[cfe-dev] Bug: Unexpected dereference claim on --analyze
Anna Zaks
ganna at apple.com
Fri Dec 2 13:56:20 PST 2011
The analyzer tries to flag the issues which most likely are bugs. (If we restrict to only warning about definite bugs, it would miss a bunch of real bugs.)
In your example, you only get the warning when the function contains the check: (t->root != 0). The reasoning here is that the programmer added this check because there is a possibility of t->root to be 0. If t->root might be 0, you probably only want to dereference it if it's not 0. I suspect that the dereference checker has special heuristic which helps it to identify this case.
Cheers,
Anna.
On Dec 2, 2011, at 1:37 PM, Jan Engelhardt wrote:
>
>
> Observed output:
> ===
> clang-case2.c:17:11: warning: Access to field 'child' results in a dereference
> of a null pointer (loaded from field 'root')
> t->root->child = 0;
> ~~~~ ^
> 1 warning generated.
>
>
> Expected output:
> ===
> None. There is no way to say with absolute confidence that t->root is
> always NULL or never NULL.
>
>
> Testcase:
> ===
> /*
> SUSE Linux clang version 3.0 (branches/release_30 142912) (based on LLVM 3.0)
>
> clang --analyze this
> */
> struct node {
> struct node *child;
> };
> struct tree {
> struct node *root;
> };
> static void add(struct tree *t)
> {
> #if 1 /* generate warning */
> t->root != 0;
> #endif
> t->root->child = 0;
> }
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list