<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/61512>61512</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
CSA widen-loop option may lead to false positives arsing from useless for loop
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
Geoffrey1014
</td>
</tr>
</table>
<pre>
CSA 's widen-loop option may lead to false positives arsing from useless for loop.
Besides, there is a wrong path note: ` instrument_npd305.c:9:10: note: Value assigned to 'l' `
See it live : https://godbolt.org/z/x9evh8qPv
Compilation options : clang --analyze --analyzer-output text -Xclang -analyzer-config -Xclang widen-loops=true
input:
```c
#include <stdio.h>
unsigned char **a() {
int d =0;
int i;
int *k = &i;
int *j = k;
int *l = j;
for (; d < 7; d++)
printf("NPD_FLAG\n");
0 != l, *l;
}
void main() { a(); }
```
Output:
``` bash
instrument_npd305.c:11:11: warning: Dereference of null pointer (loaded from variable 'l') [core.NullDereference]
0 != l, *l;
^
instrument_npd305.c:15:15: note: Calling 'a'
void main() { a(); }
^~~
instrument_npd305.c:9:3: note: Loop condition is true. Entering loop body
for (; d < 7; d++)
^
instrument_npd305.c:9:3: note: Loop condition is true. Entering loop body
instrument_npd305.c:9:3: note: Loop condition is true. Entering loop body
instrument_npd305.c:9:10: note: Value assigned to 'l'
for (; d < 7; d++)
^
instrument_npd305.c:9:10: note: Assuming 'd' is >= 7
for (; d < 7; d++)
^~~~~
instrument_npd305.c:9:3: note: Loop condition is false. Execution continues on line 11
for (; d < 7; d++)
^
instrument_npd305.c:11:3: note: Assuming 'l' is equal to null
0 != l, *l;
^~~~~~
instrument_npd305.c:11:3: note: Assuming pointer value is null
0 != l, *l;
^~~~~~
instrument_npd305.c:11:11: note: Dereference of null pointer (loaded from variable 'l')
0 != l, *l;
^~
1 warning generated.
```
Deleting the loop which is useless code, NPD warning disappear
See it live : https://godbolt.org/z/b9G9W4oef
```c
#include <stdio.h>
unsigned char **a() {
int d =0;
int i;
int *k = &i;
int *j = k;
int *l = j;
//for (; d < 7; d++)
printf("NPD_FLAG\n");
0 != l, *l;
}
void main() { a(); }
```
Compiling this case without widen-loop options does not results in FP NPD warning.
So, it seems that widen-loop has a negative effect.
See it live :https://godbolt.org/z/sEhq8vMGa
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUV01v4zYQ_TX0ZWBBoizLPvjgz1y22wALtL0taHEkMUuTCknZyR7y2wtSlu3sponTLAo0MBiZM-R7fJwZj5i1olKIM5ItSLYasNbV2sxuUJelwcckTkaDreaPs-WXORCaWzgIjmootW5AN05oBTv2CBIZB6ehZNIiNNoKJ_ZogRkrVAWl0TtoLUq0FkptwK-PSLwi8XyBVnC0hC7B1WgQhAUGB6NVBQ1zNSjtkKRzIOMYhLLOtDtU7qtqeBpnUUHS-ZSk8yT2Pr3vH0y2CMfTBWaE5pLQ3O_S4X5BBOFAij2CX1I711iSzgndELqpNN9q6SJtKkI33wndPExxX0_ub_fd8m5c6l0jJAs6dHLYsFkhmapgOGSKycfveH4yQ926pnXg8MHB8K-j48laaFWK6mQ4q21JunKmxUt0oZrWecrd3DjuPsXxO02FKmTL_fmW1nGho5qk687aqqM2Rc0MEDondM4InRA6BZIvOicAoRxwIOkqJuniErszidNs953Q-TfvDYSOX7DdBdu3s-E4L8P83cUCHySeTboI8EvIwyOhi_CZ9n4AjRHKlYE5_Xy7-rr5NL8h2VIRSr3fecsYCE08jvSx5lHPR8pX3cNeCw47JtRZCTiq4vFPfietLyX5Pdzsz_cBW2br_sZeit8k6Qc4MKOEqvzjCg2WaFAVCLoE1UoJjRbKYZBGasaRd6m1Z0awrcQ-ygP1bFFog9HnVsqLrUi2ukIQINn6VcZZP5xSbsmk9LlOaM48hXfpCc_-SLZ-enoN3id8egn-ydejQisuQioKCz5XIoC1l8vTChXLl7J3RtgbQnycyX-_75Wl8v2p2F_e-wjMrW13x8jhvkQLX0PXPjA_wOHp6cMhFH7MIlg_YNGGuUIrJ1SLFrQCKRRCkryX4VuJlfzI61IeeZQH71sm_VX5onBNOveKvCrJK9h93dmHYBH2auCrcbvy1wN_rPZdpchlrHRzSV99oUKFhjnk0SvlvhtXKNH5Na7GLgUPtShqr1Hf8BSaoyfw-XZ1QuDCsqZB_9P7r7qR7fRm-udIY_mM0f-wA_jnFqA7-pV59Uu7gMvxQx1B1x520SEsFMwiHISrdet-bqQtcI3WpwAYtK10FoSCze1l3Bzj8Yv25IUDi7iz4Gr2bL-a-RZaYcV8Fw5Ylli46MVAeyvO7Lq-n-x_u2EDPkv5NJ2yAc6ScT6lKc3ibFDP8sko4QktCspHozjfsgmdFGkSbxHzMsmTgZjRmKZxmkyTlE5oFpVxweNsmxfxOMtZMiajGHdMyEjK_c5jD4S1Lc7GSZbQgWRblDa8oFCq8ADB6O81Ww3MzK8ZbtvKklEshXX2vIsTTmJ4c_l1Ly2D1sjZD6IJV7fbqNA7Qjce_Phv2Bh9h4UjdBMoW0I34Uh_BwAA__9b_-Ce">