<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Static Analyzer false positive: initialized value is believed to be uninitialized"

   href="https://bugs.llvm.org/show_bug.cgi?id=39032">39032</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Static Analyzer false positive: initialized value is believed to be uninitialized

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Static Analyzer

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>dcoughlin@apple.com

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>bevin.hansson@ericsson.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=20903" name="attach_20903" title="reproducer">attachment 20903</a> <a href="attachment.cgi?id=20903&action=edit" title="reproducer">[details]</a></span>

reproducer

In the attached example, Static Analyzer claims that a value which is

definitely initialized is not. Determining _what_ it is initialized to might be

a more difficult exercise, but it certainly is not uninitialized.

clang -cc1 -analyze -analyzer-checker=core sa.c

sa.c:10:3: warning: 1st function call argument is an uninitialized value

  fn(ptr[1]);  

  ^~~~~~~~~~

If we try to access ptr[0] instead, the warning goes away.

I suspect this might be due to deficiencies in RegionStore. SA knows that ptr

points to str, but it cannot seem to locate the binding to str through an

ElementRegion with an offset of 1.

I'd fix this myself, but I don't know if this is a problem with how RegionStore

looks up the bindings, either in getBindingForElement or

getBindingForFieldOrElementCommon, or if it's a problem with how it registers

the binding of str. Or something completely different altogether.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>