Skip to content

Boolean equality of two undefined bools incorrectly interpreted as "true" #82802

New issue
New issue
Open
Open
Boolean equality of two undefined bools incorrectly interpreted as "true"#82802
Assignees
ymand
Labels
clang:dataflowClang Dataflow Analysis framework - https://clang.llvm.org/docs/DataFlowAnalysisIntro.html
@ymand

Description

@ymand
ymand
opened on Feb 23, 2024

The built-in interpretation of boolean equality forgets to check for nullness before checking for pointer equality:

  Value *LHSValue = Env.getValue(LHS);
  Value *RHSValue = Env.getValue(RHS);

  if (LHSValue == RHSValue)
    return Env.getBoolLiteralValue(true);

llvm-project/clang/lib/Analysis/FlowSensitive/Transfer.cpp

Lines 58 to 59 in dfa1d9b

if (LHSValue == RHSValue)
return Env.getBoolLiteralValue(true);

Therefore, when both are null, the equality will be interpreted as true.

Metadata

Metadata

Assignees

Labels

clang:dataflowClang Dataflow Analysis framework - https://clang.llvm.org/docs/DataFlowAnalysisIntro.html

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions