Open Quuxplusone opened 13 years ago
Attached report-oLS9I0.html
(151301 bytes, text/html): html report from clang, with false claim of a null dereference
Attached cgroup.i
(209015 bytes, text/plain): preprocessed file that triggered the false analysis
Attached TrimmedGRExprEngine.pdf
(182866 bytes, application/pdf): GraphViz visualization of trimmed exploded graph
The culprit is:
492 rc = virCgroupPathOfController(group, i, "", &path);
Here 'group' is passed to virCgroupPathOfController. Because the analyzer doesn't know the effects of that function, it assumes that all the fields pointed to by 'group' can be modified, and thus invalidates any assumptions. Without inter-procedural analysis or a more relaxed heuristic, there is no way for the analyzer to know that the fields are unmodified.
Thanks. I suppose marking the argument as a const pointer (if that doesn't have knock-on effects) or adding an assert that the parameter is still null after the function will be enough information to feed the analyzer enough additional information that the function call did not change the groups pointer.
(In reply to comment #4)
> Thanks. I suppose marking the argument as a const pointer (if that doesn't
> have knock-on effects) or adding an assert that the parameter is still null
> after the function will be enough information to feed the analyzer enough
> additional information that the function call did not change the groups
> pointer.
Adding 'const' doesn't appear to do the trick. That's something we should fix.
Adding the assertion should work.
report-oLS9I0.html
(151301 bytes, text/html)cgroup.i
(209015 bytes, text/plain)TrimmedGRExprEngine.pdf
(182866 bytes, application/pdf)