GCC Static Analyzer does not kown `c || b.d` is false with the fact that `c=0` and `b.d=0`

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

3 stars 1 forks source link

GCC Static Analyzer does not kown `c || b.d` is false with the fact that `c=0` and `b.d=0` #56

Open 0-0x41 opened 1 year ago

0-0x41 commented 1 year ago

date: 2023-1-28 commit: 8c8ca873216387bc26046615c806b96f0345ff9d args: -O0 -fanalyzer test:

void __analyzer_eval();

struct a
{
    int d : 10;
}

e(){
    struct a b;
    int c;

    c = 0;
    b.d = 0;
    int *p = (int *)0;
    if (c || b.d)
    {
        __analyzer_eval(c || b.d);
        __analyzer_eval(c);
        __analyzer_eval(b.d);
        *p = 42;
    }
}

report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109197 fix: original:

0-0x41 commented 1 year ago

GSA does not kown c || b.d is false with the fact that c=0 and b.d=0, but CSA kowns.

See it live: GSA: https://godbolt.org/z/vd3Tvdods CSA: https://godbolt.org/z/PEnv6Ece4

Input:

void __analyzer_eval();

struct a
{
    int d : 10;
}

e(){
    struct a b;
    int c;

    c = 0;
    b.d = 0;
    int *p = (int *)0;
    if (c || b.d)
    {
        __analyzer_eval(c || b.d);
        __analyzer_eval(c);
        __analyzer_eval(b.d);
        *p = 42;
    }
}

Geoffrey1014 commented 1 year ago

bit field : https://en.cppreference.com/w/cpp/language/bit_field https://www.tutorialspoint.com/cprogramming/c_bit_fields.htm