https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109196
Bug ID: 109196
Summary: GSA evaluates
`__analyzer_eval(((a())<(0))||((a())==(0)));` to be
TRUE, but function `a()` is a unknown function
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: geoffreydgr at icloud dot com
Target Milestone: ---
GSA evaluates `__analyzer_eval(((a())<(0))||((a())==(0)));` to be TRUE, but
function `a()` is a unknown function.
But if I delete `for(;;)`, every evaluation expression is evaluated to be
UNKNOWN.
See it live: https://godbolt.org/z/7e5bKdvde , https://godbolt.org/z/sj4bq4Krx
Input:
```c
#include "stdint.h"
#include <stdbool.h>
int a();
uint16_t b() {
for(;;)
if (a() <= 0) {
__analyzer_eval((a() <= 0)==true);
__analyzer_eval(((a())<(0))||((a())==(0)));
__analyzer_eval(((a())+0)<=((0)+0));
__analyzer_eval(((a())+0)<=((0)+1));
__analyzer_eval(((a())+1)<=((0)+1));
__analyzer_eval(((a())+0)<=((0)+2));
__analyzer_eval(((a())+1)<=((0)+2));
__analyzer_eval(((a())+2)<=((0)+2));
__analyzer_eval(((a())-0)<=((0)-0));
__analyzer_eval((!(a() <= 0))==false);
__analyzer_eval((((a())>=(0))&&((a())!=(0)))==false);
__analyzer_eval(true);
;
}
}
```
Output:
```
<source>: In function 'b':
<source>:9:7: warning: UNKNOWN
9 | __analyzer_eval((a() <= 0)==true);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:10:7: warning: TRUE
10 | __analyzer_eval(((a())<(0))||((a())==(0)));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:11:7: warning: UNKNOWN
11 | __analyzer_eval(((a())+0)<=((0)+0));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:12:7: warning: UNKNOWN
12 | __analyzer_eval(((a())+0)<=((0)+1));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:13:7: warning: UNKNOWN
13 | __analyzer_eval(((a())+1)<=((0)+1));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:14:7: warning: UNKNOWN
14 | __analyzer_eval(((a())+0)<=((0)+2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:15:7: warning: UNKNOWN
15 | __analyzer_eval(((a())+1)<=((0)+2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:16:7: warning: UNKNOWN
16 | __analyzer_eval(((a())+2)<=((0)+2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:17:7: warning: UNKNOWN
17 | __analyzer_eval(((a())-0)<=((0)-0));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:18:7: warning: UNKNOWN
18 | __analyzer_eval((!(a() <= 0))==false);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:19:7: warning: FALSE
19 | __analyzer_eval((((a())>=(0))&&((a())!=(0)))==false);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:20:7: warning: TRUE
20 | __analyzer_eval(true);
| ^~~~~~~~~~~~~~~~~~~~~
<source>:10:7: warning: UNKNOWN
10 | __analyzer_eval(((a())<(0))||((a())==(0)));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:11:7: warning: UNKNOWN
11 | __analyzer_eval(((a())+0)<=((0)+0));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:12:7: warning: UNKNOWN
12 | __analyzer_eval(((a())+0)<=((0)+1));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:13:7: warning: UNKNOWN
13 | __analyzer_eval(((a())+1)<=((0)+1));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:14:7: warning: UNKNOWN
14 | __analyzer_eval(((a())+0)<=((0)+2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:15:7: warning: UNKNOWN
15 | __analyzer_eval(((a())+1)<=((0)+2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:16:7: warning: UNKNOWN
16 | __analyzer_eval(((a())+2)<=((0)+2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:17:7: warning: UNKNOWN
17 | __analyzer_eval(((a())-0)<=((0)-0));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:18:7: warning: UNKNOWN
18 | __analyzer_eval((!(a() <= 0))==false);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:19:7: warning: UNKNOWN
19 | __analyzer_eval((((a())>=(0))&&((a())!=(0)))==false);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:20:7: warning: TRUE
20 | __analyzer_eval(true);
| ^~~~~~~~~~~~~~~~~~~~~
Compiler returned: 0
```
