<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/72618>72618</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang-static-analyzer]:valistChecker lack of analysis capabilities on Windows platform
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
            mzyKi
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          mzyKi
      </td>
    </tr>
</table>

<pre>
    ```llvm-project/clang/test/Analysis/valist-uninitialized-no-undef.c```
```c
#include "Inputs/system-header-simulator-for-valist.h"
// This is called in call_inlined_uses_arg(),
// and the warning is generated during the analysis of call_inlined_uses_arg().
void inlined_uses_arg(va_list arg) {
  (void)va_arg(arg, int); // expected-warning{{va_arg() is called on an uninitialized va_list}}
  // expected-note@-1{{va_arg() is called on an uninitialized va_list}}
}

void call_inlined_uses_arg(int fst, ...) {
  va_list va;
  inlined_uses_arg(va); // expected-note{{Calling 'inlined_uses_arg'}}
}

void f6(va_list *fst, ...) {
 va_start(*fst, fst);
  (void)va_arg(*fst, int);
 va_end(*fst);
}

int va_list_get_int(va_list *va) {
  return va_arg(*va, int); // no-warning
}

struct MyVaList {
  va_list l;
};
int va_list_get_int2(struct MyVaList *va) {
  return va_arg(va->l, int); // no-warning
}

void call_vprintf_bad(int isstring, ...) {
  va_list va;
  vprintf(isstring ? "%s" : "%d", va); // expected-warning{{Function 'vprintf' is called with an uninitialized va_list argument}}
  // expected-note@-1{{Function 'vprintf' is called with an uninitialized va_list argument}}
  // expected-note@-2{{Assuming 'isstring' is 0}}
  // expected-note@-3{{'?' condition is false}}
}

void call_vsprintf_bad(char *buffer, ...) {
  va_list va;
  va_start(va, buffer); // expected-note{{Initialized va_list}}
 va_end(va); // expected-note{{Ended va_list}}
  vsprintf(buffer, "%s %d %d %lf %03d", va); // expected-warning{{Function 'vsprintf' is called with an uninitialized va_list argument}}
  // expected-note@-1{{Function 'vsprintf' is called with an uninitialized va_list argument}}
}
```
I found in Linux platform the above testcase will run correctly.But in windows it shows false negative on all [clang-analyzer-valist.Uninitialized].
Here are some difference between realization of valist and valist lib functions on linux and windows platform:
```Linux```
```c
__builtin_va_start 'void (struct __va_list_tag *, ...)' extern
__builtin_va_end 'void (struct __va_list_tag *)' extern

CallExpr 0x55c6ee879fd0 <line:42:3, col:37> 'int'
| |-ImplicitCastExpr 0x55c6ee879fb8 <col:3> 'int (*)(const char *, struct __va_list_tag *)' <FunctionToPointerDecay>
|     | `-DeclRefExpr 0x55c6ee879d60 <col:3> 'int (const char *, struct __va_list_tag *)' Function 0x55c6ee875028 'vprintf' 'int (const char *, struct __va_list_tag *)'

ImplicitCastExpr 0x55c6ee87a680 <col:41> 'struct __va_list_tag *' <ArrayToPointerDecay>
        `-DeclRefExpr 0x55c6ee87a558 <col:41> 'va_list':'struct __va_list_tag[1]' lvalue Var 0x55c6ee87a1f0 'va' 'va_list':'struct __va_list_tag[1]'
```

```Windows```
```c
__builtin_va_start 'void (__builtin_va_list &, ...)
__builtin_va_end 'void (__builtin_va_list &)' extern
CallExpr 0xa504f80 <line:42:3, col:37> 'int'
| |-ImplicitCastExpr 0xa504f68 <col:3> 'int (*)(const char *, __builtin_va_list)' <FunctionToPointerDecay>
|     | `-DeclRefExpr 0xa504cd8 <col:3> 'int (const char *, __builtin_va_list)' Function 0xa4f4e50 'vprintf' 'int (const char *, __builtin_va_list)'

`-ImplicitCastExpr 0xa504fc8 <col:35> 'va_list':'char *' <LValueToRValue>
| `-DeclRefExpr 0xa504ed8 <col:35> 'va_list':'char *' lvalue Var 0xa504c58 'va' 'va_list':'char *'

```
Obviously,we can find realization of valist is different between linux and windows. ```va``` is treated as ```char*``` on windows and as ```struct __va_list_tag[1]``` on linux.Because of builtin-type pointer if not initialized,it will also be treated as wild pointer.I think we should give one compliant memory modeling to deal with this problem.And I will try my best to fix it.






























