[clang static analyzer] `clang_analyzer_eval` affects the analyzer's result

Question

[clang static analyzer] `clang_analyzer_eval` affects the analyzer's result

Closed this issue 2 years ago · 1 comments

date: 2023-1-15
commit: 0c0681b7414c385d0fd5fad302c0d48607262050
args: --analyze -Xclang -analyzer-stats -Xclang -analyzer-checker=core,debug.ExprInspection
test:

void clang_analyzer_eval();

void f(int c)
{
    int b = 0;
    int d[1] = {b};
    int *e = d;
    clang_analyzer_eval((*e ^= c) || b);
    if ((*e ^= c) || b)
    {
        clang_analyzer_eval((*e ^= c) || b);
        if ((*e ^= c) || b)
        {
            *(int *)0;
        }
    }
}

report: llvm/llvm-project#60118
fix:
original:

Answer 1 · 2023-01-15T05:32:39.000Z

In this case, when clang_analyzer_eval is added at line 8 (https://godbolt.org/z/oPGfvsaaf), the eval statement inside the if branch has no output. But when line 8 is commented out (https://godbolt.org/z/x78nen5xv), then it is output.

Also, the eval result of ((*e ^= c) || b) (line 11) should probably be TRUE after analyzer goes inside the if branch. On top of the FALSE given by analyzer, it instead goes into the next if branch to do the analysis.