null pointer warning

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

null pointer warning

Chris Lattner
Hi All,

I'm trying to implement a warning for PR7569, patch attached:




The problem is that in SemaExpr, I don't know the surrounding context for a dereference, causing the warning to trigger on cases like this:

  void* t3 = &(*(void*)0);

While this is technically a null pointer dereference, warning about this isn't particularly useful.

Is there a better place to slot this into Sema?  I didn't follow the warning work John did, but it seems like it must have had to solve similar problems.

-Chris
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

null-pointer-warning.patch (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: null pointer warning

John McCall
On Jul 5, 2010, at 12:20 PM, Chris Lattner wrote:
> Is there a better place to slot this into Sema?  I didn't follow the warning work John did, but it seems like it must have had to solve similar problems.

CheckImplicitConversions triggers on a full-expression and walks the entire expression tree, but it does so for much better reasons.  I think what you really want to do is to hook the lvalue-to-rvalue conversion;  I'm not sure if there's a single point where that happens, though.

Presumably you also want to not warn on
  int &ref = *(int*) 0;
?

John.
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: null pointer warning

Chris Lattner

On Jul 5, 2010, at 1:35 PM, John McCall wrote:

> On Jul 5, 2010, at 12:20 PM, Chris Lattner wrote:
>> Is there a better place to slot this into Sema?  I didn't follow the warning work John did, but it seems like it must have had to solve similar problems.
>
> CheckImplicitConversions triggers on a full-expression and walks the entire expression tree, but it does so for much better reasons.  I think what you really want to do is to hook the lvalue-to-rvalue conversion;  I'm not sure if there's a single point where that happens, though.
>
> Presumably you also want to not warn on
>  int &ref = *(int*) 0;
> ?

After discussion, it turns out that this is a lot harder than it should be.  Instead of handling the general case, I just ended up doing a syntactic check in r107756.  The static analyzer already handles the more complex cases in a far more general way, let it do its job :)

Thanks John,

-Chris
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev