GSA evaluates `((0)+1)==((b[0][0][1])+1)` to be FALSE with the fact that `0 == b[0][0][1]`

Question

GSA evaluates `((0)+1)==((b[0][0][1])+1)` to be FALSE with the fact that `0 == b[0][0][1]`

Closed this issue a year ago · 3 comments

date: 2023-1-10
commit:
args: --analyze -Xclang -analyzer-stats -Xclang -analyzer-checker=core,debug.ExprInspection
test:

#include <stdbool.h>
void clang_analyzer_eval();
#include "csmith.h"

void a() {
  int32_t *b[2][2][2] = {};
  if (0 == b[0][0][1]) {
    clang_analyzer_eval((0 == b[0][0][1])==true);
    clang_analyzer_eval(((0)!=(b[0][0][1]))==false);
    clang_analyzer_eval(((0)+0)==((b[0][0][1])+0));
    clang_analyzer_eval(((0)+0)<((b[0][0][1])+1));
    clang_analyzer_eval(((0)+1)==((b[0][0][1])+1));
    clang_analyzer_eval(((0)+0)<((b[0][0][1])+2));
    clang_analyzer_eval(((0)+1)<((b[0][0][1])+2));
    clang_analyzer_eval(((0)+2)==((b[0][0][1])+2));
    clang_analyzer_eval(((0)-0)==((b[0][0][1])-0));
    clang_analyzer_eval(true);
  }
}

report:
fix:
original:

Answer 1 · 2023-01-10T13:48:46.000Z

CSA：https://godbolt.org/z/5c9dWE9n1
GSA：https://godbolt.org/z/WqhKa5Mrs does a better job

Answer 2 · 2023-03-20T01:14:08.000Z

See it live: https://godbolt.org/z/9YoMePYEK.

Answer 3 · 2023-03-20T02:28:30.000Z

duplicate of #30