[cfe-dev] [analyzer] Global vs Local null-pointer dereferencing?
Denis Petrov via cfe-dev
cfe-dev at lists.llvm.org
Tue May 26 06:11:07 PDT 2020
Run clang --analyze on these two code snippets:
global ptr:
int *x = 0;
void foo() {
int y = *x;
}
local ptr:
void foo() {
int *x = 0;
int y = *x;
}
I met a weird result.?
The global version does not generate a warning like the local one does?
test.cpp:3:11: warning: Dereference of null pointer (loaded from variable 'x') [core.NullDereference]
?Another observation is that for the global verion analyzer does not handle init expression (int *x = 0;), but for the local one it does. Therefore it stores x as &SymRegion{reg_$0<int * x>} for the global and 0 for the local.
Example graphs attached.
Who can explain why it is so?
?
________________________________
Denys Petrov
Senior ะก++ Developer | Kharkiv, Ukraine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200526/e46cddff/attachment-0003.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200526/e46cddff/attachment-0004.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200526/e46cddff/attachment-0005.html>
More information about the cfe-dev
mailing list