On 08/05/2011 03:47 AM, Eric Blake wrote:
On 08/04/2011 11:14 AM, Alex Jia wrote:
>> Also, how does checking for a non-zero union value prevent a null
>> dereference?
>>
> To be honest, I'm not sure this, however, it's okay for ccc-analyzer if
> I add these judgements,
Is ccc-analyzer different from clang? If so, how can I set it up, to
reproduce the problem you saw?
It may be different, I will tidy up a docs or
resource and then sending
to you.
Regards,
Alex
I previously saw a false positive in one of these functions
(qemudDomainGetMemoryParameters) when using Coverity, but that was
fixed by commit f768b4c3, but Coverity was silent for the other 4
functions you touched. I'm now trying to do a clang run to see if
that differs from Coverity. The Coverity false positive was that our
logic confused the static analyzers:
type var; // uninit
if (flags & _CONFIG)
var = something
if (flags & _LIVE)
do something else
if (flags & _CONFIG)
use var
this pattern was enough to make the analyzers think that var could be
used uninitialized, or initialized to NULL, in a setting where it must
not be NULL; but once you see that it is merely a case of the analyzer
getting it wrong (var is _only_ used under the same conditions where
it was previously assigned earlier on), the solution is to add
sa_assert() hints to the analyzers.
NACK to this patch; we need to get to the real root of why the
analyzers are complaining, and fix the real bug if there is one (but I
didn't see one in my manual inspection), or more likely add
sa_assert() hints to silence the analyzer.