CSA evaluates `((b)+1)==((0)+1)` to be FALSE with the fact that `b == 0`
Closed this issue · 2 comments
Geoffrey1014 commented
date: 2023-1-10
commit:
args: --analyze -Xclang -analyzer-stats -Xclang -analyzer-checker=core,debug.ExprInspection
test:
#include "stdio.h"
#include <stdint.h>
#include <stdbool.h>
void clang_analyzer_eval();
int32_t a() {
uint8_t *b = 0;
if (b == 0) {
clang_analyzer_eval((b == 0)==true);
clang_analyzer_eval(((b)!=(0))==false);
clang_analyzer_eval(((b)+0)==((0)+0));
clang_analyzer_eval(((b)+0)<((0)+1));
clang_analyzer_eval(((b)+1)==((0)+1));
clang_analyzer_eval(((b)+0)<((0)+2));
clang_analyzer_eval(((b)+1)<((0)+2));
clang_analyzer_eval(((b)+2)==((0)+2));
clang_analyzer_eval(((b)-0)==((0)-0));
clang_analyzer_eval(true);
;
}
}
report:
fix:
original:
Geoffrey1014 commented
https://godbolt.org/z/1v4sard7n
Output:
<source>:10:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval((b == 0)==true);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:11:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval(((b)!=(0))==false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:12:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval(((b)+0)==((0)+0));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:13:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval(((b)+0)<((0)+1));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:14:5: warning: FALSE [debug.ExprInspection]
clang_analyzer_eval(((b)+1)==((0)+1));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:15:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval(((b)+0)<((0)+2));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:16:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval(((b)+1)<((0)+2));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:17:5: warning: FALSE [debug.ExprInspection]
clang_analyzer_eval(((b)+2)==((0)+2));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:18:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval(((b)-0)==((0)-0));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:19:5: warning: TRUE [debug.ExprInspection]
clang_analyzer_eval(true);
^~~~~~~~~~~~~~~~~~~~~~~~~
===-------------------------------------------------------------------------===
Analyzer timers
===-------------------------------------------------------------------------===
Total Execution Time: 0.0030 seconds (0.0273 wall clock)
---User Time--- --System Time-- --User+System-- ---Wall Time--- --- Name ---
0.0000 ( 0.0%) 0.0014 ( 48.0%) 0.0014 ( 46.6%) 0.0145 ( 53.1%) Path exploration time
0.0001 (100.0%) 0.0004 ( 15.2%) 0.0005 ( 17.7%) 0.0107 ( 39.1%) Syntax-based analysis time
0.0000 ( 0.0%) 0.0011 ( 36.7%) 0.0011 ( 35.6%) 0.0021 ( 7.7%) Path-sensitive report post-processing time
0.0001 (100.0%) 0.0029 (100.0%) 0.0030 (100.0%) 0.0273 (100.0%) Total
10 warnings generated.
Compiler returned: 0
Geoffrey1014 commented
duplicate of #30