[cfe-dev] [analyzer] Tracking values across loop iterations

[Vince Bridgers via cfe-dev]

This one looks very similar, if not the same, as the case in a previous
email.

If I try to use __builtin_assume to tell the SA that len is > 0, I still
see the SA error. It seems the analyzer is exploring a case where the
expression "(len*2)" is equal to 0 from what I can see?

Does this makes sense, or perhaps I'm missing something?

Thanks - Vince

clang -cc1 -analyze  -analyzer-checker=core    test.c
test.c:14:17: warning: The left operand of '==' is a garbage value
    if (ptrs[i] == ptrs[i+len])
        ~~~~~~~ ^
1 warning generated.

The reproducer …

int getV();// { return 0; }
void foo() {
  int len = getV();

  int ptrs[len*2];
  for (int i = 0; i < (len*2); i++) {
    ptrs[i] = 0;
  }
  for (int i = 0; i < len; i++) {
    if (ptrs[i] == ptrs[i+len])
        return;
  }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200215/1023b591/attachment.html>