[clang] [clang][analyzer] CallAndMessage warnings at pointer to uninitialized struct (PR #164600)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Thu Oct 30 02:36:22 PDT 2025
================
@@ -212,8 +210,14 @@ bool CallAndMessageChecker::uninitRefOrPointer(
if (const MemRegion *SValMemRegion = V.getAsRegion()) {
const ProgramStateRef State = C.getState();
- const SVal PSV = State->getSVal(SValMemRegion, C.getASTContext().CharTy);
- if (PSV.isUndef()) {
+ QualType T = ParamDecl->getType()->getPointeeType();
+ if (T->isVoidType())
+ T = C.getASTContext().CharTy;
+ const SVal PSV = State->getSVal(SValMemRegion, T);
+ bool IsUndef = PSV.isUndef();
+ if (auto LCV = PSV.getAs<nonloc::LazyCompoundVal>())
+ IsUndef = LCV->getStore() == nullptr;
----------------
steakhal wrote:
There is no way you can ask for the underlying value of an LCV, so by extension you also can't detect if it's uninitialized or not. Here you would need to know if any of the bindings in the cluster of the region of the LCV in the Store of the LCV refers to undef.
That can be undef for 2 reasons: 1) the default binding at least partially covering that region is undef., or 2) there is a direct binding of Undef that at least partially overlaps with that region.
iterBindings could give you the list of direct bindings, but I don't think there is a way to query a default binding. NVM, there is one api, `getDefaultBinding`. But I start to really hate these LCVs and the regionstore.
https://github.com/llvm/llvm-project/pull/164600
More information about the cfe-commits
mailing list