Re: Latest SQLite vs. Xcode's Analyze : 61 issues
Re: Latest SQLite vs. Xcode's Analyze : 61 issues
- Subject: Re: Latest SQLite vs. Xcode's Analyze : 61 issues
- From: Dix Lorenz <email@hidden>
- Date: Thu, 13 Sep 2012 09:31:03 +0200
On 13.09.2012, at 01:33, Jens Alfke <email@hidden> wrote:
>> static int sqlite3OsRandomness(sqlite3_vfs *pVfs, int nByte, char *zBufOut){
>> return pVfs->xRandomness(pVfs, nByte, zBufOut);
>> }
>> // Issue: Access to field 'xRandomness' results in a dereference of a null pointer (loaded from variable 'pVfs’)
>
> For example, this warning is only valid if the function is ever called with a NULL pVfs parameter.
That's the difference. The analyzer is saying "This is code that can easily be misused. Consider rewriting it.", not "this code is wrong".
> It’s pretty likely that it’s never called that way.
I prefer interfaces that cannot be misused to "pretty likely currently not being misused". For example if this interface could be changed to pass a reference (no idea if this is C or C++), there would not be the shadow of a doubt that you must pass a valid object. Not only for current code but also for future code or for people who have no experience with sqlite. I have never done anything with sqlite and I have no idea what this function does, how it works, what the parameters mean... But if that parameter was a reference I wouldn't have a choice but pass a valid object.
> (I don’t _think_ the analyzer is smart enough yet to find all the sites where that function is called and check for NULL parameter values; at least not across multiple source files.)
That would lose the ability to future- and idiot-proof your code.
Cheers,
Dix
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden