GCC Static Analyzer evaluates `(!(e || d.b) == true)` to be TRUE with the fact that `(e || d.b) == true`

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

3 stars 1 forks source link

GCC Static Analyzer evaluates `(!(e || d.b) == true)` to be TRUE with the fact that `(e || d.b) == true` #53

Closed 0-0x41 closed 1 year ago

0-0x41 commented 1 year ago

date: 2023-1-25 commit: 8c8ca873216387bc26046615c806b96f0345ff9d args: -O0 -fanalyzer test:

#include "stdbool.h"
void __analyzer_eval();

struct a
{
    int b
} c()
{
    struct a d;
    int e;
    for (;;)
    {
        if (e || d.b)
        {
            __analyzer_eval((e || d.b) == true);
            __analyzer_eval(!(e || d.b) == true);
        }
    }
}

report: fix: original:

0-0x41 commented 1 year ago

See it live: https://godbolt.org/z/KWGo8YvxW.

muchang commented 1 year ago

It would be due to the uninitializations of variables. If we initialize the variables, GSA behaviors are as expected.

muchang commented 1 year ago

Perhaps we could check whether there are some undefined behaviors in this program.