NoQ added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/ValistChecker.cpp:178
+ VaListModelledAsArray = Cast->getCastKind() == CK_ArrayToPointerDecay;
+ const MemRegion *Reg = SV.getAsRegion();
+ if (const auto *DeclReg = Reg->getAs<DeclRegion>()) {
----------------
I suspect that UnknownVal should also be handled before that, otherwise we'd
have null dereference on the next line.
================
Comment at: test/Analysis/valist-uninitialized-no-undef.c:5
+
+// This is the same function as the previous one, but it is called in
call_inlined_uses_arg(),
+// and the warning is generated during the analysis of call_inlined_uses_arg().
----------------
Hmm, where's the previous one?
================
Comment at: test/Analysis/valist-uninitialized-no-undef.c:19
+ // FIXME: There should be no warning for this.
+ (void)va_arg(*fst, int); // expected-warning{{va_arg() is called on an
uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized
va_list}}
+ va_end(*fst);
----------------
As the patch tries to handle symbolic va_list regions, i wonder what's so
particularly hard about this false positive (apart from its being obviously
rare, by the way did you actually see such code?).
https://reviews.llvm.org/D30157
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
