[cfe-dev] [analyzer] Questions about the null dereference checker
Harald van Dijk via cfe-dev
cfe-dev at lists.llvm.org
Mon Sep 20 05:52:30 PDT 2021
Hi,
On 20/09/2021 13:33, via cfe-dev wrote:
>
> Hi,
>
> Let’s examine this code snippet:
>
> void simply_deref_null() {
>
> int *p = 0;
>
> *p ; // no warning?
>
> *p = 42; // warns!
>
> }
>
> Turns out the NullDereference checker treats the two pointer derefs
> differently.
>
> For simply reading through a null pointer is allowed but storing a
> value is prohibited.
>
> Why don't we prohibit reading through null pointers?
>
Reads through null pointers do trigger the warning as well. However,
there is no read through a null pointer here. Dereferencing a pointer
produces an lvalue, not an rvalue, and discarding an lvalue expression
does not cause a load.
If you change the example to, for example,
int simply_deref_null() {
int *p = 0;
return *p;
}
you will see:
test.cc:3:10: warning: Dereference of null pointer (loaded from variable 'p') [core.NullDereference]
return *p;
^~
Cheers,
Harald van Dijk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20210920/cd126d01/attachment.html>
More information about the cfe-dev
mailing list