http://llvm.org/bugs/show_bug.cgi?id=14784
Bug #: 14784
Summary: Analysis result depends on used integer type
Product: clang
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Classification: Unclassified
Created attachment 9794
--> http://llvm.org/bugs/attachment.cgi?id=9794
Minimal test case
I stumbled upon an interesting false positive today in some memory allocation
code.
The code uses a struct with a size field and a memory field. It is written such
that the size is only zero when no memory has been allocated yet.
The analyzer complains that the memory could be NULL when a resize function is
called and decides do nothing, because the memory already has the correct size.
This could only happen if the requested size is zero, which is explicitly
checked for.
The curious thing is that the analyzer only produces a diagnostic when the
integer conversion rank of the size field is lower than that of an unsigned
int.
I'm attaching a test case which is as minimal as I managed to get it.
With clang 3.2 as well as trunk I get a diagnostic when using a uin16_t as the
size field, but none when using a uint32_t (or larger).
I have not yet ruled out that this is a true positive and I'm completely
overlooking something, but having played with this quite a bit it seems
suspicious.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
