<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/153782>153782</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [analyzer] False Positives due to conflicting assumptions in callee and caller about returned value's field
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          marco-antognini-sonarsource
      </td>
    </tr>
</table>

<pre>
    https://github.com/llvm/llvm-project/pull/115917 introduced a regression with the following code:

```c
typedef struct { int error; } Status;
Status getError();
int global;

Status get(int **outptr) {
  Status e = getError();
  if (e.error != 0) return e; // field error is assumed to be non 0
  *outptr = &global; // therefore this is not executed
  return e;
}

int func() {
  int *ptr = 0;
  if (get(&ptr).error == 0) // field error is assumed to be 0
    return *ptr; // therefore this is a null deref
  return 0;
}
```

https://godbolt.org/z/seaaeMrTd

Another example with another Checker:
```c
typedef struct {
  int v;
} STATUS;

STATUS STATUS_OK = {0};

void use(const char* x);

STATUS get_two(const char** ret);

static STATUS get_one(const char** ret) {
  STATUS status;
  const char* s;

  status = get_two(&s);
  if (status.v != 0) {
    return status;
  }

  *ret = s;

  return STATUS_OK;
}

int main() {
 STATUS status;
  const char* s;

  status = get_one(&s);
  if (status.v == 0) {
    use(s);  // FP
 }
}
```

https://godbolt.org/z/8x5Ghh95b

FYI The godbolt links show the difference between trunk and v19. I've done the bisection locally down to https://github.com/llvm/llvm-project/commit/4610e5c78647983f79d1bd5264afff254774e13e.

This issue impact many projects that have struct to represent error codes. I often seen them wrapped with macros, such as in the Samba project. https://github.com/samba-team/samba/blob/7b5cc7d37f11347a606a4a9fe7f44ae43193318d/libcli/util/werror.h#L66
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJykVk2P2zYQ_TX0ZbCGRH364IM3WxVBWzTAbg89BRQ5stjQpEFS9m5-fUFS0q6TIG1awIAlcWbevJk3JJlz8qgR96S6J9XDhk1-NHZ_YpabO6a9OWqp5Z0zmllnJstx0xvxsh-9PztSHAjtCO2O0o9Tv-XmRGin1GX5uztb8xdyT2h3npQitMvzapc3ILW3RkwcBTCweLTonDQartKP4EeEwShlrlIfgRuBASiLvzpLP06yg385o8ABnLcT90Ca-xAX0FpjSXEPpHmAR8_85EhxT7JDeoYj-p-iCW0J3aWl4HdUpmcqvd9YE9qGdUIPhB7M5M_eEroLeCQ7wAwBCKR4-GZwADkAoS1uY2pAaB5MsxDEop-sBoz5xlrCIFGJxAKkA-bcdEIB3kCPoI2GLMZcc4m4hNZr_ksgP6LFwVgEP0oXYmnjAZ-RTx5FDPIGPrBuHhL3QHeYNE8sVqZzFRbM7JZeqhShdarPQrZ4WMn-G4KJ3JpZgvsuKQZ6UgpE-P6WVHZDahFOIviFfI3ojfJbY4-Edp8J7Rwyhr_ZJ5HMD9oEXMBndjorTDJl88d3I_JPaGeNfl-gaxkva3Lw-HR4-uPxVXfxdf768fdfUnub-ywQWYwuRgqYHBLacqOdBz4yS-gBnlfVvYY6ov_or-ZL22BuQ89eHZxnXnJ442f0Vxivfq8jkBzcm2EDuE3MrSAw2y3zMudGaO2-Gplkub3czMyCunb6FndVcZwRiz4CvcWf3dYSf0P9Jyb1rfr_H8dUx3_g-HZUVo6py7MbLGPQfQjLc8r_ReHtc_XzOO6qPpl3f76HpxFhNgQl9ScHbjTXuB0LOQxoUXOEHv0VUYO3k_4ETAu45LstvCe0uSAIozF69NIh92FPV4YzpV5AmKsOQ_7DRwc3p5MMD2WdZ1jxpq3LZtcWQ7MTeS8qWpdsGAZalU1TYl7gNnF6ShuEmxDk6cx46Kp-gTmwAz8yDyO74DKg3oDFs0WHyzESTx-3hfdgBo8aXGQ-4gmulp3PKNJWcGLcGkfoO3ATH4E5kNEMHtmpZwvi9nvUXbC888jWF0K7Xpme0K7pK84bUTRDnhdlw-qsZiXbDdgMZcmwLPJdUeStCKWTPVeS0G7yMpy310hjOxJa_FrXG7EvxK7YsQ3u86aqaFXmBd2M-yFjTdP2bd9XtM7ZwPluwDqrOQ6C83bYyD3NaJW1eZVnRVXQbZU1rMKsGHosRN03pMzwxKTahuYFnW1i5fd5VTQt3SjWo3LxlkGpxmvqC6E0XDrsPna8n46OlJmSzrvXMF56Fa8nTDP18hktqR6gY8ohfDBOenlBB2LC0D1u9KAk9-HeEI-Vc1Bg7EbQIGLUa3y0wHoz-XkvQAEXpkJCjUvn02ay6sdvOZGVC_ecRPuyp38HAAD__-Xi3z0">