[cfe-dev] Inconsistent report by ccc-analyzer

Oliver Schneider oliver at f-prot.com
Mon Mar 17 06:07:18 PDT 2014


Hello again,

I think I understand it better now. The function itself was recursive.
The code approximates to:

----
int foobar(ctx_t* ctx, int parent, unsigned int id)
{
    item_t item;
    int index;

    /* some sanity checking removed for brevity */
    item = ctx->items[id];
    if (is_item_empty(&item)) /* function call */
        return false;

    if (ctx->num_refs < ctx->num_items)
    {
        /* assign other ctx_t members */
        ctx->num_refs++;
        index = ctx->num_refs;
    }
    if (ctx->num_refs > ctx->num_items)
        return false;

    if (!foobar(ctx, parent, id1)) /* id1 assigned in if() above */
        return false;
    if (!foobar(ctx, parent, id2)) /* id2 assigned in if() above */
        return false;

    if (barbaz(&item))
    {
        if (!foobar(ctx, index, id3)) /* id3 assigned in if() above */
            return false;
    }
    return true;
}
----

The error was produced on the last recursive call to foobar(), on the
variable named 'index', tracing back to the uninitialized declaration.

However, I think this is a false positive (the first I have found with
ccc-analyzer, unless I have overlooked something here).

Since ctx->num_refs is incremented, the following condition will bail
out and the code couldn't conceivably reach the error location.

Or could it? Am I overlooking something here?

Thanks,

// Oliver

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140317/f5ce21c3/attachment.sig>


More information about the cfe-dev mailing list