[cfe-dev] Clang SA false positive

Gábor Horváth via cfe-dev cfe-dev at lists.llvm.org
Mon Oct 19 06:25:23 PDT 2015


2015. okt. 19. du. 3:14 ezt írta ("Daniel Marjamäki" <
Daniel.Marjamaki at evidente.se>):
>
>
>
> Hello!
>
>
>
> In my humble opinion that is a genuine false positive.
>
>
>
> Unless we can see that printInt modifies zero, we should not write a
warning. I would assume that external functions are “well behaved”.
>
>
>
> Ø  Why? Because even though it is static and printInt should not be able
to modify it, printInt might be able to call into another function which
can modify the value of zero.
>
>
>
> Then the translation unit would have to for instance have a globally
accessible function that modifies zero.
>
>

Checking whether a globally available function can modify the static
variable sounds like a good idea. I think it might worth a patch, to
preserve the value in this case.

>
> As I see it.. we know that zero is not modified neither
directly/indirectly by printInt if the provided code is the entire TU.
>
>
>
> Best regards,
>
> Daniel Marjamäki
>
>
>
>
>
>
>
>
>
>
>
> On 19 October 2015 at 13:13, Bhargava Shastry via cfe-dev <
cfe-dev at lists.llvm.org> wrote:
>
> Hi All,
>
> I came across a curious pattern of FPs while evaluating Clang SA:
>
> $ cat garbageread-fp.c
> 1. extern void printInt(int x); // prints int
> 2.
> 3. static int zero = 0;
> 4.
> 5. void f() {
> 6.   int x;
> 7.   if (zero != 0)
> 8.        printInt(0); // dead code
> 9.   else
> 10.        x = 0;
> 11.  if (zero == 0) {
> 12.        if (!x)
> 13.                printInt(x);
> 14.   }
> 15. }
>
> $ clang --analyze garbageread-fp.c
> garbageread-fp.c:12:8: warning: Branch condition evaluates to a garbage
> value
>         if (!x)
>             ^~
> 1 warning generated.
>
> I have uploaded an html report here: http://output.jsbin.com/jiqewevihi
>
> Why does Clang SA forget the constraint down the execution path?
>
> Notes:
> 1. Replacing static with extern retains the FP.
> 2. The FP has something to do with function inlining. Replacing printInt
> with standard library function makes the FP go away!
>
> Regards,
> Bhargava
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20151019/01d6ed59/attachment.html>


More information about the cfe-dev mailing list