<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>On Oct 2, 2011, at 4:59 PM, Arjun Singri wrote:</div><blockquote type="cite"><div>I think I am getting a false positive for IdempotentOperationChecker which is affecting another checker I am writing. Here is the program I am running the clang analyzer on:</div><div><br></div><div><div>
<div>#include<stdio.h></div><div><br></div><div> int main(void)</div><div> {</div><div> int a = 5;</div><div> int b = 4;</div><div> int c = 10;</div><div><br></div><div> <b> scanf("%d", &a);</b></div>
<div><b><br></b></div><div> if (a + b == 4) {</div><div> c = a + b;</div><div> }</div><div> return c;</div><div> }</div></div></div><div><br></div><div>I get:</div><div><br></div><div>
<div><font face="'courier new', monospace">$clang --analyze d.cpp </font></div>
<div><font face="'courier new', monospace"><br></font></div><div><span class="Apple-style-span" style="font-family: 'courier new', monospace; "><b>d.cpp:12:15: warning: The left operand to '+' is always 0</b></span></div>
<div><font face="'courier new', monospace"><b> c = a + b;</b></font></div><div><span> </span><span style="font-family:'courier new', monospace">~</span><span> </span><span style="font-family:'courier new', monospace">^</span></div>
</div><div>Why is it ignoring the scanf function call? Is this expected because the analyzer doesn't do inter-procedural analysis? But even then I think it shouldn't ignore the effects of the function call. Now this is happening because the LHSVal.isConstant(0) call inside the IdempotentOperationChecker is evaluating to true. </div>
</blockquote><br></div><div>It's not ignoring the scanf call: if it were, it would think that 'a' was 5, not 0. No, here it's presumably analyzing the dominating if condition and doing basic algebra.</div><div><br></div><div>John.</div><br></body></html>