Re: Null pointer analysis in C

On Sun, Feb 24, 2008 at 12:04 PM, Naseer <naseer.naseer@gmail.com> wrote:


> What are the issues/problems of Null pointer in C and how they can be
> resolved "statically". i.e. while doing static analysis(compile time)
> how can we find whether a pointer is null or not.


During constant and value-range propagation, the compiler can infer
non-NULL values for a pointer. For instance


*ptr = 4;
if (ptr)
      ....


If the compiler knows that dereferencing a NULL pointer causes the
program to halt with an exception, the if (ptr) will always succeed,
so it can be folded away. In GCC this is performed by the value-range
propagation pass (in gcc/tree-vrp.c if you download the GCC sources).


Another opportunity during constant propagation, happens with code of
the form:


ptr = &var;
if (ptr)
    *ptr = 3;


Assuming that 'var' is a local variable, constant propagation can do
two things here: (1) propagate the value &var to all the uses of
'ptr', (2) realize that 'if (&var)' is always true (since addresses of
local variables are always at an address different than 0).


This has other consequences for variable 'var', since the compiler can
now determine that its address has not been taken, which usually opens
more optimization opportunities for 'var'.


Diego.
[The general problem of telling when a pointer will have a null value
is intractable, but there are certainly lots of useful subcases that
a compiler can catch with dataflow analysis. -John]

Return to the comp.compilers page.
Search the comp.compilers archives again.