This is an archive of the discontinued LLVM Phabricator instance.

Differential D58573

[analyzer] Move UninitializedObjectChecker out of alpha
ClosedPublic

Authored by Szelethus on Feb 23 2019, 1:57 AM.

Details

Reviewers
dcoughlin
NoQ
xazax.hun
rnkovacs
whisperity
a.sidorin
baloghadamsoftware
Commits
rG85e0ff752ca7: [analyzer] Move UninitializedObjectChecker out of alpha
rL358797: [analyzer] Move UninitializedObjectChecker out of alpha
rC358797: [analyzer] Move UninitializedObjectChecker out of alpha
Summary

I've tested the checker on 5 open source projects with 3 different configurations:

http://cc.inf.elte.hu:15420/Default/#

I think there is room for discussion whether which package should this checker reside in, but in terms of development, I would argue that this is ready to go.

Shall I make some other tests?

Diff Detail

Event Timeline

Szelethus created this revision.Feb 23 2019, 1:57 AM
Herald added subscribers: cfe-commits, gamesh411, dkrupp and 4 others. · View Herald TranscriptFeb 23 2019, 1:57 AM
Szelethus added a comment.Mar 3 2019, 1:26 PM

Ping

Herald added a subscriber: Charusso. · View Herald TranscriptMar 3 2019, 1:26 PM
NoQ added a comment.Mar 7 2019, 3:13 PM

At a glance, it seems as if these are great findings for a hardening effort, but most of these don't look like immediate bugs (had a look at 10 or so), so i guess i'd suggest optin.cplusplus, at least for now.

Also, hmm, how about the following heuristics (looked at the positive in rtags and thought about this):

  • if the field is public, don't warn (the structure seems to be used simply as a convenient group of variables?)
  • if all uninitialized fields are in all cases written into immediately after the constructor ends, suppress the warning (i vaguely remember that something similar was already proposed, but i might be wrong)

Also huge thanks for keeping things documented!!

Szelethus added a comment.Mar 10 2019, 8:47 AM
In D58573#1422198, @NoQ wrote:

Also, hmm, how about the following heuristics (looked at the positive in rtags and thought about this):

  • if the field is public, don't warn (the structure seems to be used simply as a convenient group of variables?)

I disagree with this. If anything, public uninitialized fields should be reported the most.

  • if all uninitialized fields are in all cases written into immediately after the constructor ends, suppress the warning (i vaguely remember that something similar was already proposed, but i might be wrong)

I think we'd need dataflow analysis for that. We do suppress reports though where all fields of an object is uninitialized.

whisperity added a comment.Mar 12 2019, 3:45 AM

In case no bug reports against the checker are reported on the mailing list or Bugzilla, I wholeheartedly agree with kicking the ball here.

As for the package, perhaps we could go into optin.bugprone or optin.conventions? (These are new package names...)

Szelethus added a reviewer: baloghadamsoftware.Mar 12 2019, 4:47 AM
Szelethus added a comment.Mar 21 2019, 6:02 AM

Ping, @NoQ, if we settled on optin.cplusplus, would you be fine with this patch?

Szelethus added a comment.Mar 29 2019, 6:25 AM

Ping^2

NoQ added a comment.Mar 29 2019, 2:18 PM
In D58573#1437749, @Szelethus wrote:

Ping, @NoQ, if we settled on optin.cplusplus, would you be fine with this patch?

Yup, totally!

Szelethus added a comment.Apr 2 2019, 1:41 AM

One heuristic that we could use is to ignore inherited data members optionally. Does that sound any good?

Szelethus updated this revision to Diff 194667.Apr 11 2019, 5:50 AM
Szelethus retitled this revision from [analyzer] Move UninitializedObject out of alpha to [analyzer] Move UninitializedObjectChecker out of alpha.

Moved the checker to optin.cplusplus.

Szelethus added a comment.Apr 19 2019, 6:11 AM

Gentle ping.

