Skip to content

CSA evaluates ( ((b)-0) <= ((c)-0) ) to be FALSE in the true branch of if (c >= b) #59963

New issue
New issue
Open
#66065
Open
CSA evaluates ( ((b)-0) <= ((c)-0) ) to be FALSE in the true branch of if (c >= b)#59963
#66065
Assignees
danix800
Labels
clang:static analyzerconfirmedVerified by a second party
@Geoffrey1014

Description

@Geoffrey1014
Geoffrey1014
opened on Jan 12, 2023

Hi, I found a problem that CSA evaluates ( ((b)-0) <= ((c)-0) ) to be FALSE in the true branch of if (c >= b) where b and c are both pointer varibles.

https://godbolt.org/z/bPYsTzEMj

Input:

#include "stdio.h"
#include <stdint.h>
#include <stdbool.h>
void clang_analyzer_eval(int){}

int a(int* b, int *c) {
 
d:
  if (c >= b) {
    clang_analyzer_eval((c >= b)==true);
    clang_analyzer_eval(((b)+0)<=((c)+0));
    
    clang_analyzer_eval(((b)-0)<=((c)-0));

    clang_analyzer_eval((!(c >= b))==false);
    clang_analyzer_eval((((c)<=(b))&&((c)!=(b)))==false);
    clang_analyzer_eval(true);
    goto d;
  }
}

Output:

<source>:10:5: warning: TRUE [debug.ExprInspection]
    clang_analyzer_eval((c >= b)==true);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:11:5: warning: FALSE [debug.ExprInspection]
    clang_analyzer_eval(((b)+0)<=((c)+0));
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:11:5: warning: TRUE [debug.ExprInspection]
    clang_analyzer_eval(((b)+0)<=((c)+0));
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:13:5: warning: FALSE [debug.ExprInspection]
    clang_analyzer_eval(((b)-0)<=((c)-0));
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:13:5: warning: TRUE [debug.ExprInspection]
    clang_analyzer_eval(((b)-0)<=((c)-0));
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:15:5: warning: TRUE [debug.ExprInspection]
    clang_analyzer_eval((!(c >= b))==false);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:16:5: warning: TRUE [debug.ExprInspection]
    clang_analyzer_eval((((c)<=(b))&&((c)!=(b)))==false);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:17:5: warning: TRUE [debug.ExprInspection]
    clang_analyzer_eval(true);
    ^~~~~~~~~~~~~~~~~~~~~~~~~
===-------------------------------------------------------------------------===
                                Analyzer timers
===-------------------------------------------------------------------------===
  Total Execution Time: 0.0057 seconds (0.0181 wall clock)

   ---User Time---   --System Time--   --User+System--   ---Wall Time---  --- Name ---
   0.0033 ( 88.6%)   0.0003 ( 14.3%)   0.0036 ( 63.8%)   0.0102 ( 56.3%)  Path exploration time
   0.0001 (  2.3%)   0.0004 ( 21.9%)   0.0005 (  8.8%)   0.0048 ( 26.4%)  Syntax-based analysis time
   0.0003 (  9.1%)   0.0012 ( 63.8%)   0.0015 ( 27.3%)   0.0031 ( 17.3%)  Path-sensitive report post-processing time
   0.0038 (100.0%)   0.0019 (100.0%)   0.0057 (100.0%)   0.0181 (100.0%)  Total

8 warnings generated.
Compiler returned: 0

Metadata

Metadata

Assignees

Labels

clang:static analyzerconfirmedVerified by a second party

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions