<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/141514>141514</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang-tidy] New false positives from clang-analyzer-core
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang-tidy
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          douzzer
      </td>
    </tr>
</table>

<pre>
    After upgrade from LLVM-21 snapshot fcb4bda9 to 7dc7c155 (21.0.0_pre20250510 to 21.0.0_pre20250523), we are seeing numerous false positives and nonsensical output from `clang-tidy`, for example:
```
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:5322:9: note: Uninitialized value stored to field 'used'
5322 | XMEMCPY(r->dp, a->dp, a->used * (word32)SP_WORD_SIZEOF);
| ^
./wolfssl/wolfcrypt/types.h:801:31: note: expanded from macro 'XMEMCPY'
801 |     #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
| ^~~~~~~~~~~~~~~~~~~
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:5325:13: note: Assigned value is uninitialized
5325 |     r->used = a->used;
| ^ ~~~~~~~
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:8541:47: warning: The right operand of '>' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
8541 |     else if ((err == MP_OKAY) && (a->used - i > r->size)) {
| ^
```
(`XMEMCPY` is a macro that reduces to `memcpy` in this build.)

The note that an uninited value was stored to `used` by the `memcpy` makes no sense -- the `dp` slot is an inline array at the end of the struct (`r` and `a` are both `sp_int` structs).

To be perfectly clear, the code at issue functions correctly, is clean on numerous other static and dynamic analyzers, and produces no warnings or notes on 21.0.0_pre20250510, all else equal.

In all, we saw these new false positives on 21.0.0_pre20250523:
```
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:5325:13: warning: Assigned value is uninitialized [clang-analyzer-core.uninitialized.Assign]
5325 |     r->used = a->used;
| ^
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:8541:47: warning: The right operand of '>' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
8541 |     else if ((err == MP_OKAY) && (a->used - i > r->size)) {
| ^
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:14137:15: warning: 3rd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
14137 |         err = sp_exptmod_ex(b, e, (int)e->used, m, r);
| ^
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:17339:54: warning: The right operand of '>' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
17339 |     if ((err == MP_OKAY) && (r != m) && (a->used * 2 > r->size)) {
| ^
```
The code under test is at https://github.com/wolfssl/wolfssl at commit 6c7edeba38, and the configuration under test in the above is
```
./configure --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-sp-math-all CFLAGS='-Wunreachable-code-aggressive -Wthread-safety -Wloop-analysis -Wenum-compare-conditional -fcolor-diagnostics -fcomplete-member-pointers -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -Wno-language-extension-token -DTEST_ALWAYS_RUN_TO_END -g -fdebug-types-section -Wunreachable-code-break -Wunreachable-code-return -Wimplicit-fallthrough -DWOLFSSL_SP_INT_NEGATIVE -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DWOLFSSL_ALT_NAMES -DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_OLD_PRIME_CHECK -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DSP_ALLOC -DWOLFSSL_CLANG_TIDY -DNO_WOLFSSL_MEMORY'
```
(With a locally developed helper script, `clang-tidy-builder.sh`, passed in as `CC`.)

We have a complicated `clang-tidy` configuration, but for `core` checkers it is only enabling and disabling whole checkers, not frobbing their internal settings.

</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzsWE1z47jR_jXwBQUVBZqSfPCBI9G7rpUtv5a9eicXFki0SGRAgAuA9mgO-e2pJvVljyfJVmV3L1G5ZHx0A-inn240JLxXlQG4JsknkiwuRBdq666l7b59A3dRWLm7TrcBHO3aygkJdOtsQ5fLX-8YH1NvROtrG-i2LC4LKa5osHQqy2k5ThJK-IyPR9EoylsHPOJJlIwjlHg_ymPCrwif01egwgH1AMpU1HQNONt5uhXaA22tV0G9gKfCSGqs8WC8KoWmtgttF4ajkUlUamEqFpTckUmEy26to_BVNK0GEqckSnF8-ItSwm9q2wDhN69WbwsbCL8JTbvve6_zAD7kr9Z9kcqNxtNkEp8m963S7VpU9K7E7zZXJoxKEqdJzDmJ0ysSp9TYgPvTZ6OMCkpo9Q0kfRG6A-qDdSARnK0CLSnh086DJHxKon4RSqZz-v932d384TPhM8dInMkWrRPvmqhHCU8R_1frZMwJv1o_5JvV4yJf3_4tW90g3PEnNH46pyTJSJSOfmhT2LXgRzWJ01k0JnEaj8-Nga-tMBLkgH4jSmfx8MeT4vln0bg_Pn4IjyVslYEzYyThc0_4XBN-hTINNGW7I3w2zCE1CJ_5Y0v3ravT-f_x3efPcGxC4nQcn4ORDuF0cKrytDv39eDK5IiFO7krXpyc98Y19M8yaJZcomMvp2jIq3BGmQqbTzVQp6o6UNuCw9CzW_QwiTPCp2ijoJVwhahgbzZJPg0hKIzQu2_gWGkdjJ7N4Hj5SRnhditcLVj3CL7TgSQLJEpyeWIKYNAr3At5AM4hSgjU3UO--iX9jGQhfEL4BEVO1GdUURJnA7pefYOBLZRM3zL-bRKYkUl0YOQkGswa2BxqEagD2ZXgMUDJJNoTFOUMDbXytOiUlqM9KaMUQUNSDMrC7HlwZMar8GchTyZR7_dJRIsdDTW83aMRX8BTYykmPKCMHURki9Ne29Cf11BlNEaWcE7sqAi9HAwew6YPrisDHYx1qIvuJJNI9G0HtLChxoGBF_3qvQ7G3mhvmqUF0BbcFsqgd7TUIBwmH9yhtBJwY-V9B3TbmTIoazwtrXO9OAoq3ysZas0px9tQg6M-iKDK_lhyZ0TTtwcS-T7BGUlbZwdfGHvgqafW9Xh7XPP7S6dX1XqgFPzWCb035tbg-P7q8eIVjfBADbx-d-l8sDCP_4Lr5JR1zoL03ySeH4XkG6HRsMgQib87T_0vP_3X89MfCuf4chwjlOPkHZ6xk8fApSVGjXBV14A5JJnug_LlB5DOhdapkXfgvahgwLDf-AhiD-QAHfVtDl_b0FiZw1fCZwXGJeAX4TNMR_wKjtzjc9rgl_uglvmDkZvGMdZzyeVfyMT-EEcU_2MWOkr4GGebH7ETC0f-u-_Pp0Pu74wERxHe3t5A6xBaj2mS3xB-U6lQd8WotM13eHuvUb60TaMCnZRTkFCIeHZI-8P1Yraq6pzoyXm-l-nnRWFfMPu9Ox3WtgdVvD_BiEIDQ24fO7hMCS6cTb_tyqD9OH7bZ03o3o1snahYWb8dLZU8DfzWqZIy9qpCzfzOs55olrVWq3J3EvMta0So-1POb5bpT2t0LJ-yTWcciLLupRB0JqrKgffqBSjbhNqBkMyLLYQdZRttbTvwyytP2QZM17DSNq1wqG6kQjCFpmxbWm0dk0pUxvqgSt-P4bMpAGugKcCx1ioTwOFKNQgJjtW7SoHBrX1wylS46As4jy5imyC6YLWt8KHG7As4LdrD9pRtjGUYAJ2ogMHXgC86a1iwX8BQtnjK1k95utykn9f54_N9_rTKs_sFZRVlWwlFV7H-ccI8DOnqA2wKB-LLRxMOQudQRTWtVqUKbCu0DrWzXVVTttisljfr9TJfP-S390_5ffZT-nT7a0bZ4pcse8hXz4_5PHt8OvQfsuw4cFBNl0_5fXqXrSlb3K_yw_D89uHn7DFfP98-ZTmaeKayWi7yh8fbuyyf_5zNf6GsBSkM1kRsI6HUYuA-E_goZ1guQZ-a91gtbz8dz716fpxn6_z2fr58Xt-u7vN19n_P2f0cTVg_5OlyuZqf7Txfpvc_5U-3i89vT3uX3a0e9w-5dyXzRoWaCqotXhM7KuEFtG1B0hp0i9Vc6RTm0PnbVznri2VwI1_vH-it8Jh7lKHCo-x8TibRqZreAK3FC1BBezaqUmAl_f6l_zY74LJFF_q3P0paB71MDeUXpK_qE5Q1ekf7gFOmGspO5fe919pqOCrgesb2PzIUBU6HGpSjfTBg9HgIAStRLCwv5HUsr-IrcQHX4-nljM8mSTS9qK-BR5EcT4GDGE_4hMNkXERXYiy2k1mSbOWFut5XlpPxVTTj0xEXIEWURHAVT6dxnJDLCBqh9Ejrl2ZkXXXRl9rX48txMr680KIA7ftfczg_Q4dzkiwu3DVqsaKrPLmMtPLBn9YJKuj-d6AztWRB7z8ohfun_gcX10Xn9PW_SPi41_4fa539O5R4wfYGeMJv9ja8XPN_BgAA__-gle3f">