[cfe-dev] clang-tidy: Inconsistent chain of reasoning using core.uninitialized.Assign?

Jakob Kalchik via cfe-dev cfe-dev at lists.llvm.org
Sat Sep 14 16:58:40 PDT 2019


Hello, I'm seeing an inconsistent chain of reasoning for a particular tidy
check - core.uninitialized.Assign. This was isolated from a much larger
case we found in testing a large code base. I've pasted in the particulars
below.

A really puzzling piece is if I change the prototype for ItemCtor from
   void ItemCtor(const Item * const items, int itemlist[])
to
   void ItemCtor(const Item * items, int itemlist[])
I do not see the checker warning.

Has anyone else seen this? Is there something I'm missing about this
particular code snippet, or is there perhaps some issue with the way cases
are generated by the checker?

Thanks - Jakob

The text output from the simple repro case I have is ...

uninit.c:21:11: warning: Assigned value is garbage or undefined
      sum += itemlist[i];
          ^  ~~~~~~~~~~~
uninit.c:16:4: note: Calling 'ItemCtor'
   ItemCtor(items, itemlist);
   ^~~~~~~~~~~~~~~~~~~~~~~~~
uninit.c:9:20: note: Assuming 'i' is >= field 'xxs'
   for (int i = 0; i < items->xxs; i++) {
                   ^~~~~~~~~~~~~~
uninit.c:9:4: note: Loop condition is false. Execution continues on line 9
   for (int i = 0; i < items->xxs; i++) {
   ^
uninit.c:16:4: note: Returning from 'ItemCtor'
   ItemCtor(items, itemlist);
   ^~~~~~~~~~~~~~~~~~~~~~~~~
uninit.c:20:9: note: 'i' initialized to 0
   for (int i = 0; i < items->xxs; i++) {
        ^~~~~
uninit.c:20:20: note: Assuming 'i' is < field 'xxs'
   for (int i = 0; i < items->xxs; i++) {
                   ^~~~~~~~~~~~~~
uninit.c:20:4: note: Loop condition is true.  Entering loop body
   for (int i = 0; i < items->xxs; i++) {
   ^
uninit.c:21:11: note: Assigned value is garbage or undefined
      sum += itemlist[i];
          ^  ~~~~~~~~~~~
1 warning generated.

The command ...
clang  --analyze -Xclang -analyzer-checker=core.uninitialized.Assign
-Xclang -analyzer-output=text uninit.c

The simple repro case with line numbers...

  1 #include <assert.h>
  2
  3 #define ITEMS 2
  4 typedef struct {
  5   int xxs;
  6 } Item;
  7
  8 void ItemCtor(const Item * const items, int itemlist[]) {
  9    for (int i = 0; i < items->xxs; i++) {
 10      itemlist[i] = 0;
 11    }
 12 }
 13
 14 int work(Item const *items) {
 15    int itemlist[ITEMS];
 16    ItemCtor(items, itemlist);
 17
 18    int sum = 0;
 19
 20    for (int i = 0; i < items->xxs; i++) {
 21       sum += itemlist[i];
 22    }
 23
 24    return sum;
 25 }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190914/fa1160c2/attachment.html>


More information about the cfe-dev mailing list