What does Coverity/clang static analysis actually do?
Walter Bright
newshound1 at digitalmars.com
Thu Oct 1 14:02:17 PDT 2009
Nick Sabalausky wrote:
> "Walter Bright" <newshound1 at digitalmars.com> wrote in message
>> 2. possible dereference of NULL pointers (some reaching definitions of a
>> pointer are NULL)
>> 2. Optimizer collects the info, but ignores this, because people are
>> annoyed by false positives.
>>
>
> If you mean something like this:
>
> Foo f;
> if(cond)
> f = new Foo();
> f.bar();
>
> Then I *want* the compiler to tell me. C# does this and I've never been
> annoyed by it, in fact I've always appreciated it. I'm not aware of any
> other C# user that has a problem with that either. If that's not what you
> mean though, then could you elaborate?
The problem crops up when there are two connected variables:
void foo(bool flag)
{
char* p = null;
if (flag)
p = "hello";
...
if (flag)
bar(*p);
}
The code is logically correct, there is no null pointer dereference
possible. However, the data flow analysis will see the *p and see two
reaching definitions for p: null and "hello", even though only one
actually reaches.
Hence the false positive. To eliminate the false error report, the user
would have to insert a redundant null check.
Does this happen in practice? Yes.
More information about the Digitalmars-d
mailing list