[cfe-dev] Static Analyzer "Uninitialized argument value checks for Unions"

Jordan Rose jordan_rose at apple.com
Wed Jan 8 18:43:43 PST 2014 

Hi, Aditya. The static analyzer currently has some trouble with unions because it (a) treats certain symbolic values as typed, and (b) distinguishes certain symbolic memory regions by field name. Historically, unions have caused much difficulty, so there are a number of places (largely in RegionStore.cpp) that say "if this is a union, treat it as unknown opaque memory".

Our current model for RegionStore, which uses offsets from the complete object region whenever possible, actually has a good chance of handling unions well, but nobody's taken the time to turn support back on and verify that nothing breaks, either in our test suite or in real-world projects.

So unfortunately I can't recommend any course of action here. I haven't thought about the problem in a while, so I don't have all the necessary concerns paged in, but basically IIRC it's a nontrivial problem to get even initialized vs. uninitialized working for unions in RegionStore. It's not just CallAndMessageChecker's fault.

Sorry for the bad news,
Jordan


On Jan 8, 2014, at 11:56 , Aditya Kumar <hiraditya at codeaurora.org> wrote:

> In the CallAndMessageChecker.cpp, is it possible to implement checks for uninitialized unions?
> E.g., for the following example, I do not get any static analysis report even if the union ‘uoff’ is passed uninitialized to the function ‘bar’.
>  
> #include<stdint.h>
>  
> typedef union {
>   uint32_t Reg;
>   struct {
>     uint16_t Cx;
>     uint16_t sf;
>   };
> } tf;
>  
> typedef struct {
>   uint16_t i;
>   uint16_t j;
> } st;
>  
> int bar(tf, tf, st);
>  
> int foo(tf t0, int32_t offset) {
>   tf uoff;
>    st s;
>    s.i = 10;
>   s.j = 100;
>   return bar(t0, uoff, s);
> }
>  
>  
>  
> -Aditya
> --
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
> hosted by The Linux Foundation
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140108/f52a8d5d/attachment.html>

More information about the cfe-dev mailing list