Jordy,
using “L” for the value of strlen(),
and “min(L,10)” for the value of strnlen(,10)
in general we know
L >= 0
in the then-clause of the if-statement we know this additional relation
min(L,10) != L
from which a good algebraic system might choose to simplify to
L > 10
and that’s about all. its a constraint, not a value.
I am guessing you already knew that, and your post results from the
static analyzer trying use a different form of reasoning, a different
algorithm. But I believe the above is the most mathematically complete
information that can be derived from the situation, anything else (like
“conjured values”, what ever that means) will necessarily involve
creating and propagating false information.
for the second example, being after the first if-statement is like being
in its else-clause, so we have
min(L,10) >= 5
again a good algebraic system might want to simplify this to
L >= 5
feeding that into the second if-statement conditional we get
min( (L >= 5), 10 ) < 5
which a good algebraic system should evaluate to false, which
should eliminate the false-positive null-pointer warning. Notice that
this conclusion is arrived at without any “conjured values” (whatever that
means).
but that is only if your system propagates “constraints”, not just “values”,
and as I have spent most of my recent past working with llvm-ir rather
than clang, I await your enlightened response…
sincerely,
Peter Lawrence.