https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109292
Bug ID: 109292
Summary: GCC Static Analyzer NPD false negative because it does
not know a simple iterator of `for` loop
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: geoffreydgr at icloud dot com
Target Milestone: ---
GCC Static Analyzer has a NPD false negative about `*c = 0;`(line 20).
It seems that GSA does not know the value of the simple iterator `d` of `for`
loop.
If i change the for statement to if statement with the same semantics, there is
no false negative about NPD.
See it live: https://godbolt.org/z/PGdbb6osj
See it live: https://godbolt.org/z/n61zPPxd7
Input
```c
extern void __analyzer_eval();
extern void __analyzer_dump_path();
int a()
{
int d;
for (d = -1; d; ++d)
{
;
}
__analyzer_dump_path();
return d;
}
int b()
{
int t = a();
int *c = (void *)t;
__analyzer_eval(c == 0);
*c = 0;
}
int main() { b(); }
```
Output:
```
<source>: In function 'b':
<source>:18:14: warning: cast to pointer from integer of different size
[-Wint-to-pointer-cast]
18 | int *c = (void *)t;
| ^
<source>:19:5: warning: UNKNOWN
19 | __analyzer_eval(c == 0);
| ^~~~~~~~~~~~~~~~~~~~~~~
<source>:19:5: warning: UNKNOWN
<source>: In function 'a':
<source>:11:5: note: path
11 | __analyzer_dump_path();
| ^~~~~~~~~~~~~~~~~~~~~~
'a': events 1-3
|
| 7 | for (d = -1; d; ++d)
| | ^ ~~~
| | | |
| | | (2) ...to here
| | (1) following 'true' branch (when 'd != 0')...
|......
| 11 | __analyzer_dump_path();
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) here
|
Compiler returned: 0
```
