What does Coverity/clang static analysis actually do?

"Jérôme M. Berger" jeberger at free.fr
Fri Oct 2 10:40:14 PDT 2009 

Walter Bright wrote:
> Nick Sabalausky wrote:
>> "Walter Bright" <newshound1 at digitalmars.com> wrote in message
>>> 2. possible dereference of NULL pointers (some reaching definitions 
>>> of a pointer are NULL)
>>> 2. Optimizer collects the info, but ignores this, because people are 
>>> annoyed by false positives.
>>>
>>
>> If you mean something like this:
>>
>> Foo f;
>> if(cond)
>>     f = new Foo();
>> f.bar();
>>
>> Then I *want* the compiler to tell me. C# does this and I've never 
>> been annoyed by it, in fact I've always appreciated it. I'm not aware 
>> of any other C# user that has a problem with that either. If that's 
>> not what you mean though, then could you elaborate?
> 
> The problem crops up when there are two connected variables:
> 
>   void foo(bool flag)
>   {
>     char* p = null;
>     if (flag)
>     p = "hello";
>     ...
>     if (flag)
>     bar(*p);
>   }
> 
> The code is logically correct, there is no null pointer dereference 
> possible. However, the data flow analysis will see the *p and see two 
> reaching definitions for p: null and "hello", even though only one 
> actually reaches.
> 
> Hence the false positive. To eliminate the false error report, the user 
> would have to insert a redundant null check.
> 
> Does this happen in practice? Yes.

	I don't know about Coverity/clang, but I have used Klocwork a 
couple of times and it will work properly in the example you have 
given. I.e it sees that both conditions are linked and that you 
don't use p if you haven't initialized it.

	Of course, if the condition is more complex or if the condition 
might be modified by another thread (even if you know it isn't), 
there comes a point at which it will give a warning.

		Jerome
-- 
mailto:jeberger at free.fr
http://jeberger.free.fr
Jabber: jeberger at jabber.fr

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://lists.puremagic.com/pipermail/digitalmars-d/attachments/20091002/00a11027/attachment.pgp>

More information about the Digitalmars-d mailing list