[LLVMbugs] [Bug 18491] New: Member variable initialization not tracked after object construction

Wed Jan 15 11:44:12 PST 2014

http://llvm.org/bugs/show_bug.cgi?id=18491

            Bug ID: 18491
           Summary: Member variable initialization not tracked after
                    object construction
           Product: clang
           Version: 3.3
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: aburnson at museami.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 11876
  --> http://llvm.org/bugs/attachment.cgi?id=11876&action=edit
Minimal case showing false positive

The attached test case is from a stripped down reference-counting class. The
issue
appears to be that the true value of ReferenceCount is not tracked properly
following the construction of its parent. This causes a false positive "Use of
memory after it is freed." See the comment and commented out line below for an
example of how the variable can be hinted to cause the static analyzer to see
the true value.

$ c++ --version
Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn)
Target: x86_64-apple-darwin13.0.0
Thread model: posix

$ c++ --analyze AnalyzerError.cpp
AnalyzerError.cpp:43:5: warning: Use of memory after it is freed
    Reference->ReferenceCount--;
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140115/95e03afc/attachment.html>