https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108739
Bug ID: 108739
Summary: GCC Static Analyzer evaluates `a > b `to be TRUE but
evaluates `b < a` to be UNKNOWN
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: geoffreydgr at icloud dot com
Target Milestone: ---
Hi, David. I found a problem that GSA evaluates `a > b `to be TRUE but
evaluates `b < a` to be UNKNOWN. I think that in the True branch of `if(a>b)`
there should exist a constraint, and then GSA can evaluates `b < a` to be
FALSE.
Compiling the following test case with gcc (trunk) with options "-fanalyzer ".
https://godbolt.org/z/7EWreG66W
Input
```c
#include "stdint.h"
#include "stdio.h"
#include <stdbool.h>
extern void __analyzer_describe ();
extern void __analyzer_eval ();
extern void __analyzer_dump ();
extern void __analyzer_dump_state (const char *name, ...);
extern void __analyzer_dump_region_model ();
void foo (size_t size)
{
size_t a = size + 2;
size_t b = size + 1;
__analyzer_dump ();
if(a > b){
__analyzer_dump ();
__analyzer_eval (a > b);
__analyzer_eval (b < a);
__analyzer_eval (b > a);
}
}
```
Output:
```
rmodel:
stack depth: 1
frame (index 0): frame: 'foo'@1
clusters within frame: 'foo'@1
cluster for: a_9: (INIT_VAL(size_8(D))+(size_t)2)
cluster for: b_10: (INIT_VAL(size_8(D))+(size_t)1)
m_called_unknown_fn: FALSE
constraint_manager:
equiv classes:
constraints:
rmodel:
stack depth: 1
frame (index 0): frame: 'foo'@1
clusters within frame: 'foo'@1
cluster for: a_9: (INIT_VAL(size_8(D))+(size_t)2)
cluster for: b_10: (INIT_VAL(size_8(D))+(size_t)1)
m_called_unknown_fn: FALSE
constraint_manager:
equiv classes:
constraints:
<source>: In function 'foo':
<source>:17:5: warning: TRUE
17 | __analyzer_eval (a > b);
| ^~~~~~~~~~~~~~~~~~~~~~~
<source>:18:5: warning: UNKNOWN
18 | __analyzer_eval (b < a);
| ^~~~~~~~~~~~~~~~~~~~~~~
<source>:19:5: warning: UNKNOWN
19 | __analyzer_eval (b > a);
| ^~~~~~~~~~~~~~~~~~~~~~~
Compiler returned: 0
```
