[cfe-dev] Clang SA false positive
Bhargava Shastry via cfe-dev
cfe-dev at lists.llvm.org
Mon Oct 19 04:13:25 PDT 2015
Hi All,
I came across a curious pattern of FPs while evaluating Clang SA:
$ cat garbageread-fp.c
1. extern void printInt(int x); // prints int
2.
3. static int zero = 0;
4.
5. void f() {
6. int x;
7. if (zero != 0)
8. printInt(0); // dead code
9. else
10. x = 0;
11. if (zero == 0) {
12. if (!x)
13. printInt(x);
14. }
15. }
$ clang --analyze garbageread-fp.c
garbageread-fp.c:12:8: warning: Branch condition evaluates to a garbage
value
if (!x)
^~
1 warning generated.
I have uploaded an html report here: http://output.jsbin.com/jiqewevihi
Why does Clang SA forget the constraint down the execution path?
Notes:
1. Replacing static with extern retains the FP.
2. The FP has something to do with function inlining. Replacing printInt
with standard library function makes the FP go away!
Regards,
Bhargava
More information about the cfe-dev
mailing list