<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/82802>82802</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Boolean equality of two undefined bools incorrectly interpreted as "true"
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang:dataflow
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
            ymand
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          ymand
      </td>
    </tr>
</table>

<pre>
    The built-in interpretation of boolean equality forgets to check for nullness before checking for pointer equality:
```
  Value *LHSValue = Env.getValue(LHS);
  Value *RHSValue = Env.getValue(RHS);

  if (LHSValue == RHSValue)
    return Env.getBoolLiteralValue(true);
```
https://github.com/llvm/llvm-project/blob/dfa1d9b027e677cf1379dffee0059261a34f3481/clang/lib/Analysis/FlowSensitive/Transfer.cpp#L58-L59

Therefore, when both are null, the equality will be interpreted as true.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyUk09v4ywQxj8NvqBaePDfgw_J29fqIae22jvgwWaXQhZwo3z7lZ2k2XallVayZHvg94zmmRkRo5kcYk-qPQE4vwk3EgBSPWZiSbMP_RbKpB_P_euMVC7GpgfjqHEJwzFgEsl4R72m0nuLwlH8uQhr0plqHyZMkSZP1YzqxxqgbrHWYYxUovYBLyfGTdvh0W-yHxKE7wh7JGxHanZ9tl9Kvwm7ICWwOzy9XL_5I_3fvecTpi1AoD08vRDoCN__QT3_hXr-TN1Yo-lF8gNc2ZvQSlwvUhowLcHddPfe24NJGIS9pUjhQnzk-FzenNIxrrXDQGCYTJoXmSv_RmCw9v32ejgG_x1VIjBI6yWBYdSiGDvJoMG6aZQueNONWiMyVnVQF4KXmpdtQWBQVrhpFTIruHPCnqOJBIbB-tMLumiSeUcCw2sQLmoMuToeCfBD1T4cqu53a15nDFsvCfxHTzM6Kn2aqQi4NXuNphnvY3Ey1lKJ9wnCkYpIV0_ybOz52PFOZNgXDWubghUVZHPfVFjVha5lWTV1JVSpWNmoVmvWSqVEmZkeGJQMgBdNCZzlBfBKdI0oOgGixZqUDN-EsfnqXe7DlJkYF-xbaBlkVki08boGF3P4bhRJaOtP140I_Wa7XKZISmZNTPEulkyy2O-_7oDXNJ08XdyI2jgcty2J1DjlQ0CV7PmrDwTgMh6QLcH2_zwLW1VrJ7fCfgUAAP__ISk7Fg">