Static analyzer misses a Dead Initialization warning

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

http://llvm.org

Other

29.25k stars 12.07k forks source link

Static analyzer misses a Dead Initialization warning #58180

Open dilyanpalauzov opened 2 years ago

dilyanpalauzov commented 2 years ago

For a.c:

#include <stdio.h>

int z(int y) {
  int i = 0;
  if (y == 2)
    i = 3;
  else
    i = 4;

  return i;
}

int main() {
  printf("%i %i\n", z(2), z(3));
  return 0;
}

the static analyzer shall report on int i = 0; - Dead initialization, the value stored here in i is never read, but it does not. I use clang 15.0.1 and then call:

> CodeChecker log -b 'cc a.c -o a' --output ./compile_commands.json
> CodeChecker analyze ./compile_commands.json --output ./reports

llvmbot commented 2 years ago

@llvm/issue-subscribers-clang-static-analyzer

haoNoQ commented 2 years ago

Hmm yeah this looks like a bug. I'm surprised that such simple case is missed.

Note that we often suppress warnings about dead zero-initialization. It's often better to have a = 0 dead store that the optimizer would optimize away anyway, than to have a security hole if the rest of the code suddenly fails to assign the actual value. However, the warning in this example is missed even if the initializer is changed to be non-zero.