[cfe-dev] [analyzer] Simple Example produces an inconsistent result

Aleksei Sidorin via cfe-dev cfe-dev at lists.llvm.org
Tue Nov 3 00:18:38 PST 2015


Hello Scott,

You have touched a very sensitive moment.

TL;DR: The reason warning does not appear is that function is not 
analyzed out of context if it was inlined before. Functions are analyzed 
in topological order. In your case, inlining of 'foo' does not touch 
(len < 10 == true) branch so it will never be analyzed.

But, more thoroughly,  CSA has some issues with topological sorting. 
First, it is not clear if topological sorting is really required since 
it throws some possible execution paths away (as in Scott's example). 
Second, it does not work as expected because of some call graph issues 
(I made some attempts to resolve them and hope to contribute these patches).

However, the assumption that function is analyzed only in given contexts 
can reduce amount of false positives.

In our opinion, we should  analyze all the functions and skip 
out-of-context analysis of functions that are:
1. not externally visible or
2. are private class members.

But this is a subject for discussion.


> Hi All,
>
> Given the following code:
>
> // test.cpp
> int foo(int len) {
>      int j = 0;
>      if (len < 10)
>          j = 42 / j;
>      return j;
> }
>
> the command
>
> clang --analyze test.cpp
>
> issues the bug report
>
> tu.cpp:6:10: warning: Division by zero
>                  j = 42 / j;
>                      ~~~^~~
>
> However, it seems that merely introducing another function which calls
> foo() with an argument that would not trigger a division by zero nullifies
> the bug report. For instance, analyzing
>
> // test.cpp
> int foo(int len) {
>      int j = 0;
>      if (len < 10)
>          j = 42 / j;
>      return j;
> }
>
> void bar() {
>      int m = 12;
>      foo(m);
> }
>
> in the same way will NOT issue a bug report. Isn't this a bug in the static
> analyzer?
>
> Note: I tested this with clang 3.7.0 and 3.8.0.


-- 
Best regards,
Aleksei Sidorin
Software Engineer,
IMSWL-IMCG, SRR, Samsung Electronics




More information about the cfe-dev mailing list