search

Geoffrey1014 / SA_Bugs

record bugs of static analyzers
3 stars 1 forks source link

GSA does not make the assumption that a pointer `p` to a variable `a`is not NULL #57

Closed Geoffrey1014 closed 1 year ago

Geoffrey1014 commented 1 year ago

date: 2022-12-10 commit: 8c8ca873216387bc26046615c806b96f0345ff9d args: -fanalyzer test:

#include "stdio.h"
extern void __analyzer_describe ();
extern void __analyzer_eval ();
extern void __analyzer_dump ();

void foo(int* c )
{
    int** p = &c;
    int a = (int) p;
    int **b = (int **)a;
    __analyzer_dump ();
    __analyzer_eval (a == 0);
    __analyzer_describe(0,a);

    if(0 == c){        
        __analyzer_eval (b == a);
        __analyzer_eval (p == a);
        __analyzer_eval (b == p);

        __analyzer_eval (b == 0);

        __analyzer_eval (a == &c);
        **b = 1;
        // **(int**)a = 1;
        __analyzer_describe(0,**b);
        __analyzer_dump ();
    }
}

report: fix: original:

Geoffrey1014 commented 1 year ago

GSA does not make the assumption that a pointer p to a variable a is not NULL GSA: https://godbolt.org/z/zWTj14E1b CSA: https://godbolt.org/z/q9TcTPveW

equivalent: GSA:https://godbolt.org/z/65qWv6odq ; duplicate of https://github.com/Geoffrey1014/SA_Bugs/issues/11 CSA: https://godbolt.org/z/fqGqb7aYn