[clang] [analyzer] Don't assume third iteration in loops (PR #119388)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Fri Dec 13 04:58:36 PST 2024
================
@@ -2801,8 +2799,35 @@ void ExprEngine::processBranch(const Stmt *Condition,
if (StTrue && StFalse)
assert(!isa<ObjCForCollectionStmt>(Condition));
- if (StTrue)
- Builder.generateNode(StTrue, true, PredN);
+ if (StTrue) {
+ // If we are processing a loop condition where two iterations have
+ // already been completed and the the false branch is also feasible, then
+ // don't assume a third iteration, because it is a redundant execution
+ // path (unlikely to be different from earlier loop exits) and can cause
+ // false positives if e.g. the loop iterates over a two-element structure
+ // with an opaque condition.
+ //
+ // The iteration count "2" is hardcoded because it's the natural limit:
+ // * the fact that the programmer wrote a loop (and not just an `if`)
+ // implies that they thought that the loop body may be executed twice;
+ // * however, there are situations where the programmer knows that there
+ // are at most two iterations, but writes a loop that appears to be
----------------
steakhal wrote:
```suggestion
// are at most two iterations but writes a loop that appears to be
```
https://github.com/llvm/llvm-project/pull/119388
More information about the cfe-commits
mailing list