Szelethus added inline comments.
================
Comment at:
lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp:223
+ // int*).
+ while (auto Tmp = V.getAs<loc::MemRegionVal>()) {
+ // We can't reason about symbolic regions, assume its initialized.
----------------
NoQ wrote:
> Szelethus wrote:
> > NoQ wrote:
> > > Hmm, i still have concerns about things like `int *x = (int *)&x;`. Why
> > > not just check the type to terminate the loop? Type hierarchy is
> > > guaranteed to be finite.
> > There actually is a testcase for that -- it would create a
> > nonloc::LocAsInteger, not a loc::MemRegionVal.
> >
> > I'll add a TODO to revisit this loop condition (again :) ).
> Ok, let's try with one more asterisk:
> ```
> 1 void test() {
> 2 int **x = (int **)&x;
> 3 int *y = *x;
> 4 int z = *y;
> 5 }
> ```
>
> Here's what i get in the Store:
> ```
> (x,0,direct) : &element{x,0 S64b,int *}
> (y,0,direct) : &element{x,0 S64b,int *}
> (z,0,direct) : &element{x,0 S64b,int *}
> ```
Sounds fun, I'll see how the checker behaves to these when I'm in the office.
https://reviews.llvm.org/D50509
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
