| Issue |
174507
|
| Summary |
[Analyzer] False positive clang-analyzer-core.uninitialized.UndefReturn with function call in the condition
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
ksromanov
|
Small example
```c++
bool condition(int i); // { return i < 1; }
int a = 33;
const int& foo()
{
int *p;
for (int i = 0; condition(i); ++i)
{
p = &a;
}
return *p;
}
```
results in `clang-tidy` warning
```bash
$ clang-tidy-21 -checks=clang-analyzer-core.uninitialized.UndefReturn a.cpp
1 warning generated.
a.cpp:13:5: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn]
13 | return *p;
| ^ ~~
a.cpp:8:5: note: Loop condition is false. Execution continues on line 13
8 | for (int i = 0; condition(i); ++i)
| ^
a.cpp:13:5: note: Undefined or garbage value returned to caller
13 | return *p;
| ^ ~~
```
See the output of https://godbolt.org/z/6nGKTGPvj
If one uncomments the body of `condition`, the warning disappears. It looks like dataflow analysis underestimates the condition for `clang-tidy` as `always false` if it is in a different TU.
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
