[cfe-users] Clang Analyzer: false positive or am I missing something?
Andrew Fuller via cfe-users
cfe-users at lists.llvm.org
Sat Jun 25 11:01:17 PDT 2016
I'm trying to understand an issue reported by Clang's static analysis
tool. The code below demonstrates the issue:
$ cat problem.c
#include <stdint.h>
int main() {
#if VARIANT==1
uint32_t data = 0xdeadbeef;
uint8_t* byte = (uint8_t*)&data;
uint8_t value = byte[0];
#elif VARIANT==2
uint32_t data = 0xdeadbeef;
uint8_t* byte = (uint8_t*)&data;
uint8_t value = byte[1];
#elif VARIANT==3
uint32_t data[1] = {0xdeadbeef};
uint8_t* byte = (uint8_t*)&data[0];
uint8_t value = byte[0];
#elif VARIANT==4
uint32_t data[1] = {0xdeadbeef};
uint8_t* byte = (uint8_t*)&data[0];
uint8_t value = byte[1];
#else
#error "Define VARIANT={1,2,3,4}"
#endif
return value;
}
Now, when I throw Clang's static analysis at it with VARIANT 1,2, or 3 it
says everything's a-OK. But with VARIANT=4 it complains:
$ scan-build-3.8 --use-cc=clang-3.8
/usr/share/clang/scan-build-3.8/libexec/ccc-analyzer -D VARIANT=4 problem.c
scan-build: Using '/usr/lib/llvm-3.8/bin/clang' for static analysis
problem.c:19:5: warning: Assigned value is garbage or undefined
uint8_t value = byte[1];
^~~~~~~~~~~~~ ~~~~~~~
1 warning generated.
scan-build: 1 bug found.
scan-build: Run 'scan-view /tmp/scan-build-2016-06-25-104600-17811-1' to
examine bug reports.
My question is why is byte[1] undefined in VARIANT 4 but not anywhere
else? I would think if it's complaining that the value is dependent on
endianness, then they should all be reported. Is there some detail of the
C spec that I'm missing, or have I stumbled on a false positive (would be a
first for me -- every other issue reported has been legit thus far).
Thanks,
-Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-users/attachments/20160625/31bf7270/attachment.html>
More information about the cfe-users
mailing list