[cfe-dev] Static Analyzer false positive looking into impossible branch
Ted Kremenek
kremenek at apple.com
Mon Apr 16 10:24:36 PDT 2012
Top-of-tree doesn't emit a warning for this code. Before we had (basic) inter-procedural analysis, it would be reasonable for the analyzer to warn, since it wouldn't look across logic between function boundaries. Essentially, it would be as if you had written:
#include <stdlib.h>
int never();
int main()
{
void *p = 0;
int n = 0;
if ( never() ) {
p = malloc ( n ); // warning: malloc size 0
free(p);
}
return 0;
}
Now with some basic "inlining" inteprocedural analysis enabled by default many of these false warnings disappear.
On Apr 16, 2012, at 9:33 AM, Sean McBride <sean at rogue-research.com> wrote:
> Hi all,
>
> Is it an expected limitation of the clang static analyzer to warn in the C example below? (This is of course a reduced test case of a real world example.)
>
> -------------
> #include <stdlib.h>
>
> int inline never()
> {
> return 0;
> }
>
> int main()
> {
> void *p = 0;
> int n = 0;
> if ( never() ) {
> p = malloc ( n ); // warning: malloc size 0
> free(p);
> }
>
> return 0;
> }
> -------------
>
> Thanks,
>
> --
> ____________________________________________________________
> Sean McBride, B. Eng sean at rogue-research.com
> Rogue Research www.rogue-research.com
> Mac Software Developer Montréal, Québec, Canada
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list