Static Analyzer false positive looking into impossible branch

Hi all,

Is it an expected limitation of the clang static analyzer to warn in the C example below? (This is of course a reduced test case of a real world example.)

Top-of-tree doesn't emit a warning for this code. Before we had (basic) inter-procedural analysis, it would be reasonable for the analyzer to warn, since it wouldn't look across logic between function boundaries. Essentially, it would be as if you had written:

#include <stdlib.h>

int never();

int main()
{
   void *p = 0;
   int n = 0;
   if ( never() ) {
       p = malloc ( n ); // warning: malloc size 0
       free(p);
   }

   return 0;
}

Now with some basic "inlining" inteprocedural analysis enabled by default many of these false warnings disappear.

Thanks Ted. Current Xcode (4.3.2) does warn. Looking forward to Xcode catching up to ToT! :slight_smile:

FWIW, you can use the open source checker builds and use the set-xcode-analyzer script to get a newer version of the analyzer with this functionality.

It already works as expected if never() has attribute noreturn.

Joerg