search

Geoffrey1014 / SA_Bugs

record bugs of static analyzers
3 stars 1 forks source link

GSA evaluates `((0)+1)==((b[0][0][1])+1)` to be FALSE with the fact that `0 == b[0][0][1]` #41

Closed Geoffrey1014 closed 1 year ago

Geoffrey1014 commented 1 year ago

date: 2023-1-10 commit: args: --analyze -Xclang -analyzer-stats -Xclang -analyzer-checker=core,debug.ExprInspection test:

#include <stdbool.h>
void clang_analyzer_eval();
#include "csmith.h"

void a() {
  int32_t *b[2][2][2] = {};
  if (0 == b[0][0][1]) {
    clang_analyzer_eval((0 == b[0][0][1])==true);
    clang_analyzer_eval(((0)!=(b[0][0][1]))==false);
    clang_analyzer_eval(((0)+0)==((b[0][0][1])+0));
    clang_analyzer_eval(((0)+0)<((b[0][0][1])+1));
    clang_analyzer_eval(((0)+1)==((b[0][0][1])+1));
    clang_analyzer_eval(((0)+0)<((b[0][0][1])+2));
    clang_analyzer_eval(((0)+1)<((b[0][0][1])+2));
    clang_analyzer_eval(((0)+2)==((b[0][0][1])+2));
    clang_analyzer_eval(((0)-0)==((b[0][0][1])-0));
    clang_analyzer_eval(true);
  }
}

report: fix: original:

Geoffrey1014 commented 1 year ago

CSA:https://godbolt.org/z/5c9dWE9n1 GSA:https://godbolt.org/z/WqhKa5Mrs does a better job

ghost commented 1 year ago

See it live: https://godbolt.org/z/9YoMePYEK.

Geoffrey1014 commented 1 year ago

duplicate of https://github.com/Geoffrey1014/SA_Bugs/issues/30