| Issue |
141514
|
| Summary |
[clang-tidy] New false positives from clang-analyzer-core
|
| Labels |
clang-tidy
|
| Assignees |
|
| Reporter |
douzzer
|
After upgrade from LLVM-21 snapshot fcb4bda9 to 7dc7c155 (21.0.0_pre20250510 to 21.0.0_pre20250523), we are seeing numerous false positives and nonsensical output from `clang-tidy`, for example:
```
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:5322:9: note: Uninitialized value stored to field 'used'
5322 | XMEMCPY(r->dp, a->dp, a->used * (word32)SP_WORD_SIZEOF);
| ^
./wolfssl/wolfcrypt/types.h:801:31: note: expanded from macro 'XMEMCPY'
801 | #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
| ^~~~~~~~~~~~~~~~~~~
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:5325:13: note: Assigned value is uninitialized
5325 | r->used = a->used;
| ^ ~~~~~~~
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:8541:47: warning: The right operand of '>' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
8541 | else if ((err == MP_OKAY) && (a->used - i > r->size)) {
| ^
```
(`XMEMCPY` is a macro that reduces to `memcpy` in this build.)
The note that an uninited value was stored to `used` by the `memcpy` makes no sense -- the `dp` slot is an inline array at the end of the struct (`r` and `a` are both `sp_int` structs).
To be perfectly clear, the code at issue functions correctly, is clean on numerous other static and dynamic analyzers, and produces no warnings or notes on 21.0.0_pre20250510, all else equal.
In all, we saw these new false positives on 21.0.0_pre20250523:
```
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:5325:13: warning: Assigned value is uninitialized [clang-analyzer-core.uninitialized.Assign]
5325 | r->used = a->used;
| ^
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:8541:47: warning: The right operand of '>' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
8541 | else if ((err == MP_OKAY) && (a->used - i > r->size)) {
| ^
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:14137:15: warning: 3rd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
14137 | err = sp_exptmod_ex(b, e, (int)e->used, m, r);
| ^
/home/wolfbot/tmp/wolfssl_test_workdir.17563/wolfssl/wolfcrypt/src/sp_int.c:17339:54: warning: The right operand of '>' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
17339 | if ((err == MP_OKAY) && (r != m) && (a->used * 2 > r->size)) {
| ^
```
The code under test is at https://github.com/wolfssl/wolfssl at commit 6c7edeba38, and the configuration under test in the above is
```
./configure --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-sp-math-all CFLAGS='-Wunreachable-code-aggressive -Wthread-safety -Wloop-analysis -Wenum-compare-conditional -fcolor-diagnostics -fcomplete-member-pointers -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -Wno-language-extension-token -DTEST_ALWAYS_RUN_TO_END -g -fdebug-types-section -Wunreachable-code-break -Wunreachable-code-return -Wimplicit-fallthrough -DWOLFSSL_SP_INT_NEGATIVE -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DWOLFSSL_ALT_NAMES -DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_OLD_PRIME_CHECK -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DSP_ALLOC -DWOLFSSL_CLANG_TIDY -DNO_WOLFSSL_MEMORY'
```
(With a locally developed helper script, `clang-tidy-builder.sh`, passed in as `CC`.)
We have a complicated `clang-tidy` configuration, but for `core` checkers it is only enabling and disabling whole checkers, not frobbing their internal settings.
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
