Unrelated code has effect on the analysis result of GCC Static Analyzer

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

3 stars 1 forks source link

Unrelated code has effect on the analysis result of GCC Static Analyzer #47

Closed 0-0x41 closed 1 year ago

0-0x41 commented 1 year ago

date: 2023-1-15 commit: 8c8ca873216387bc26046615c806b96f0345ff9d args: -O0 -fanalyzer test:

void __analyzer_eval();

void f(int b)
{
    int c = 1;
    __analyzer_eval(c && (c = 0) | b);
    if (c && (c = 0) | b)
    {
        int *p = (int *)0;
        __analyzer_eval(c && (c = 0) | b);
        if (c && (c = 0) | b)
        {
            *p = 42;
        }
    }
}

report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108492 fix: original:

0-0x41 commented 1 year ago

In this case, when __analyzer_eval is added at line 6 (https://godbolt.org/z/defnzqKPn), the eval statement inside the if branch has no output. However, when line 6 is commented out (https://godbolt.org/z/j4dGGEM1s), then it is output.

Also, the eval result of (c && (c = 0) | b) should probably be TRUE after analyzer goes inside the if branch.