问题描述
我正在gcc 10上使用-fanalyzer进行实验,并设法在std :: vector中报告了空指针取消引用。但是我不确定我的代码是否有错误?
#include <vector>
class Bar
{
public:
explicit Bar()
{
}
int m_val;
};
int main()
{
std::vector<Bar> a;
std::vector<Bar> b(a);
static_cast<void>(b);
return 0;
}
只有-O2(或-O -O1 -O3)失败
g++-10 -fanalyzer TestVector.cpp -O2
In copy constructor ‘std::vector<_Tp,_Alloc>::vector(const std::vector<_Tp,_Alloc>&) [with _Tp = Bar; _Alloc = std::allocator<Bar>]’:
cc1plus: warning: dereference of NULL ‘__cur’ [CWE-690] [-Wanalyzer-null-dereference]
‘std::vector<_Tp,_Alloc>&) [with _Tp = Bar; _Alloc = std::allocator<Bar>]’: events 1-2
|
|/usr/include/c++/10/bits/stl_vector.h:553:7:
| 305 | { _M_create_storage(__n); }
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘std::_Vector_base<Bar,std::allocator<Bar> >::_M_create_storage’ from ‘std::vector<Bar>::vector’
|......
| 553 | vector(const vector& __x)
| | ^~~~~~
| | |
| | (1) entry to ‘std::vector<Bar>::vector’
|
+--> ‘void std::_Vector_base<_Tp,_Alloc>::_M_create_storage(std::size_t) [with _Tp = Bar; _Alloc = std::allocator<Bar>]’: events 3-5
|
| 346 | return __n != 0 ? _Tr::allocate(_M_impl,__n) : pointer();
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) following ‘false’ branch (when ‘__n == 0’)...
|......
| 359 | _M_create_storage(size_t __n)
| | ^~~~~~~~~~~~~~~~~
| | |
| | (3) entry to ‘std::_Vector_base<Bar,std::allocator<Bar> >::_M_create_storage’
| 360 | {
| 361 | this->_M_impl._M_start = this->_M_allocate(__n);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
|
<------+
|
‘std::vector<_Tp,_Alloc>&) [with _Tp = Bar; _Alloc = std::allocator<Bar>]’: events 6-7
|
| 305 | { _M_create_storage(__n); }
| | ~~~~~~~~~~~~~~~~~^~~~~
| | |
| | (6) returning to ‘std::vector<Bar>::vector’ from ‘std::_Vector_base<Bar,std::allocator<Bar> >::_M_create_storage’
|......
| 558 | std::__uninitialized_copy_a(__x.begin(),__x.end(),| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) ‘<unkNown>’ is NULL
| 559 | this->_M_impl._M_start,| | ~~~~~~~~~~~~~~~~~~~~~~~
| 560 | _M_get_Tp_allocator());
| | ~~~~~~~~~~~~~~~~~~~~~~
|
‘std::vector<_Tp,_Alloc>&) [with _Tp = Bar; _Alloc = std::allocator<Bar>]’: event 8
|
|/usr/include/c++/10/bits/stl_uninitialized.h:90:23:
| 90 | for (; __first != __last; ++__first,(void)++__cur)
| | ~~~~~~~~^~~~~~~~~
| | |
| | (8) following ‘true’ branch...
|
‘std::vector<_Tp,_Alloc>&) [with _Tp = Bar; _Alloc = std::allocator<Bar>]’: event 9
|
|/usr/include/c++/10/bits/stl_iterator.h:980:2:
| 980 | ++_M_current;
| | ^~
| | |
| | (9) ...to here
|
‘std::vector<_Tp,_Alloc>&) [with _Tp = Bar; _Alloc = std::allocator<Bar>]’: event 10
|
|cc1plus:
| (10): dereference of NULL ‘__cur’
|
g++-10 -fanalyzer TestVector.cpp -O0
编译正常。
$ g++-10 --version
g++-10 (Ubuntu 10.1.0-2ubuntu1~18.04) 10.1.0
解决方法
您的代码不承担责任。 GCC是。
某人reported a similar problem on the gcchelp mailing list和the response from Mr Wakely是:
分析器尚不支持C ++是已知的限制。
在我看来,它似乎错误地跟随了“ true”分支,尽管这很有趣,因为条件运算符并非C ++独有。
不幸的是,分析器的这一事实似乎并未得到记录,至少没有where the switch is described。
,但是我不确定我的代码是否有错误?
您的代码很好。
在这种情况下,警告来自标准库。可能有两个原因:标准库实现中有错误,或者警告是误报。