Bug hunting; more bailout warnings in uninit check

This commit is contained in:
Daniel Marjamäki 2020-07-13 20:23:44 +02:00
parent 8ba714373f
commit 36b9e545ac
2 changed files with 20 additions and 13 deletions

View File

@ -87,7 +87,7 @@ static void divByZero(const Token *tok, const ExprEngine::Value &value, ExprEngi
return;
if (tok->isImpossibleIntValue(0))
return;
if (value.isUninit())
if (value.isUninit() && value.type != ExprEngine::ValueType::BailoutValue)
return;
float f = getKnownFloatValue(tok, 0.0f);
if (f > 0.0f || f < 0.0f)
@ -216,22 +216,16 @@ static void uninit(const Token *tok, const ExprEngine::Value &value, ExprEngine:
if (value.type == ExprEngine::ValueType::BailoutValue) {
if (tok->hasKnownValue())
return;
if (tok->function())
return;
if (Token::Match(tok, "<<|>>|,"))
// Only warn about the operands
if (!tok->variable())
// FIXME
return;
// lhs for scope operator
if (Token::Match(tok, "%name% ::"))
return;
if (tok->astParent()->str() == "::" && tok == tok->astParent()->astOperand1())
return;
if (tok->str() == "(")
// cast: result is not uninitialized if expression is initialized
// function: does not return a uninitialized value
return;
// Containers are not uninitialized
std::vector<const Token *> tokens{tok, tok->astOperand1(), tok->astOperand2()};
if (Token::Match(tok->previous(), ". %name%"))
@ -242,15 +236,30 @@ static void uninit(const Token *tok, const ExprEngine::Value &value, ExprEngine:
}
const Variable *var = tok->variable();
if (var && var->nameToken() == tok)
return;
if (var && !var->isLocal())
return; // FIXME
if (var && !var->isPointer()) {
if (!var->isLocal() || var->isStatic())
return;
}
if (var && (Token::Match(var->nameToken(), "%name% =") || Token::Match(var->nameToken(), "%varid% ; %varid% =", var->declarationId())))
if (var && (Token::Match(var->nameToken(), "%name% [=:]") || Token::Match(var->nameToken(), "%varid% ; %varid% =", var->declarationId())))
return;
if (var && var->nameToken() == tok)
return;
// Are there unconditional assignment?
if (var && Token::Match(var->nameToken(), "%varid% ;| %varid%| =", tok->varId()))
return;
for (const Token *prev = tok->previous(); prev; prev = prev->previous()) {
if (!precedes(var->nameToken(), prev))
break;
if (prev->str() == "}")
prev = prev->link();
if (Token::Match(prev, "%varid% =", tok->varId()))
return;
}
}
// Uninitialized function argument

View File

@ -317,11 +317,9 @@ namespace ExprEngine {
bool isEqual(DataBase * /*dataBase*/, int /*value*/) const OVERRIDE {
return true;
}
/* FIXME: This is too noisy
bool isUninit() const OVERRIDE {
return true;
}
*/
};
typedef std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> Callback;