Bug hunting; more bailout warnings in uninit check

This commit is contained in:
Daniel Marjamäki 2020-07-13 20:23:44 +02:00
parent 8ba714373f
commit 36b9e545ac
2 changed files with 20 additions and 13 deletions

View File

@ -87,7 +87,7 @@ static void divByZero(const Token *tok, const ExprEngine::Value &value, ExprEngi
return; return;
if (tok->isImpossibleIntValue(0)) if (tok->isImpossibleIntValue(0))
return; return;
if (value.isUninit()) if (value.isUninit() && value.type != ExprEngine::ValueType::BailoutValue)
return; return;
float f = getKnownFloatValue(tok, 0.0f); float f = getKnownFloatValue(tok, 0.0f);
if (f > 0.0f || f < 0.0f) if (f > 0.0f || f < 0.0f)
@ -216,22 +216,16 @@ static void uninit(const Token *tok, const ExprEngine::Value &value, ExprEngine:
if (value.type == ExprEngine::ValueType::BailoutValue) { if (value.type == ExprEngine::ValueType::BailoutValue) {
if (tok->hasKnownValue()) if (tok->hasKnownValue())
return; return;
if (tok->function()) if (!tok->variable())
return; // FIXME
if (Token::Match(tok, "<<|>>|,"))
// Only warn about the operands
return; return;
// lhs for scope operator // lhs for scope operator
if (Token::Match(tok, "%name% ::")) if (Token::Match(tok, "%name% ::"))
return; return;
if (tok->astParent()->str() == "::" && tok == tok->astParent()->astOperand1()) if (tok->astParent()->str() == "::" && tok == tok->astParent()->astOperand1())
return; return;
if (tok->str() == "(")
// cast: result is not uninitialized if expression is initialized
// function: does not return a uninitialized value
return;
// Containers are not uninitialized // Containers are not uninitialized
std::vector<const Token *> tokens{tok, tok->astOperand1(), tok->astOperand2()}; std::vector<const Token *> tokens{tok, tok->astOperand1(), tok->astOperand2()};
if (Token::Match(tok->previous(), ". %name%")) if (Token::Match(tok->previous(), ". %name%"))
@ -242,15 +236,30 @@ static void uninit(const Token *tok, const ExprEngine::Value &value, ExprEngine:
} }
const Variable *var = tok->variable(); const Variable *var = tok->variable();
if (var && var->nameToken() == tok)
return;
if (var && !var->isLocal())
return; // FIXME
if (var && !var->isPointer()) { if (var && !var->isPointer()) {
if (!var->isLocal() || var->isStatic()) if (!var->isLocal() || var->isStatic())
return; return;
} }
if (var && (Token::Match(var->nameToken(), "%name% =") || Token::Match(var->nameToken(), "%varid% ; %varid% =", var->declarationId()))) if (var && (Token::Match(var->nameToken(), "%name% [=:]") || Token::Match(var->nameToken(), "%varid% ; %varid% =", var->declarationId())))
return; return;
if (var && var->nameToken() == tok) if (var && var->nameToken() == tok)
return; return;
// Are there unconditional assignment?
if (var && Token::Match(var->nameToken(), "%varid% ;| %varid%| =", tok->varId()))
return;
for (const Token *prev = tok->previous(); prev; prev = prev->previous()) {
if (!precedes(var->nameToken(), prev))
break;
if (prev->str() == "}")
prev = prev->link();
if (Token::Match(prev, "%varid% =", tok->varId()))
return;
}
} }
// Uninitialized function argument // Uninitialized function argument

View File

@ -317,11 +317,9 @@ namespace ExprEngine {
bool isEqual(DataBase * /*dataBase*/, int /*value*/) const OVERRIDE { bool isEqual(DataBase * /*dataBase*/, int /*value*/) const OVERRIDE {
return true; return true;
} }
/* FIXME: This is too noisy
bool isUninit() const OVERRIDE { bool isUninit() const OVERRIDE {
return true; return true;
} }
*/
}; };
typedef std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> Callback; typedef std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> Callback;