[webkit-dev] Eliminate potential null pointer dereference?
macpherson at chromium.org
Fri Apr 20 11:25:47 PDT 2012
On Fri, Apr 20, 2012 at 11:07 AM, Ryosuke Niwa <rniwa at webkit.org> wrote:
> Is the code reachable? It's quite possible that the code is unreachable and
> therefore there is no way to hit that crash. Without a test, we can't answer
> that question.
That is not rationally true. A test case can show that there is a code
path leading to a null pointer dereference. A test cannot show that
there are no possible code paths that lead to that state. This is
exactly what I was getting at when explaining that the state space of
webkit is too large to test. In this case we don't have a repro case
that leads to that state, but that does not mean that it is not
possible, or that the potential to crash should not be fixed.
More information about the webkit-dev