[llvm-dev] Possible false positive on clang 9.0.1 --analyze

[Jan Engelhardt via llvm-dev]

B::B(const S &) does aggregate-initialization with S, after which 
S::cb/B::cb and lpb are initialized. clang however thinks it is still 
uninitialized.


» cat x.cpp
struct S {
        unsigned int cb;
        unsigned char *lpb;
};
struct B : public S {
        B(const S &b) : S{b.cb, nullptr}
        {
                if (lpb == nullptr)
                        ;
        }
};
void f(const S &x)
{
        B y(x);
}

» clang++ --analyze x.cpp  -v
clang version 9.0.1  [openSUSE Tumbleweed]
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib64/gcc/x86_64-suse-linux/10
Found candidate GCC installation: /usr/bin/../lib64/gcc/x86_64-suse-linux/9
Found candidate GCC installation: /usr/lib64/gcc/x86_64-suse-linux/10
Found candidate GCC installation: /usr/lib64/gcc/x86_64-suse-linux/9
Selected GCC installation: /usr/bin/../lib64/gcc/x86_64-suse-linux/10
Candidate multilib: .;@m64
Selected multilib: .;@m64
 "/usr/bin/clang-9.0.1" -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name x.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -v -resource-dir /usr/lib64/clang/9.0.1
  -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/10/../../../../include/c++/10 -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/10/../../../../include/c++/10/x86_64-suse-linux -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/10/../../../../include/c++/10/backward -internal-isystem /usr/local/include -internal-isystem /usr/lib64/clang/9.0.1/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdeprecated-macro -fdebug-compilation-dir /home/jengelh/work/kc -ferror-limit 19 -fmessage-length 0 -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -fcolor-diagnostics -faddrsig -o x.plist -x c++ /dev/shm/x.cpp
clang -cc1 version 9.0.1 based upon LLVM 9.0.1 default target x86_64-unknown-linux-gnu
ignoring nonexistent directory "/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/bin/../lib64/gcc/x86_64-suse-linux/10/../../../../include/c++/10
 /usr/bin/../lib64/gcc/x86_64-suse-linux/10/../../../../include/c++/10/x86_64-suse-linux
 /usr/bin/../lib64/gcc/x86_64-suse-linux/10/../../../../include/c++/10/backward
 /usr/local/include
 /usr/lib64/clang/9.0.1/include
 /usr/include
End of search list.
x.cpp:8:11: warning: The left operand of '==' is a garbage value
                if (lpb == nullptr)
                    ~~~ ^
1 warning generated.