I think a checker for uninitialized values left after a constructor call is very valuable.
It is uncertain whether it is valuable to check that all pointers point to initialized objects for a number of reasons:
- As we have seen, it increases the number of false positives
- It significantly increases the complexity of the checker
- Projects would be more reluctant to try the checker due to the first point
Could we actually go in an opposite direction and try to separate the pointer-chasing into perhaps a separate checker?
I just added a new patch as you wrote that comment (D49438)! Separating this functionality to a separate checker sounds great. I didn't actually check it, but I bet that around ~30-40% is at least indirectly in relation with pointer/reference handling, and it is getting a little out of hand.
I'll definitely explore this option too. Thanks for the idea! :)