[cfe-dev] clang static analyzer checker for unreachable code

Stefan Ciobaca via cfe-dev cfe-dev at lists.llvm.org
Wed Jul 19 02:54:38 PDT 2017


Dear cfe-dev,

I am testing out the alpha.deadcode.UnreachableCode checker and I have
found an interesting case where it fails to find an unreachable block. Here
is the minified version of the code:

void f()
{
  int *i = new int;
  if (!i) {
    return; // this code is unreachable ("new" throws an exception if not
enough memory)
  }
  for (int j = 0; j < 4; ++j) {
  }
}

I'm running the analyzer with "clang -cc1  -analyze
-analyzer-checker=alpha.deadcode.UnreachableCode f.cpp".

If I decrease the loop boundary as follows:

void f()
{
  int *i = new int;
  if (!i) {
    return;
  }
  for (int j = 0; j < 3; ++j) { // NOTE: changed 4 to 3
  }
}

then the CSA reports the unreachable code correctly:

f.cpp:5:5: warning: This statement is never executed
    return;
    ^~~~~~
1 warning generated.

I suspect that the problem is due to the default unrolling depth of loops
during analysis, but I don't understand how exactly this unrolling
interacts with the unreachable code checker.

Could anyone confirm if this is the expected behavior (known limitation) of
the checker or if this is a bug?

Best,
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170719/d3203a85/attachment.html>


More information about the cfe-dev mailing list