[LLVMbugs] [Bug 23693] New: false positive due to ignoring nonwritten value

Fri May 29 07:13:33 PDT 2015

https://llvm.org/bugs/show_bug.cgi?id=23693

            Bug ID: 23693
           Summary: false positive due to ignoring nonwritten value
           Product: clang
           Version: 3.4
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: rgerhards at hq.adiscon.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 14403
  --> https://llvm.org/bugs/attachment.cgi?id=14403&action=edit
Report

I have banged my head over this one for quite a while. I think it either is a
false positive ... or the construct is too complex for static analysis.

Have a look at the attached report. Keep an eye on variable
"expr->r->nodetype". Between points 2 and 7, it never is written. However, the
analyzer assumes in step 3 that it's value is 'A' but in step 6 it assumes it
has changed to not 'A'. The only place where it could potentially have been
written is in line 2285, as part of the function call. And, indeed, if I
comment out that line, the report goes away. 

Note that evalStrArrayCmp() never writes the expr->r parameter. If I change the
prototype to explicitely make expt->r const, the warning goes away. So it looks
the static analyzer now unerstands that the value cannot change.

Question now: is this a bug or an inherant limit in static analysis?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150529/bbbab474/attachment.html>