Am Mittwoch, den 23.09.2015, 20:34 -0400 schrieb Rich Felker:
> On Wed, Sep 23, 2015 at 10:02:51PM +0200, Jens Gustedt wrote:
> > The one in pthread_create I always struggle with. I remember that I
> > had myself once convinced (or was it you?) that the bad case can't
> > happen, but I was not able to reproduce the argument spontaneously.
> 
> From my perspective, this one is simply a bug in the static analysis.
> At line 218, pointer arithmetic was performed on `stack` to get `tsd`.
> If `stack` were null this would be UB, and if `stack` is not null then
> you cannot get a null pointer without the arithmetic having invoked
> UB, so you can conclude that `tsd` is not null.

I wouldn'd call this a bug. This also assumes that the analyser has do
"know" from somewhere that `stack` is a pointer that is sufficiently
far from the 0 address, so the result of the arithmetic can never be a
0 valued pointer.

So the problem here is that we use a pointer value that is the result
of arithmetic to hold the state of a conditional execution.

AFAICS, we could completely avoid that by placing a goto after line
220 to jump to line 251. Then the initialization of tsd and the `if
(!tsd)` conditional (not the code inside) could be omitted.

Jens


-- 
:: INRIA Nancy Grand Est ::: Camus ::::::: ICube/ICPS :::
:: ::::::::::::::: office Strasbourg : +33 368854536   ::
:: :::::::::::::::::::::: gsm France : +33 651400183   ::
:: ::::::::::::::: gsm international : +49 15737185122 ::
:: http://icube-icps.unistra.fr/index.php/Jens_Gustedt ::