<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [Analyzer] DivideZero warning affected by unrelated code"
href="https://bugs.llvm.org/show_bug.cgi?id=51950">51950</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[Analyzer] DivideZero warning affected by unrelated code
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Windows NT
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Static Analyzer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>dcoughlin@apple.com
</td>
</tr>
<tr>
<th>Reporter</th>
<td>tauchris@utexas.edu
</td>
</tr>
<tr>
<th>CC</th>
<td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=25287" name="attach_25287" title="Reproducer">attachment 25287</a> <a href="attachment.cgi?id=25287&action=edit" title="Reproducer">[details]</a></span>
Reproducer
I have a reproducer (shown below) that triggers a true positive
[core.DivideZero] warning at line 25 -- But *only* if the seemingly unrelated
empty loop at line 22 is present in the code. If the empty loop is commented
out, the [core.DivideZero] warning disappears.
The reproducer:
CMD> cat -n reduced5.c
1 typedef struct {
2 int c;
3 } TA;
4 typedef struct {
5 int e;
6 TA f;
7 } TB;
8 typedef struct {
9 int h;
10 } TC;
11 void j(TC *);
12 struct TD *l(TB *m) {
13 int n = m->e / 40;
14 int c = m->f.c;
15 int h = c * n;
16 struct TD *o = 0;
17 TC p;
18 for (; h;)
19 ;
20 j(&p);
21 // DivideZero warning @25 somehow depends on this unrelated empty
loop
22 for (int q = 0; q < c; q++) { }
23 int ant;
24 for (int job = 0; p.h;)
25 ant = job / n;
26 (void)ant;
27 return o;
28 }
The run command and analyzer output, with line 22 present:
CMD> clang -Xanalyzer -analyzer-werror -Xanalyzer -analyzer-output=text
--analyze reduced5.c
reduced5.c:25:15: error: Division by zero [core.DivideZero]
ant = job / n;
~~~~^~~
reduced5.c:13:3: note: 'n' initialized here
int n = m->e / 40;
^~~~~
reduced5.c:18:3: note: Loop condition is false. Execution continues on line
20
for (; h;)
^
reduced5.c:22:19: note: Assuming 'q' is < 'c'
for (int q = 0; q < c; q++) { }
^~~~~
reduced5.c:22:3: note: Loop condition is true. Entering loop body
for (int q = 0; q < c; q++) { }
^
reduced5.c:22:19: note: Assuming 'q' is >= 'c'
for (int q = 0; q < c; q++) { }
^~~~~
reduced5.c:22:3: note: Loop condition is false. Execution continues on line
23
for (int q = 0; q < c; q++) { }
^
reduced5.c:24:3: note: Loop condition is true. Entering loop body
for (int job = 0; p.h;)
^
reduced5.c:25:15: note: Division by zero
ant = job / n;
~~~~^~~
1 error generated.
Same run command and analyzer output with line 22 commented out:
CMD> clang -Xanalyzer -analyzer-werror -Xanalyzer -analyzer-output=text
--analyze reduced5.c
<no warning>
Commit <a href="https://reviews.llvm.org/rG8ddbb442b6e87efc9c6599280740c6f4fc40963d">https://reviews.llvm.org/rG8ddbb442b6e87efc9c6599280740c6f4fc40963d</a> must
be present for the warning to appear at all -- prior to that commit, no warning
would be issued at line 25, with or without the empty loop present.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>