On 8/11/21 1:47 AM, Jan Engelhardt wrote:
But I have a platform where malloc does set errno on failure, hence I am looking (only) at the -DHAVE_MALLOC_ERRNO=1 configuration and what clang outputs there.
Although the platform's malloc sets errno on failure, the static analyzer incorrectly assumes otherwise. You can work around this problem by compiling with -DHAVE_MALLOC_ERRNO=1 (the default) for the platform, and by running the static analyzer with -DHAVE_MALLOC_ERRNO=0. Or, if it's an absolute requirement to do static analysis and compilation with the same flags and to get 100% clean reports, then use -DHAVE_MALLOC_ERRNO=0 for both compilation and static analysis: although this might lose some errno information at runtime, that's less important than an absolute requirement and it's better than propagating junk errno values. Alternatively, you can write a script to remove the incorrect static-analyzer diagnostic, or simply ignore the diagnostic; this is a very common thing to do in such situations. Of course it would be better if the static analyzer didn't make incorrect assumptions about the underlying platform. A bug report to the Clang maintainers would be in order, if this problem is sufficiently annoying. There's nothing unusual about this sort of thing. I've run many static analyses using Coverity, GCC, Clang, etc. and there are almost invariably glitches where static analysis issues false alarms. And although I've sent in my fair share of bug reports, this area continues to be buggy. The thing to remember in cases like these is that static analysis should be one's servant, not one's master.