[cfe-dev] : Analyzer ignoring the effects of a function call?

Anna Zaks ganna at apple.com
Sun Oct 2 21:46:44 PDT 2011


Hi Don,

It would be helpful if you could file bugzilla bug reports for the error messages that you find especially obscure.

Thanks!
Anna.
On Oct 2, 2011, at 5:54 PM, Don Quixote de la Mancha wrote:

> Inside your if statement, a is always 0.  So the expression can be
> simplified to "c = b;".
> 
> I've found clang's static analyzer of immense help with my iPhone App,
> but the messages it presents are sometimes rather obscure in their
> meaning.
> 
> Don Quixote de la Mancha
> quixote at dulcineatech.com
> 
> On Sun, Oct 2, 2011 at 5:48 PM, Arjun Singri <arjunsingri at gmail.com> wrote:
>> But how did it arrive at the conclusion that 'a' was '0' when it is clearly
>> unknown? If I don't provide an intial value for 'a', it still reports the
>> same warning. Does that mean that it is interpreting that 'a' is set to zero
>> inside the function?
>> 
>> On Sun, Oct 2, 2011 at 5:35 PM, John McCall <rjmccall at apple.com> wrote:
>>> 
>>> On Oct 2, 2011, at 4:59 PM, Arjun Singri wrote:
>>> 
>>> I think I am getting a false positive for IdempotentOperationChecker which
>>> is affecting another checker I am writing. Here is the program I am running
>>> the clang analyzer on:
>>> #include<stdio.h>
>>>   int main(void)
>>>   {
>>>       int a = 5;
>>>       int b = 4;
>>>       int c = 10;
>>>       scanf("%d", &a);
>>>       if (a + b == 4) {
>>>           c = a + b;
>>>       }
>>>       return c;
>>>   }
>>> I get:
>>> $clang --analyze d.cpp
>>> 
>>> 
>>> d.cpp:12:15: warning: The left operand to '+' is always 0
>>>         c = a + b;
>>>                         ~  ^
>>> Why is it ignoring the scanf function call? Is this expected because the
>>> analyzer doesn't do inter-procedural analysis? But even then I think it
>>> shouldn't ignore the effects of the function call. Now this is happening
>>> because the LHSVal.isConstant(0) call inside the IdempotentOperationChecker
>>> is evaluating to true.
>>> 
>>> It's not ignoring the scanf call:  if it were, it would think that 'a' was
>>> 5, not 0.  No, here it's presumably analyzing the dominating if condition
>>> and doing basic algebra.
>>> John.
>> 
>> 
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>> 
>> 
> 
> 
> 
> -- 
> Don Quixote de la Mancha
> quixote at dulcineatech.com
> 
>    Custom Software Development for the iPhone and Mac OS X
>    http://www.dulcineatech.com/custom-software-development/
> 
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev




More information about the cfe-dev mailing list