[cfe-users] Clang Analyzer: false positive or am I missing something?

2016-06-25 Thread Andrew Fuller via cfe-users 
I'm trying to understand an issue reported by Clang's static analysis
tool.  The code below demonstrates the issue:

$ cat problem.c
#include 

int main() {
#if VARIANT==1
   uint32_t data = 0xdeadbeef;
   uint8_t* byte = (uint8_t*)&data;
   uint8_t value = byte[0];
#elif VARIANT==2
   uint32_t data = 0xdeadbeef;
   uint8_t* byte = (uint8_t*)&data;
   uint8_t value = byte[1];
#elif VARIANT==3
   uint32_t data[1] = {0xdeadbeef};
   uint8_t* byte = (uint8_t*)&data[0];
   uint8_t value = byte[0];
#elif VARIANT==4
   uint32_t data[1] = {0xdeadbeef};
   uint8_t* byte = (uint8_t*)&data[0];
   uint8_t value = byte[1];
#else
#error "Define VARIANT={1,2,3,4}"
#endif
   return value;
}

Now, when I throw Clang's static analysis at it with VARIANT 1,2, or 3 it
says everything's a-OK.  But with VARIANT=4 it complains:

$ scan-build-3.8 --use-cc=clang-3.8
/usr/share/clang/scan-build-3.8/libexec/ccc-analyzer -D VARIANT=4 problem.c
scan-build: Using '/usr/lib/llvm-3.8/bin/clang' for static analysis
problem.c:19:5: warning: Assigned value is garbage or undefined
   uint8_t value = byte[1];
   ^   ~~~
1 warning generated.
scan-build: 1 bug found.
scan-build: Run 'scan-view /tmp/scan-build-2016-06-25-104600-17811-1' to
examine bug reports.

My question is why is byte[1] undefined in VARIANT 4 but not anywhere
else?  I would think if it's complaining that the value is dependent on
endianness, then they should all be reported.  Is there some detail of the
C spec that I'm missing, or have I stumbled on a false positive (would be a
first for me -- every other issue reported has been legit thus far).

Thanks,
-Andrew
___
cfe-users mailing list
cfe-users@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-users

Re: [cfe-users] Clang Analyzer: false positive or am I missing something?

2016-06-25 Thread Andrew Fuller via cfe-users 
On Sat, Jun 25, 2016 at 6:25 PM, Jeffrey Walton  wrote:

> On Sat, Jun 25, 2016 at 2:01 PM, Andrew Fuller via cfe-users
>  wrote:
> > I'm trying to understand an issue reported by Clang's static analysis
> tool.
> > The code below demonstrates the issue:
> >
> > $ cat problem.c
> > #include 
> >
> > int main() {
> > #if VARIANT==1
> >uint32_t data = 0xdeadbeef;
> >uint8_t* byte = (uint8_t*)&data;
> >uint8_t value = byte[0];
> > #elif VARIANT==2
> >uint32_t data = 0xdeadbeef;
> >uint8_t* byte = (uint8_t*)&data;
> >uint8_t value = byte[1];
> > #elif VARIANT==3
> >uint32_t data[1] = {0xdeadbeef};
> >uint8_t* byte = (uint8_t*)&data[0];
> >uint8_t value = byte[0];
> > #elif VARIANT==4
> >uint32_t data[1] = {0xdeadbeef};
> >uint8_t* byte = (uint8_t*)&data[0];
> >uint8_t value = byte[1];
> > #else
> > #error "Define VARIANT={1,2,3,4}"
> > #endif
> >return value;
> > }
> >
>
> I recall seeing this before, but I don't recall if its valid C:
>
> uint8_t* byte = (uint8_t*)&data;
> uint8_t value = byte[0];
>
> Are you getting other compiler warnings with it? If not, try -Wall -Wextra.
>
> Jeff
>

Thanks for the reply, Jeff.  Clang 3.8 is warning-free with -Wall and
-Weverything going through all 4 code paths (VARIANT set to 1-4).  Ditto
for gcc 5.2.1 with -Wall -Wextra.  Only scan-build grumbles.

-Andrew
___
cfe-users mailing list
cfe-users@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-users