[LLVMbugs] [Bug 6843] New: analyzer not considering unsignedness of temporary unsigned ints
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Apr 15 02:14:00 PDT 2010
http://llvm.org/bugs/show_bug.cgi?id=6843
Summary: analyzer not considering unsignedness of temporary
unsigned ints
Product: clang
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: jultay108 at googlemail.com
CC: llvmbugs at cs.uiuc.edu
when comparing a temporary unsigned integer in a if clause the analyzer does
not consider the unsignedness and checks impossible branches.
testcase:
called with:
scan-build gcc test.c
(svn 101237 debug mode)
#include <stdlib.h>
#include <stdio.h>
unsigned int f(void)
{
return 2u;
}
int main(void)
{
int * a = NULL;
unsigned int count = f();
// always true even if it overflows
if ((count + 1u) >= 0u) {
a = malloc(sizeof(int));
if (a == NULL)
return 0;
*a = 1;
}
// analyzer gives NULL dereference warning
printf("%d\n", *a);
return 0;
}
it only occurs if the value in the if is a temporary
e.g.
count = f() + 1u;
if (count >= 0u) {
correctly handles the the always true if
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list