https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108403
Geoffrey <geoffreydgr at icloud dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |geoffreydgr at icloud dot com
--- Comment #1 from Geoffrey <geoffreydgr at icloud dot com> ---
Hi, David.I think this case may be a duplicate of Bug 107733
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107733), because I can reduce it
to the following case_1. But, I tried to modify this case to the following
case_2 (https://godbolt.org/z/qTze3Mh6T). It seems that GCC adds two
contradictory conditions (q == 0 and *q == 0) to equivlent classes. I do not
think this still counts a duplicate of case_1. But I am not very sure. Could
you spare some time to help me understand this case? Maybe I can help to
contribute to GCC Static Analyzer. Thanks a lot!
case_1
```c
#include "stdio.h"
int *f(int *q)
{
if (q == 0)
{
*q == 0;
}
}
```
case_2
```c
#include "stdint.h"
#include "stdio.h"
#include <stdbool.h>
#include <stdlib.h>
extern void __analyzer_describe ();
extern void __analyzer_eval ();
extern void __analyzer_dump ();
extern void __analyzer_dump_state (const char *name, ...);
extern void __analyzer_dump_region_model ();
extern void __analyzer_dump_exploded_nodes ();
int *f(int *q)
{
if (q == 0 && *q == 0)
{
__analyzer_dump ();
__analyzer_eval (q == 0);
__analyzer_eval (*q == 0);
}
}
```
output of case_2:
```
rmodel:
stack depth: 1
frame (index 0): frame: 'f'@1
clusters within root region
cluster for: (*INIT_VAL(q_8(D)))
ESCAPED
m_called_unknown_fn: FALSE
constraint_manager:
equiv classes:
ec0: {(int)0 == INIT_VAL((*INIT_VAL(q_8(D)))) == [m_constant]'0'}
ec1: {(void *)0B == INIT_VAL(q_8(D)) == [m_constant]'0B'}
constraints:
<source>: In function 'f':
<source>:19:9: warning: TRUE
19 | __analyzer_eval (q == 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~
<source>:20:9: warning: TRUE
20 | __analyzer_eval (*q == 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Compiler returned: 0
```
