cppcheck icon indicating copy to clipboard operation
cppcheck copied to clipboard
verified publisher icon danmar

Fix #14308 FP nullPointerRedundantCheck with pointer reference parameter (*&)

Open chrchr-github opened this issue 3 months ago • 7 comments

chrchr-github avatar Dec 05 '25 15:12 chrchr-github

This is not really the correct fix. ValueFlowForward will check for variable changes.

The problem is that this comes from reverse analysis, so we need to traverse the subfunction in reverse as well. We don't really have a way to do that but we can skip the values that come from reverse analysis for now though.

pfultz2 avatar Dec 06 '25 14:12 pfultz2

[...] but we can skip the values that come from reverse analysis for now though.

And how would we do that? Mark the values somehow?

chrchr-github avatar Dec 06 '25 18:12 chrchr-github

[...] but we can skip the values that come from reverse analysis for now though.

And how would we do that? Mark the values somehow?

You could check the tokvlaue, but it is a little hacky how we use that for the starting point (I would like to add an origin field for this instead).

Another way is to mark them but we need to mark when it goes reverse and forward as we do forward analysis from reverse analysis so the state would need to switch back. It should probably be an enum of Forward. Reverse, and Unknown.

pfultz2 avatar Dec 06 '25 23:12 pfultz2

Another way is to mark them but we need to mark when it goes reverse and forward as we do forward analysis from reverse analysis so the state would need to switch back. It should probably be an enum of Forward. Reverse, and Unknown.

There seem to be many places where values flow forward, so I haven't implemented the switching logic. We also have no tests that require it yet.

chrchr-github avatar Dec 12 '25 09:12 chrchr-github

We could set the the direction of the value in the update method in the analyzer. That might be simpler than trying to do it for every forward.

pfultz2 avatar Dec 13 '25 21:12 pfultz2

We could set the the direction of the value in the update method in the analyzer. That might be simpler than trying to do it for every forward.

I have tried that, but unless Reverse is set in makeReverseAnalyzer(), the FP still occurs. Maybe update() is not called for the value in question?

chrchr-github avatar Dec 14 '25 09:12 chrchr-github

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Dec 14 '25 09:12 sonarqubecloud[bot]