[llvm-bugs] [Bug 51950] New: [Analyzer] DivideZero warning affected by unrelated code
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Sep 23 12:51:52 PDT 2021
https://bugs.llvm.org/show_bug.cgi?id=51950
Bug ID: 51950
Summary: [Analyzer] DivideZero warning affected by unrelated
code
Product: clang
Version: trunk
Hardware: PC
OS: Windows NT
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: tauchris at utexas.edu
CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org
Created attachment 25287
--> https://bugs.llvm.org/attachment.cgi?id=25287&action=edit
Reproducer
I have a reproducer (shown below) that triggers a true positive
[core.DivideZero] warning at line 25 -- But *only* if the seemingly unrelated
empty loop at line 22 is present in the code. If the empty loop is commented
out, the [core.DivideZero] warning disappears.
The reproducer:
CMD> cat -n reduced5.c
1 typedef struct {
2 int c;
3 } TA;
4 typedef struct {
5 int e;
6 TA f;
7 } TB;
8 typedef struct {
9 int h;
10 } TC;
11 void j(TC *);
12 struct TD *l(TB *m) {
13 int n = m->e / 40;
14 int c = m->f.c;
15 int h = c * n;
16 struct TD *o = 0;
17 TC p;
18 for (; h;)
19 ;
20 j(&p);
21 // DivideZero warning @25 somehow depends on this unrelated empty
loop
22 for (int q = 0; q < c; q++) { }
23 int ant;
24 for (int job = 0; p.h;)
25 ant = job / n;
26 (void)ant;
27 return o;
28 }
The run command and analyzer output, with line 22 present:
CMD> clang -Xanalyzer -analyzer-werror -Xanalyzer -analyzer-output=text
--analyze reduced5.c
reduced5.c:25:15: error: Division by zero [core.DivideZero]
ant = job / n;
~~~~^~~
reduced5.c:13:3: note: 'n' initialized here
int n = m->e / 40;
^~~~~
reduced5.c:18:3: note: Loop condition is false. Execution continues on line
20
for (; h;)
^
reduced5.c:22:19: note: Assuming 'q' is < 'c'
for (int q = 0; q < c; q++) { }
^~~~~
reduced5.c:22:3: note: Loop condition is true. Entering loop body
for (int q = 0; q < c; q++) { }
^
reduced5.c:22:19: note: Assuming 'q' is >= 'c'
for (int q = 0; q < c; q++) { }
^~~~~
reduced5.c:22:3: note: Loop condition is false. Execution continues on line
23
for (int q = 0; q < c; q++) { }
^
reduced5.c:24:3: note: Loop condition is true. Entering loop body
for (int job = 0; p.h;)
^
reduced5.c:25:15: note: Division by zero
ant = job / n;
~~~~^~~
1 error generated.
Same run command and analyzer output with line 22 commented out:
CMD> clang -Xanalyzer -analyzer-werror -Xanalyzer -analyzer-output=text
--analyze reduced5.c
<no warning>
Commit https://reviews.llvm.org/rG8ddbb442b6e87efc9c6599280740c6f4fc40963d must
be present for the warning to appear at all -- prior to that commit, no warning
would be issued at line 25, with or without the empty loop present.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210923/a9aec3a6/attachment.html>
More information about the llvm-bugs
mailing list