[PATCH] PR17558 -- Uninitialized Variable Warning with Address Of Operators

Michael Bao mike.h.bao at gmail.com
Sat Jan 25 18:37:33 PST 2014 

This is a more generalized solution to the problem presented in PR17558. The uninitialized variable analysis was passing over variables whose address is taken as it assumes the variable escapes its analysis. 

This patch adds support to catch some of the situations where taking the address of a variables does not actually initialize the variable.

So cases like:

  int x; (void)&x; return x;
  int x; int* y = &x; return x;
  int x; bool b = (&x == 0); return x;
  int x; bool b; b = &x; foo(b); return x;

Will give an "uninitialized" warning on the return.

While cases like
  int x; int* y = &x; foo(y); return x;
  int x; int *y = &x; int *z = y; return x;

Will not show an uninitialized warning.

 You can view some of the discussion we have on the cfe-dev mailing list:

http://lists.cs.uiuc.edu/pipermail/cfe-dev/2014-January/034719.html

To copy and paste my technical description of the patch from the email:

More technical details:

1) When I encounter a "Address Of" operator, I mark the child
DeclRefExpr as being in a "Pending" state. If it remains in the
pending state, then we treat it the same way as we would an "Ignore"
and Clang will identify the variable as being uninitialized (provided
nothing else is done with the variable).

2) If the "Address Of" is assigned to a non-pointer variable, then we
mark the child DeclRefExpr as being in the "Pending" state.

3) If the "Address Of" is assigned to a pointer variable, then we mark
the child DeclRefExpr as being in the "WaitForRef" state. In this
case, we will store it for later processing and store which variable
it was assigned to. Along the way, if the pointer is used, we will
make sure to remember that it was used so we can later mark the
"Address Of" variable as being potentially initialized.

4) After the initial visits using ClassifyRefs, I do one last pass
through the stored "Address Of" expressions that were assigned to
pointers and check to see if those pointers were used and change
classifications as necessary.

http://llvm-reviews.chandlerc.com/D2623

Files:
  include/clang/AST/Expr.h
  lib/Analysis/UninitializedValues.cpp
  test/Analysis/uninit-sometimes.cpp
  test/Sema/uninit-variables.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D2623.1.patch
Type: text/x-patch
Size: 9685 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140125/9cab3aef/attachment.bin>

More information about the cfe-commits mailing list