[llvm-bugs] [Bug 61512] CSA widen-loop option may lead to false positives arsing from useless for loop

Sun, 19 Mar 2023 06:28:32 -0700

Issue 61512
Summary CSA widen-loop option may lead to false positives arsing from useless for loop
Labels new issue
Assignees
Reporter Geoffrey1014 
    CSA 's widen-loop option may lead to false positives arsing from useless for loop.
Besides, there is a wrong path note: ` instrument_npd305.c:9:10: note: Value assigned to 'l' `
See it live : https://godbolt.org/z/x9evh8qPv

Compilation options : clang --analyze --analyzer-output text -Xclang -analyzer-config -Xclang widen-loops=true

input:
```c
#include <stdio.h>
unsigned char **a() {
  int d =0;

  int i;
  int *k = &i;
  int *j = k;
 int *l = j;
  for (; d < 7; d++)
    printf("NPD_FLAG\n");
  0 != l, *l;
}
void main() { a(); }
```

Output:
``` bash
instrument_npd305.c:11:11: warning: Dereference of null pointer (loaded from variable 'l') [core.NullDereference]
  0 != l, *l;
 ^
instrument_npd305.c:15:15: note: Calling 'a'
void main() { a(); }
              ^~~
instrument_npd305.c:9:3: note: Loop condition is true.  Entering loop body
  for (; d < 7; d++)
 ^
instrument_npd305.c:9:3: note: Loop condition is true.  Entering loop body
instrument_npd305.c:9:3: note: Loop condition is true.  Entering loop body
instrument_npd305.c:9:10: note: Value assigned to 'l'
  for (; d < 7; d++)
         ^
instrument_npd305.c:9:10: note: Assuming 'd' is >= 7
  for (; d < 7; d++)
         ^~~~~
instrument_npd305.c:9:3: note: Loop condition is false. Execution continues on line 11
  for (; d < 7; d++)
  ^
instrument_npd305.c:11:3: note: Assuming 'l' is equal to null
  0 != l, *l;
  ^~~~~~
instrument_npd305.c:11:3: note: Assuming pointer value is null
  0 != l, *l;
 ^~~~~~
instrument_npd305.c:11:11: note: Dereference of null pointer (loaded from variable 'l')
  0 != l, *l;
          ^~
1 warning generated.
```


Deleting the loop which is useless code, NPD warning disappear 
See it live : https://godbolt.org/z/b9G9W4oef

```c
#include <stdio.h>
unsigned char **a() {
  int d =0;

  int i;
  int *k = &i;
  int *j = k;
  int *l = j;
  //for (; d < 7; d++)
 printf("NPD_FLAG\n");
  0 != l, *l;
}


void main() { a(); }
```

Compiling this case without widen-loop options does not results in FP NPD warning.
So, it seems that widen-loop has a negative effect.
See it live :https://godbolt.org/z/sEhq8vMGa

_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to