| Issue |
61506
|
| Summary |
CSA emits confusing unrolling info with widen-loops configs
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
Geoffrey1014
|
CSA reports a fase psotive: " \<source\>:10:7: warning: Dereference of null pointer (loaded from variable 'd') [core.NullDereference] ". And the path note about the for loop ` for (b = 0; b <= 2; b++)` is confusing. (Too many " Entering loop body" and wrong note " \<source\>:7:15: note: Value assigned to 'd'".)
See it alive: https://godbolt.org/z/GYn5x4dTf
Input:
```c
# include <stdio.h>
int a() {
int b;
int c;
int *d = &c;
for (b = 0; b <= 2; b++)
if (d != 0,1) { // note: Assuming 'd' is equal to null
printf("NPD_FLAG\n");
*d;
}
}
void main() { a(); }
```
Output:
```bash
ANALYZE (Syntax): <source> a : 13.0 ms
ANALYZE (Syntax): <source> main : 0.0 ms
ANALYZE (Path, Inline_Regular): <source> main : 35.3 ms
<source>:10:7: warning: Dereference of null pointer (loaded from variable 'd') [core.NullDereference]
*d;
^
<source>:13:15: note: Calling 'a'
void main() { a(); }
^~~
<source>:7:3: note: Loop condition is true. Entering loop body
for (b = 0; b <= 2; b++)
^
<source>:8:5: note: Taking true branch
if (d != 0,1) { // note: Assuming 'd' is equal to null
^
<source>:7:3: note: Loop condition is true. Entering loop body
for (b = 0; b <= 2; b++)
^
<source>:8:5: note: Taking true branch
if (d != 0,1) { // note: Assuming 'd' is equal to null
^
<source>:7:3: note: Loop condition is true. Entering loop body
for (b = 0; b <= 2; b++)
^
<source>:8:5: note: Taking true branch
if (d != 0,1) { // note: Assuming 'd' is equal to null
^
<source>:7:15: note: Value assigned to 'd'
for (b = 0; b <= 2; b++)
^
<source>:7:15: note: Assuming 'b' is <= 2
for (b = 0; b <= 2; b++)
^~~~~~
<source>:7:3: note: Loop condition is true. Entering loop body
for (b = 0; b <= 2; b++)
^
<source>:8:9: note: Assuming 'd' is equal to null
if (d != 0,1) { // note: Assuming 'd' is equal to null
^~~~~~
<source>:8:9: note: Assuming pointer value is null
if (d != 0,1) { // note: Assuming 'd' is equal to null
^~~~~~
<source>:8:5: note: Taking true branch
if (d != 0,1) { // note: Assuming 'd' is equal to null
^
<source>:10:7: note: Dereference of null pointer (loaded from variable 'd')
*d;
^~
===-------------------------------------------------------------------------===
Analyzer timers
===-------------------------------------------------------------------------===
Total Execution Time: 0.0049 seconds (0.0528 wall clock)
---User Time--- --System Time-- --User+System-- ---Wall Time--- --- Name ---
0.0000 ( 0.0%) 0.0035 ( 77.4%) 0.0035 ( 71.2%) 0.0353 ( 66.8%) Path exploration time
0.0002 ( 44.2%) 0.0003 ( 7.6%) 0.0005 ( 10.5%) 0.0166 ( 31.4%) Syntax-based analysis time
0.0002 ( 55.8%) 0.0007 ( 15.0%) 0.0009 ( 18.3%) 0.0010 ( 1.8%) Path-sensitive report post-processing time
0.0004 (100.0%) 0.0045 (100.0%) 0.0049 (100.0%) 0.0528 (100.0%) Total
1 warning generated.
Compiler returned: 0
```
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
