<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - clang-static-analyzer performs invalid range analysis with bitwise operators"
   href="https://bugs.llvm.org/show_bug.cgi?id=43469">43469</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>clang-static-analyzer performs invalid range analysis with bitwise operators
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dcoughlin@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>zturner@google.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre><a href="https://gcc.godbolt.org/z/c4Rbhl">https://gcc.godbolt.org/z/c4Rbhl</a>

Given the code:

void foo(int count)
{
    char data[1024];
    assert(count <= 1024);

    int count_aligned = (count + 15) & ~15;
    assert(count_aligned >= count);

    for (int i = 0; i < count_aligned; ++i)
        data[i] = 1;

    for (int i = 0; i < count; ++i)
        if (data[i] != 1)
            break;
}

static analyzer is unable to deduce that count_aligned >= count.  This results
in:
warning: The left operand of '!=' is a garbage value
        if (data[i] != 1)

This in and of itself is not super surprising, because static range analysis
can be difficult (although there *are* well known results with respect to range
analysis involving bitwise operators, so this case is solvable).  What is
surprising is that no amount of hints can convince static analyzer that this
code is safe.  For example, the assert there does not silence the warning. 
Even if I wrap the second loop in a conditional such as:

if (count_aligned >= count) {
    for (int i = 0; i < count; ++i)
        if (data[i] != 1)
            break;
}

it *still* does not silence the warning.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>