[Bug analyzer/109190] New: GCC Static Analyzer cannot handle the initialization of an array with a for loop

[Bug analyzer/109190] New: GCC Static Analyzer cannot handle the initialization of an array with a for loop

[geoffreydgr at icloud dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190

            Bug ID: 109190
           Summary: GCC Static Analyzer cannot handle the initialization
                    of an array with a for loop
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: geoffreydgr at icloud dot com
  Target Milestone: ---

I got a false negative error when compiling the following program with
gcc(trunk) -fanalyzer -O0 in https://godbolt.org/z/KvoxvPq5c. When I replace
the array `m` with the variable `a` (https://godbolt.org/z/jTzo9bEo9), the NPD
appears.

```c
#include "stdio.h"
int main() {
    int i = 0;
    int *g = &i;
    int m[1];

    for (int j = 0; j < 1; j++) {
         m[j] = 0;
    }

    if (m[0])
        ;
    else
        g = m[i];

    printf("NPD_FLAG\n");
    *g = 1;
}
```

[Bug analyzer/109190] GCC Static Analyzer cannot handle the initialization of an array with a for loop

[geoffreydgr at icloud dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190

--- Comment #1 from Geoffrey <geoffreydgr at icloud dot com> ---
Hi, David! Could you spare a little time to explain this case to me? Thanks a
loooot!

[Bug analyzer/109190] GCC Static Analyzer cannot handle the initialization of an array with a for loop

[xry111 at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190

Xi Ruoyao <xry111 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |xry111 at gcc dot gnu.org

--- Comment #2 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
With -O0 GCC does not attempt to analyze any loops.  I doubt if "-O0
-fanalyzer" really makes sense.  Maybe we should just emit a warning when
-fanalyzer is used with -O0.

[Bug analyzer/109190] GCC Static Analyzer cannot handle the initialization of an array with a for loop

[geoffreydgr at icloud dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190

--- Comment #3 from Geoffrey <geoffreydgr at icloud dot com> ---
(In reply to Xi Ruoyao from comment #2)
> With -O0 GCC does not attempt to analyze any loops.  I doubt if "-O0
> -fanalyzer" really makes sense.  Maybe we should just emit a warning when
> -fanalyzer is used with -O0.

Could you explain why GCC does not attempt to analyze any loops with -O0 ? 
Because it depends some optimization passes to help handling loops?

[Bug analyzer/109190] GCC Static Analyzer cannot handle the initialization of an array with a for loop

[StevenSun2021 at hotmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190

Steven Sun <StevenSun2021 at hotmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |StevenSun2021 at hotmail dot com

--- Comment #4 from Steven Sun <StevenSun2021 at hotmail dot com> ---
The analyzer is implemented as a ipa pass, which eats codes partially optimized
by the middle end, or the optimizer.

Your code presented to the analyzer looks like this in -O1

https://godbolt.org/z/KdaKW5Yae
```
int main ()
{
  int j;
  goto <bb 4>; [100.00%]
  <bb 3> [local count: 536870913]:
  j_4 = j_1 + 1;
  <bb 4> [local count: 1073741824]:
  if (j_1 <= 0)
    goto <bb 3>; [50.00%]
  else
    goto <bb 5>; [50.00%]
  <bb 5> [local count: 536870913]:
  return 0;
}
```

And it looks like this in -O2
https://godbolt.org/z/rrjdaM4WP

```
int main ()
{
  MEM[(int *)0B] = 1;
  return 0;
}
```

The analyzer outputs should be definitely different.

I am not here to what causes this, but in case you're interested, you can use
godbolt to check all optimize passes.