False null pointer error on refined condition

Quuxplusone commented 10 years ago


Bugzilla Link	PR18559
Status	NEW
Importance	P normal
Reported by	Dominik Strasser (dominik.strasser@onespin-solutions.com)
Reported on	2014-01-20 10:17:50 -0800
Last modified on	2014-01-21 02:56:14 -0800
Version	trunk
Hardware	PC Windows NT
CC	jrose@belkadan.com, llvm-bugs@lists.llvm.org
Fixed by commit(s)
Attachments	`e.C` (334 bytes, application/octet-stream)
Blocks
Blocked by
See also

Created attachment 11907
Testcase

In the attached testcase, the clang static analyzer complains about a null
pointer, however the pointer can't be null.

Quuxplusone commented 10 years ago

Attached e.C (334 bytes, application/octet-stream): Testcase

Quuxplusone commented 10 years ago

This seems perfectly reasonable. How does the analyzer know that eh.xyz() returns a non-null pointer?

Quuxplusone commented 10 years ago

I agree with you, now looking deeper into the problem. What confused me is the
fact that the
    if (p1 != 0)
makes the analyzer emit the message. Omitting the if-clause apparently makes
the analyzer think that p1 never can be NULL. Of course the if clause is only
for the fact that mem is false but this is too much for a static analyzer tool.

Quuxplusone / LLVMBugzillaTest

False null pointer error on refined condition #18558