[cfe-dev] : Analyzer ignoring the effects of a function call?

Arjun Singri arjunsingri at gmail.com
Sun Oct 2 17:48:12 PDT 2011


But how did it arrive at the conclusion that 'a' was '0' when it is clearly
unknown? If I don't provide an intial value for 'a', it still reports the
same warning. Does that mean that it is interpreting that 'a' is set to zero
inside the function?

On Sun, Oct 2, 2011 at 5:35 PM, John McCall <rjmccall at apple.com> wrote:

> On Oct 2, 2011, at 4:59 PM, Arjun Singri wrote:
>
> I think I am getting a false positive for IdempotentOperationChecker which
> is affecting another checker I am writing. Here is the program I am running
> the clang analyzer on:
>
> #include<stdio.h>
>
>   int main(void)
>   {
>       int a = 5;
>       int b = 4;
>       int c = 10;
>
>     *  scanf("%d", &a);*
> *
> *
>       if (a + b == 4) {
>           c = a + b;
>       }
>       return c;
>   }
>
> I get:
>
> $clang --analyze d.cpp
>
>
>
> *d.cpp:12:15: warning: The left operand to '+' is always 0*
> *        c = a + b;*
>                         ~  ^
> Why is it ignoring the scanf function call? Is this expected because the
> analyzer doesn't do inter-procedural analysis? But even then I think it
> shouldn't ignore the effects of the function call. Now this is happening
> because the LHSVal.isConstant(0) call inside the IdempotentOperationChecker
> is evaluating to true.
>
>
> It's not ignoring the scanf call:  if it were, it would think that 'a' was
> 5, not 0.  No, here it's presumably analyzing the dominating if condition
> and doing basic algebra.
>
> John.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20111002/0877ba26/attachment.html>


More information about the cfe-dev mailing list