False positive - Switch statement analysis assumes default cannot be taken

[Quuxplusone]

Bugzilla Link	PR26647
Status	NEW
Importance	P normal
Reported by	Avi (avi.bugzilla@mail.ashevin.com)
Reported on	2016-02-17 03:22:36 -0800
Last modified on	2016-02-17 10:22:01 -0800
Version	unspecified
Hardware	Macintosh MacOS X
CC	dblaikie@gmail.com, llvm-bugs@lists.llvm.org
Fixed by commit(s)
Attachments	file_26647.txt (637 bytes, text/plain)
Blocks
Blocked by
See also

Created attachment 15915
Sample code illustrating bug

When an enumerated type is used as a bit mask, the analyzer assumes that
covering all the individual enumeration values precludes reaching the default
case.  This can lead to warnings of unused initializations.

In the attached sample code, the analyzer warns that "bc" is initialized, but
not read.  The output of the program correctly logs "BC".

(Please forgive the extraneous bits.  The sample code is used for quick testing
of ideas.)

[Quuxplusone]

Attached file_26647.txt (637 bytes, text/plain): Sample code illustrating bug

[Quuxplusone]

clang version: whatever Apple ships with Xcode 7.2.1 (7C1002).

[Quuxplusone]

Bugs against Apple XCode should be reported to Apple.

But, yes, this is part of a broad set of known limitations with the static analysis tools in LLVM (used for both diagnostics in Clang and for the Clang Static Analyzer infrastructure as well).

Some improvements were made in this space when the whole "goto fail" thing happened, to make -Wunreachable-code plausibly usable, but the broad work to really improve the conservative and aggressive assumptions about reachability (some diagnostics like unreachable code should be aggressive about reachability (they should assume that the default can be reached), while others like "shift of too large a distance" need to be conservative about reachability (so they don't flag code protected by, say "if sizeo(int) == 64")