r.stahl added inline comments.

Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1650
+            // If there is a list, but no init, it must be zero.
+            if (i >= InitList->getNumInits())
NoQ wrote:
> NoQ wrote:
> > Would this work correctly if the element is not of an integral or 
> > enumeration type? I think this needs an explicit check.
> What if we have an out-of-bounds access to a variable-length array? I don't 
> think it'd yield zero.
I'm getting "variable-sized object may not be initialized", so this case should 
not be possible.

Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1650-1652
+            // If there is a list, but no init, it must be zero.
+            if (i >= InitList->getNumInits())
+              return svalBuilder.makeZeroVal(R->getElementType());
r.stahl wrote:
> NoQ wrote:
> > NoQ wrote:
> > > Would this work correctly if the element is not of an integral or 
> > > enumeration type? I think this needs an explicit check.
> > What if we have an out-of-bounds access to a variable-length array? I don't 
> > think it'd yield zero.
> I'm getting "variable-sized object may not be initialized", so this case 
> should not be possible.
I'm having a hard time reproducing this either.

struct S {
  int a = 3;
S const sarr[2] = {};
void definit() {
  int i = 1;
  clang_analyzer_dump(sarr[i].a); // expected-warning{{test}}

results in a symbolic value, because makeZeroVal returns an empty SVal list for 
arrays, records, vectors and complex types. Otherwise it just returns 
UnknownVal (for example for not-yet-implemented floats).

Can you think of a case where this would be an issue?


cfe-commits mailing list

Reply via email to