GCC --Wanalyzer-null-dereference false negative with `*p = 42`

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

3 stars 1 forks source link

GCC --Wanalyzer-null-dereference false negative with `*p = 42` #52

Closed 0-0x41 closed 1 year ago

0-0x41 commented 1 year ago

date: 2023-1-23 commit: 8c8ca873216387bc26046615c806b96f0345ff9d args: -O0 -fanalyzer test:

void __analyzer_eval();

int f()
{
    int b[1] = {0};
    int *c = &b[0];
    if (c == &b[0])
    {
        int *p = (int *)0;

        __analyzer_eval(((c) + 1) == ((&b[0]) + 1));
        if (((c) + 1) == ((&b[0]) + 1))
        {
            *p = 42;
        }

        __analyzer_eval(((c) + 2) == ((&b[0]) + 2));
        if (((c) + 2) == ((&b[0]) + 2))
        {
            *p = 42;
        }
    }
}

report: fix: original:

0-0x41 commented 1 year ago

Under the dynamic execution of this case, the result of __analyzer_eval(((c) + 1) == ((&b[0]) + 1)) and __analyzer_eval(((c) + 2) == ((&b[0]) + 2)) are TRUE. However, analyzer gives FALSE, which caused analyzer don't generate an NPD warning. See it live: https://godbolt.org/z/E4666Ger1

0-0x41 commented 1 year ago

duplicate of https://github.com/Geoffrey1014/SA_Bugs/issues/55