search

facebook / infer

A static analyzer for Java, C, C++, and Objective-C
http://fbinfer.com/
MIT License
14.9k stars 2.01k forks source link

A false negative about NULL_DEREFERENCE #1628

Open ghost opened 2 years ago

ghost commented 2 years ago

A very nice and powerful tool! I found an interesting case.

Infer version: 1.1.0 OS version: Ubuntu 20.04 Command:

infer run --pulse -- javac  Test.java

Output:

Capturing in javac mode...
Found 1 source file to analyze in /path/to/infer-out
1/1 [################################################################################] 100% 63.113ms

Code example:

enum Color {
    BLACK,
    WHITE;
}
public class Test {
    Color color = null;
    public String bad() {
        switch (color) {
            case BLACK:
                return "BLACK";
            case WHITE:
                return "WHITE";
            default:
                return "DEFAULT";
        }
    }
}

However, if we move color to bad(), we can get NULL_DEREFERENCE warning:

public String bad() {
    Color color = null;
    switch (color) {
        case BLACK:
            return "BLACK";
        case WHITE:
            return "WHITE";
        default:
            return "DEFAULT";
    }
}