[analyzer] Tracking values across loop iterations

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[analyzer] Tracking values across loop iterations

suyash singh via cfe-dev
This one looks very similar, if not the same, as the case in a previous email. 

If I try to use __builtin_assume to tell the SA that len is > 0, I still see the SA error. It seems the analyzer is exploring a case where the expression "(len*2)" is equal to 0 from what I can see?

Does this makes sense, or perhaps I'm missing something? 

Thanks - Vince 

clang -cc1 -analyze  -analyzer-checker=core    test.c
test.c:14:17: warning: The left operand of '==' is a garbage value
    if (ptrs[i] == ptrs[i+len])
        ~~~~~~~ ^
1 warning generated.

The reproducer … 

int getV();// { return 0; }
void foo() {
  int len = getV();
  int ptrs[len*2];
  for (int i = 0; i < (len*2); i++) {
    ptrs[i] = 0;
  for (int i = 0; i < len; i++) {
    if (ptrs[i] == ptrs[i+len])

cfe-dev mailing list
[hidden email]