Created attachment 1987 [details] Contains a single short instance method that produces a false dead store The static analyzer finds dead stores, which it thinks are dead due to a later assignment that can't be reached because the first assignment is always followed by a branch that misses the second. I expect this is a more general problem untangling code paths, but this is a good illustration. checker-85 (2008-08-28 14:46:11) Mac OS X 10.5.4 Attached is a small objc method that reproduces a false dead store positive. It's derived from a larger example and probably doesn't make a great deal of sense from a semantic point of view. The gist is that the loop counter "index" is incremented by one or more on each iteration. I can make this a standalone example if you'd prefer, or you can just drop this code into any Foundation based class implementation you have lying about.
This was a low-level CFG bug. It's quite startling it wasn't discovered earlier. Fixed: http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20080901/007420.html Will roll into checker-89 (building right now).
Integrated into checker-89.
Tom: Can you verify that this change removes these idiomatic false positives from your code?
Ted asked me to "verify that this change removes these idiomatic false positives", which it in fact it does (hooray!) so I'm setting the status to "Verify". Hope that's the correct step for me.
Thanks Tom!