[llvm-bugs] [Bug 36023] New: False positive / hidden assumption on separate tests of static variable
via llvm-bugs
llvm-bugs at lists.llvm.org
Sat Jan 20 03:06:50 PST 2018
https://bugs.llvm.org/show_bug.cgi?id=36023
Bug ID: 36023
Summary: False positive / hidden assumption on separate tests
of static variable
Product: clang
Version: 5.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: achurch+llvm at achurch.org
CC: llvm-bugs at lists.llvm.org
scan-build (clang 5.0.1) reports a null dereference at the marked line in this
code:
---------------- test.c ----------------
static int n = 1;
extern void bar(void);
void foo(void)
{
int *p;
if (n > 0) {
p = &n;
} else {
p = 0;
}
bar();
for (int i = 0; i < n; i++) {
*p += i; // False positive assuming n is not externally modified.
}
}
----------------------------------------
If n is declared locally in foo() (whether static or not) or if I remove the
bar() call, the error is not reported, which makes me think that the analyzer
is assuming bar() could modify the value of n. However, clearly the address of
n can never escape this file, so at least in this case the assumption is
clearly unwarranted. Even if the file was sufficiently complex that the
analyzer couldn't make that determination, I think it would be sensible to have
the analyzer explicitly state the assumption that bar() is modifying the value
of n in its report, because otherwise it just looks like an analyzer bug.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180120/144b3673/attachment.html>
More information about the llvm-bugs
mailing list