<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi Nathan,<o:p></o:p></p>
<p class="MsoNormal">Thanks for the reply. Can you please elaborate on how to let clang-sa to learn about printf? I tried using CTU analysis [1], but I’m unsure how to add mappings for libc functions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Ali<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[1] https://clang.llvm.org/docs/analyzer/user-docs/CrossTranslationUnit.html<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Nathan Sidwell <nathanmsidwell@gmail.com> on behalf of Nathan Sidwell <nathan@acm.org><br>
<b>Date: </b>Friday, April 30, 2021 at 9:00 AM<br>
<b>To: </b>Ali Shuja Siddiqui (alissidd) <alissidd@cisco.com>, cfe-dev@lists.llvm.org <cfe-dev@lists.llvm.org><br>
<b>Subject: </b>Re: [cfe-dev] clang and clang-sa do not detect uninitialized variable<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">On 4/29/21 4:41 PM, Ali Shuja Siddiqui (alissidd) via cfe-dev wrote:<br>
> Hello,<br>
> <br>
> With the following code<br>
> <br>
> //-------------------------<br>
> <br>
> #include <stdio.h><br>
> <br>
> extern int t;<br>
> <br>
> void use_b (int *b){<br>
> <br>
> printf("%p\n",b);<br>
> <br>
> }<br>
> <br>
> void func(){<br>
> <br>
> int b;<br>
> <br>
> use_b(&b);<br>
> <br>
> if (b)<br>
> <br>
> b+=33;<br>
> <br>
> }<br>
> <br>
> //---------------------------<br>
> <br>
> Running clang -Wuninitialized or running clang –analyze, I don’t see any <br>
> warning for uninitialized variables. However, if I change the code to:<br>
> <br>
> //----------------------<br>
> <br>
> #include <stdio.h><br>
> <br>
> extern int t;<br>
> <br>
> void use_b (int *b){<br>
> <br>
> if (t==5)<br>
> <br>
> return;<br>
> <br>
> printf("%p\n",b);<br>
> <br>
> }<br>
> <br>
> void func(){<br>
> <br>
> int b;<br>
> <br>
> use_b(&b);<br>
> <br>
> if (b)<br>
> <br>
> b+=33;<br>
> <br>
> }<br>
> <br>
> //--------------------<br>
> <br>
> I do see this warning with the static analyzer:<br>
> <br>
> sa_try.c:13:9: warning: Branch condition evaluates to a garbage value <br>
> [core.uninitialized.Branch]<br>
> <br>
> if (b)<br>
> <br>
> ^<br>
> <br>
> 1 warning generated.<br>
> <br>
> My question is why am I not getting any warning for the first case? Is <br>
> it being considered that printf is updating the value of b in some way?<br>
<br>
Presuming it has no knowledge of printf's semantics, then yes. that <br>
function could write through the pointer (and indeed would, if 'b' was <br>
an output parameter).<br>
<br>
It could learn that printf doesn't do that (except for %n).<br>
<br>
nathan<br>
<br>
<br>
nathan<br>
-- <br>
Nathan Sidwell<o:p></o:p></p>
</div>
</div>
</body>
</html>