Szelethus added inline comments.
================
Comment at:
lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp:223
+ // int*).
+ while (auto Tmp = V.getAs<loc::MemRegionVal>()) {
+ // We can't reason about symbolic regions, assume its initialized.
----------------
Szelethus wrote:
> NoQ wrote:
> > Szelethus wrote:
> > > NoQ wrote:
> > > > Hmm, i still have concerns about things like `int *x = (int *)&x;`. Why
> > > > not just check the type to terminate the loop? Type hierarchy is
> > > > guaranteed to be finite.
> > > There actually is a testcase for that -- it would create a
> > > nonloc::LocAsInteger, not a loc::MemRegionVal.
> > >
> > > I'll add a TODO to revisit this loop condition (again :) ).
> > Ok, let's try with one more asterisk:
> > ```
> > 1 void test() {
> > 2 int **x = (int **)&x;
> > 3 int *y = *x;
> > 4 int z = *y;
> > 5 }
> > ```
> >
> > Here's what i get in the Store:
> > ```
> > (x,0,direct) : &element{x,0 S64b,int *}
> > (y,0,direct) : &element{x,0 S64b,int *}
> > (z,0,direct) : &element{x,0 S64b,int *}
> > ```
> Sounds fun, I'll see how the checker behaves to these when I'm in the office.
Yup, you were correct, it ends up in an infinite loop. I'll add the testcase
for it before commiting.
https://reviews.llvm.org/D50509
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
