[cfe-dev] static analyzer false positive due to logic error

Jordan Rose jordan_rose at apple.com
Mon Apr 15 11:17:12 PDT 2013

On Apr 15, 2013, at 10:59 , Dennis Cote <DennisC at harding.ca> wrote:

> Hi,
> I have a case where the static analyzer produced a false positive report of a null pointer dereference. I am reporting this because it seems to indicate an error in the logic of the checker. It has assumed two different values for the same variable at different points along the path is used to generate the report.
> I have copied the relevant section of the HTML report below. At step 1 it assumes Cept_configuration is not null. At step 15 it assumes the same variable is now null (i.e. in contradiction to its previous assumption). This variable is not modified by the code between these two points. The reported error at step 18 is a direct result of the incorrect assumption at step 15.

Hi, Dennis. Your HTML got pretty mangled in my mail client, but I would guess your problem is that Cept_configuration is a global variable. Because of this, the analyzer can't actually be sure that none of the functions you call between step 1 and step 15 aren't going to modify it. It looks like you can't just make the global variable const, so you'll probably have to introduce a local variable to let the analyzer know what's going on.

We've had reports like this before, but until we have some notion of function summaries / whole-program analysis, we're not going to be able to do much here. And that's a big project, so...well, don't hold your breath.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130415/4a78cb9b/attachment.html>

More information about the cfe-dev mailing list