r.stahl added inline comments.
================ Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1650 + + // If there is a list, but no init, it must be zero. + if (i >= InitList->getNumInits()) ---------------- NoQ wrote: > NoQ wrote: > > Would this work correctly if the element is not of an integral or > > enumeration type? I think this needs an explicit check. > What if we have an out-of-bounds access to a variable-length array? I don't > think it'd yield zero. I'm getting "variable-sized object may not be initialized", so this case should not be possible. ================ Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1650-1652 + // If there is a list, but no init, it must be zero. + if (i >= InitList->getNumInits()) + return svalBuilder.makeZeroVal(R->getElementType()); ---------------- r.stahl wrote: > NoQ wrote: > > NoQ wrote: > > > Would this work correctly if the element is not of an integral or > > > enumeration type? I think this needs an explicit check. > > What if we have an out-of-bounds access to a variable-length array? I don't > > think it'd yield zero. > I'm getting "variable-sized object may not be initialized", so this case > should not be possible. I'm having a hard time reproducing this either. ``` struct S { int a = 3; }; S const sarr[2] = {}; void definit() { int i = 1; clang_analyzer_dump(sarr[i].a); // expected-warning{{test}} } ``` results in a symbolic value, because makeZeroVal returns an empty SVal list for arrays, records, vectors and complex types. Otherwise it just returns UnknownVal (for example for not-yet-implemented floats). Can you think of a case where this would be an issue? https://reviews.llvm.org/D46823 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits