False positive with count-down loop

[llvmbot]

Bugzilla Link	12239
Version	3.0
OS	MacOS X
Reporter	LLVM Bugzilla Contributor

Extended Description

I think I have found a false-positive warning with the static analyzer (I say "think" because every other time I've been convinced that a warning was a false positive, I eventually realized that I knew something the compiler couldn't know, and the warning goes away with the appropriate "assert"). With a loop that is counting down toward zero, the analyzer may fail to realize that all elements of an array have been initialized before they are subsequently referenced.

E.g., with the following example (main.c)...

include

int m = 3; int main(void) { int i, x[4]; assert(m > 1 && m <= 3); x[m] = 1.0; for (i = m; i > 0; i--) x[i - 1] = 2x[i]; for (i = m; i > 0; i--) x[i] = x[i - 1]; return 0; }

"/clang --analyze main.c" reports:

main.c:15:8: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage x[i] *= x[i - 1];

But unless I'm missing something, every element of x referenced in the second loop is initialized in the first loop.

This happens with both the version of clang installed via the Apple developer tools as well as a freshly installed copy of clang 3.0:

$  /Developer/usr/bin/clang --version
Apple clang version 1.7 (tags/Apple/clang-77) (based on LLVM 2.9svn)
Target: x86_64-apple-darwin10
Thread model: posix

$ ~/tools/clang_llvm/clang+llvm-3.0-x86_64-apple-darwin11/bin/clang --version
clang version 3.0 (tags/RELEASE_30/final)
Target: x86_64-apple-darwin10.8.0
Thread model: posix

[llvmbot]

assigned to @tkremenek