</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUWF2P4joS_TXmpQQKDh_hgQeabrStndWurmbnPiLHroB3jI1sB5r59Ss7IQkNTHfPtHZ1WygkxD51qlynXG3mnNxoxDkZPxBKdz9Of5eEUjJ-7LHSb42dx596uRGnOZkk1Uepw66_t-Y_yD2hK66Y3hC68ujC40IzdXLSEbo6MCWd75daauklU_IHir42_VILLAa8ASTJI0kWzSOvn2kqNVelQCCUPut96QOoOzmPu_4WmUDbd3JXKuaN7RfG9iuDg23wocZYEbqCr1vpQDrgTCkUIHW8W0utpEaxLh26NbMbQjNCZ4QuLyYzLcBvEY7Maqk3AWeDGi3zKECUNvwW3rPacTDFz-AHFfjByEDkasSBrYMPEJ9mQKYP1XiA8NJIQejswOrB8boEqX3gnT5ATRlf9sg9in7NOaBMH5ppAbiNhtHANFwsEtQsyPQxfBoCl-DaeCSjpD_8DPj2pg3PvShK7aEIybaEwWDwKkznAB4YSZsfbwb6TsyiW9GjJVMqrC6h02uA6Vvsi0lnOQld3GN8YGvnmfUxcudR8WvW8eDG6rejmwRoIVGLzpD23SumIZQ1x_UG_ToidVnHMHXja9GXVkOXRRhzIwu1afLvlmnnbck9_OP0jX2Jxq7XUF3QPt_f4EwJza7w3kH-wPokfVK_Qr_N0MPeSu2Ldc5EnZzSOR_qwgcytAYJAPVkIOkqVD5Cx45QCiRd1I8ifi3hbgpfyH5Vau6l0SGNGyvTjkKP0m_vajQUonKH-mO14H9qk1Y2F86Vu7NcmwWIRpP3AaUVUNB2ugpTudFCRj-kg4Iph-8qWQd3kRF8y2zIxrwsCrQfyYm2MlQSOyO8Ubee36jkTXl4Rw180uLefnB2k9Csda1OWAhp2lxUEa5J-huJ6_4fmftJRtuby47nGQpT6tiPfJG6fIG9Yr4wdlf1E7k5IISuijOHcJRKgS01cGMtcq9Og4fSh7lHqYU5OpAe3DbcxEwFjRvm5QHjDqwUkPFDbNX6sVH5gU279O-uI2T8WHcof0OLwCyCMzsEIcMKo-YIOfojogaLYQqL0TIFVGixXapvlcyhqOPpAg0VvQwjzpzPHpN08SpEMSJvtIjrdV5K5aVen6USly0Isd0Q1uvzZuFZKA6LVoFhYfHFo9U38FCL96FdwVTX0D08vewtJC_jMZ8gZtNZIRIg6TL0EiRdjChJF2mgw40Kt1OSPlXdhg9FqE6eJZDpsv-82yvJpV8y569g8yzA1igtCFT7c6SYcaOdh3MxClbfcImky7Mavpp_Gak92kfk7ETSp5Zb-IscJ0n_Ebn6A4vX9MQkuUvvw6wagbYGxgnNXu00v26gu4Q_iTmbZB2nRsPaq_vYMZ4La9npTjCh_rsfSDYeZzdsnotz2LYWdziQ8cOQjB8DDXVgqkT4xi6gh0VSYdXR-xjozfL26sc_K8n_lqQv3tYt6qSj5zdVfAfgSsId8bJxMiqyz9RtRJz8kmSv-H-SVgMlLu5Tej-Tjj7ZqBjhOPmANO-AvsqnuzHlXQfGd-TR2oth-_ItyOGr-SN-X4TrdphQfNTKheJipMfZT8XWmXxTStXjP_ODNKVTJ0KXRwTONBRSizv7snTNHu6bLfxqQx5AY-TAmtsw2VuMJx7MtUMCz0CzGWfabiSAdsf-rIB050dKgwfkrHQY-NcZ0fenPcK-Sm2QBWgTup-2caFL6asuiSlnIMcu5aNU4jx58Ax-K_V3OGJomEolYFP1SQjchNRi2sMOd8aeYGcExkMAb0AgU1X757fSwd6aXOFusNACnivLPsw4QY7OhwmFfAHpBxdr-Be59sQ8FbN0xno4H06ThCaTKU162_koG83YqEDM8sks4zOajtiI55MEpxlyOuvJOU1oOhwOp8k0zUbJoJjSvMBRgSIVWT6ZkFGCOybVQKnDbmDspiedK3E-pZNh1lMsR-XqE0mNR4gv61NJO4-Hj3m5cWSUhDRyLYqXXsWjzKrNdZ55yZtuN-RZuqjEsNwi_44WFOPfQ4o1R3ec7VkulfQSY8P656s2tVdaNd96v3dRqOE_iY302zIfcLMjdBW41F-dE9LogSN0FT38bwAAAP__mxqArA">