[LLVMbugs] [Bug 11407] New: clang static analyzer assumes differing values for identical conditionals

bugzilla-daemon Sat, 19 Nov 2011 22:35:07 -0800

http://llvm.org/bugs/show_bug.cgi?id=11407


             Bug #: 11407
           Summary: clang static analyzer assumes differing values for
                    identical conditionals
           Product: clang
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]
    Classification: Unclassified


When the same conditional check is encountered on different conditional paths
the value is not remembered between them.

For example the clang static analyzer reports that "return *i;" can be a null
dereference.

#include <stdlib.h>
int main(int argc, char * argv[]) {
    int* i = 0;
    char x = argv[0][0];
    char y = argv[0][1];
    if (x == 'a') {
    if (y == 'b') {
        i = malloc(sizeof(i));
        *i = 4;
    }
    }
    if (y == 'b') {
    return *i;
    }
    return 0;
}

A similar bug can be seen at
http://scan.freebsd.your.org/freebsd-head/games.fortune.fortune/2011-01-29-amd64/report-zKTtHB.html
where #4 and #9 disagree.

%clang --version
FreeBSD clang version 3.0 (trunk 135360) 20110717

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs

[LLVMbugs] [Bug 11407] New: clang static analyzer assumes differing values for identical conditionals

Reply via email to