZTpWV5EMSZ5g9zDPXlCOnUkyP5mip6LBwJYlkiI_kR81wnu1N4gbtnpgq91CDKGzbuN7oYJf1Lb5sflmIHQIrdXaHpXZg7QNsnzL0h1Lt6xIxz_Z9-OMMgEOQhnG14xXwMqHcR4AwAc3yAB_OtH36GhNdsKBZPkDkB7jhcOWvli5Y_kLzUnlCCzfkWIixxEvBeMl418hcdie5raMr0d7W8ar9MbacZbN5nmSuQzp9Bmff3QIUguzBx9EUBKEEfrHT_JIaQ29s80g8Qqpo3BGmb0HYRowNqC_xW38DOhDQhDm24zTI2P5dtKn4Q4dtujQSATbghloU6tMIBhXD9I6TH4ftH4hx1a7OeKMAyu_wluxx4Uo8Rx_bPXL8_OtZ-TUiryhWOjNeHlkvARlVFBCq5_YQIcOz_tm877_7gmO3kY_Ty6_g-Pk7jsgXiP1Pkr0u0Eqm84L9mjQiYBN8uphnypKK4NwJLiAFemRFSkoD9IhaRIcJESuw149oQdlWusOIihrQNR2CFFghn5csO3ZmPEBRTNNUUCsSBP4DQPjpQdpD71wCCpAsCDAq4PSVI3CT36Jy0RrEM4AdnScxo-6k8QBDzW6c5b_A464gyS2fXCvkcRdOdYHF-cosji-NsL49jhL3csPvxJcl9WPzll3Ln0grD2iuYcD1lMC380BfK2taLCB1tkDtAp1Q2ETUhR4dRdLrOfsfgOEeX0sACrAW-fL12giGT25oIqYOhdhPAk9vGCP8lPs8eHJfswZZ9zv4IyPQf8Mshfkcg3v3dwy52EkjtCJAL6zR_8aV7xNH_GwIoVEbXPNJcQj193x1tJIBi8ow3d20A3UeGuVfDkVvnXUab2nwWBGR0WATvhxMJpNzjuP5dVa91pEpz2nrbS130Gr74SN-i-240jzn62z_7v0O5X0RomM7ZRa9pslsmg2eVPllVjgJiuqolqm2TpddJu8rtJl3YhcpmmdV1lWVVkql2nbpKLM2nqhNjzleZZmacazIlsnUnKJWVOtVk3B06VkyxQPQulE66dDYt1-obwfcFOsi6paaFGj9vFSz7nBI8RFxjnd8d2GdL7Uw96zZaqVD_5sJaig438D0_2WrXbwzYyXguk0ToV9cR0IcyFSnzOWkoLPzZBxHiWuKWExOL3pQuhjKfJHxh_3KnRDnUh7YPyR_Dq9vvTO_oUyMP4Yo_GMP8Zo_w4AAP__LnHGAg">