[LLVMbugs] [Bug 7758] New: false positive null pointer analysis

[bugzilla-daemon at llvm.org]

http://llvm.org/bugs/show_bug.cgi?id=7758

           Summary: false positive null pointer analysis
           Product: clang
           Version: 2.7
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: eblake at redhat.com
                CC: llvmbugs at cs.uiuc.edu


Created an attachment (id=5289)
 --> (http://llvm.org/bugs/attachment.cgi?id=5289)
html report from clang, with false claim of a null dereference

Using scan-build from clang-2.7-5.fc13.i686 on Fedora 13 to compile libvirt, I
found a false positive.  The attached html file claims at step 14 that the code
is passing a potentially NULL argument to strcmp.  However, that claim is
invalid.

At point 14, the two arguments to strcmp are group->controllers[i].mountPoint
(guaranteed non-NULL, due to line 489-490 earlier in the function) and
group->controllers [VIR_CGROUP_CONTROLLER_MEMORY].mountPoint (guaranteed
non-NULL, due to line 518 earlier in the same conditional).

I'm wondering ifthe clang analyzer is getting confused when the iteration hits
i == 3 == VIR_CGROUP_CONTROLLER_CPUSET, and failing to realize that the
assumption of point 12 of the analysis (assuming that
group->controllers[VIR_CGROUP_CONTROLLER_CPUSET].mountPoint is NULL) was
already disproved at point 8 (group->controllers[i].mountPoint is non-NULL);
once you re-introduce a bogus assumption at point 12, that would explain the
complaint at point 14.

I'm also attaching the preprocessed input that the html report was generated
from.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.