https://bugs.llvm.org/show_bug.cgi?id=36023
Bug ID: 36023
Summary: False positive / hidden assumption on separate tests
of static variable
Product: clang
Version: 5.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
Assignee: dcough...@apple.com
Reporter: achurch+l...@achurch.org
CC: llvm-bugs@lists.llvm.org
scan-build (clang 5.0.1) reports a null dereference at the marked line in this
code:
---------------- test.c ----------------
static int n = 1;
extern void bar(void);
void foo(void)
{
int *p;
if (n > 0) {
p = &n;
} else {
p = 0;
}
bar();
for (int i = 0; i < n; i++) {
*p += i; // False positive assuming n is not externally modified.
}
}
----------------------------------------
If n is declared locally in foo() (whether static or not) or if I remove the
bar() call, the error is not reported, which makes me think that the analyzer
is assuming bar() could modify the value of n. However, clearly the address of
n can never escape this file, so at least in this case the assumption is
clearly unwarranted. Even if the file was sufficiently complex that the
analyzer couldn't make that determination, I think it would be sensible to have
the analyzer explicitly state the assumption that bar() is modifying the value
of n in its report, because otherwise it just looks like an analyzer bug.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
