[cfe-dev] : Analyzer ignoring the effects of a function call?

Sun Oct 2 17:35:02 PDT 2011

On Oct 2, 2011, at 4:59 PM, Arjun Singri wrote:
> I think I am getting a false positive for IdempotentOperationChecker which is affecting another checker I am writing. Here is the program I am running the clang analyzer on:
> 
> #include<stdio.h>
> 
>   int main(void)
>   {
>       int a = 5;
>       int b = 4;
>       int c = 10;
> 
>       scanf("%d", &a);
> 
>       if (a + b == 4) {
>           c = a + b;
>       }
>       return c;
>   }
> 
> I get:
> 
> $clang --analyze d.cpp                                                                                                                                              
> 
> d.cpp:12:15: warning: The left operand to '+' is always 0
>         c = a + b;
>                         ~  ^
> Why is it ignoring the scanf function call? Is this expected because the analyzer doesn't do inter-procedural analysis? But even then I think it shouldn't ignore the effects of the function call. Now this is happening because the LHSVal.isConstant(0) call inside the IdempotentOperationChecker is evaluating to true. 

It's not ignoring the scanf call:  if it were, it would think that 'a' was 5, not 0.  No, here it's presumably analyzing the dominating if condition and doing basic algebra.

John.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20111002/24bcd505/attachment.html>