[LLVMbugs] [Bug 11407] New: clang static analyzer assumes differing values for identical conditionals
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Sat Nov 19 22:24:16 PST 2011
http://llvm.org/bugs/show_bug.cgi?id=11407
Bug #: 11407
Summary: clang static analyzer assumes differing values for
identical conditionals
Product: clang
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: lists at eitanadler.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
When the same conditional check is encountered on different conditional paths
the value is not remembered between them.
For example the clang static analyzer reports that "return *i;" can be a null
dereference.
#include <stdlib.h>
int main(int argc, char * argv[]) {
int* i = 0;
char x = argv[0][0];
char y = argv[0][1];
if (x == 'a') {
if (y == 'b') {
i = malloc(sizeof(i));
*i = 4;
}
}
if (y == 'b') {
return *i;
}
return 0;
}
A similar bug can be seen at
http://scan.freebsd.your.org/freebsd-head/games.fortune.fortune/2011-01-29-amd64/report-zKTtHB.html
where #4 and #9 disagree.
%clang --version
FreeBSD clang version 3.0 (trunk 135360) 20110717
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list