Verification; Experimental checking for uninit

2019-12-30 18:55:16 +01:00 · 2019-12-30 18:55:16 +01:00 · a60efa6774
parent 33c8b71467
commit a60efa6774
3 changed files with 30 additions and 0 deletions
--- a/lib/exprengine.cpp
+++ b/lib/exprengine.cpp
@ -1698,6 +1698,20 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
    };
 #endif

+#ifdef VERIFY_UNINIT  // This is highly experimental
+    std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> uninit = [=](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) {
+        if (!tok->astParent())
+            return;
+        if (!value.isUninit())
+            return;
+
+        dataBase->addError(tok->linenr());
+        std::list<const Token*> callstack{tok};
+        ErrorLogger::ErrorMessage errmsg(callstack, &tokenizer->list, Severity::SeverityType::error, "verificationUninit", "Cannot determine that data is initialized", CWE(908), false);
+        errorLogger->reportErr(errmsg);
+    };
+#endif
+
    std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> checkFunctionCall = [=](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) {
        if (!Token::Match(tok->astParent(), "[(,]"))
            return;
@ -1800,6 +1814,9 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
 #ifdef VERIFY_INTEGEROVERFLOW
    callbacks.push_back(integerOverflow);
 #endif
+#ifdef VERIFY_UNINIT
+    callbacks.push_back(uninit);
+#endif

    std::ostringstream report;
    ExprEngine::executeAllFunctions(tokenizer, settings, callbacks, report);
--- a/lib/exprengine.h
+++ b/lib/exprengine.h
@ -105,6 +105,9 @@ namespace ExprEngine {
            (void)value;
            return false;
        }
+        virtual bool isUninit() const {
+            return false;
+        }

        const std::string name;
        ValueType type;
@ -113,6 +116,9 @@ namespace ExprEngine {
    class UninitValue: public Value {
    public:
        UninitValue() : Value("?", ValueType::UninitValue) {}
+        bool isUninit() const OVERRIDE {
+            return true;
+        }
    };

    class IntRange : public Value {
--- a/test/testsuites/danmar-verify/uninit.c
+++ b/test/testsuites/danmar-verify/uninit.c
@ -0,0 +1,7 @@
+
+void foo() {
+    int a[10];
+    a[0] = 0;
+    return a[2];
+}
+