NoQ accepted this revision.Apr 19 2019, 8:30 AM

Ouch, forgot to accept it. Here you go!

This revision is now accepted and ready to land.Apr 19 2019, 8:30 AM
Closed by commit rC358797: [analyzer] Move UninitializedObjectChecker out of alpha (authored by Szelethus). · Explain WhyApr 19 2019, 4:35 PM
This revision was automatically updated to reflect the committed changes.
gribozavr added a subscriber: gribozavr.Apr 24 2019, 1:39 PM

Thanks for the checker! We are hitting a crash on _Atomic fields, could you take a look? https://bugs.llvm.org/show_bug.cgi?id=41590 Thanks!

Szelethus added a comment.Apr 24 2019, 1:47 PM
In D58573#1477581, @gribozavr wrote:

Thanks for the checker! We are hitting a crash on _Atomic fields, could you take a look? https://bugs.llvm.org/show_bug.cgi?id=41590 Thanks!

Yup, consider it fixed (in a little while)! Thanks for the report!

gribozavr added a comment.Apr 26 2019, 2:51 AM

Thank you for the fix! Another crash: https://bugs.llvm.org/show_bug.cgi?id=41611

Szelethus added a comment.Apr 26 2019, 3:38 AM

I suspect the problem is similar. I'll take a look at this either today or tomorrow, thanks!

sylvestre.ledru added a subscriber: sylvestre.ledru.Apr 27 2019, 2:08 AM

I took the liberty to add that in the release notes of clang
https://reviews.llvm.org/rG5f163c7e2e62

gribozavr added a comment.May 4 2019, 7:04 AM

Thank you for the fixes! Another crash: https://bugs.llvm.org/show_bug.cgi?id=41741

Revision Contents

Diff 188033

docs/analyzer/checkers.rst

Show First 20 LinesShow All 236 Lines▼ Show 20 Lines void test() {
int *p = new int; int *p = new int;
} // warn } // warn
cplusplus.SelfAssignment (C++) cplusplus.SelfAssignment (C++)
"""""""""""""""""""""""""""""" """"""""""""""""""""""""""""""
Checks C++ copy and move assignment operators for self assignment. Checks C++ copy and move assignment operators for self assignment.
cplusplus.UninitializedObject (C++)
"""""""""""""""""""""""""""""""""""
This checker reports uninitialized fields in objects created after a constructor
call. It doesn't only find direct uninitialized fields, but rather makes a deep
inspection of the object, analyzing all of it's fields subfields.
The checker regards inherited fields as direct fields, so one will recieve
warnings for uninitialized inherited data members as well.
.. code-block:: cpp
// With Pedantic and CheckPointeeInitialization set to true
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
// note: uninitialized field 'this->bptr->x'
int y; // note: uninitialized field 'this->b.y'
// note: uninitialized field 'this->bptr->y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr; // note: uninitialized pointee 'this->cptr'
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 6 uninitialized fields
// after the constructor call
}
// With Pedantic set to false and
// CheckPointeeInitialization set to true
// (every field is uninitialized)
struct A {
struct B {
int x;
int y;
};
int *iptr;
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // no warning
}
// With Pedantic set to true and
// CheckPointeeInitialization set to false
// (pointees are regarded as initialized)
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
int y; // note: uninitialized field 'this->b.y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 3 uninitialized fields
// after the constructor call
}
**Options**
This checker has several options which can be set from command line (e.g.
``-analyzer-config cplusplus.UninitializedObject:Pedantic=true``):
* ``Pedantic`` (boolean). If to false, the checker won't emit warnings for
objects that don't have at least one initialized field. Defaults to false.
* ``NotesAsWarnings`` (boolean). If set to true, the checker will emit a
warning for each uninitalized field, as opposed to emitting one warning per
constructor call, and listing the uninitialized fields that belongs to it in
notes. *Defaults to false*.
* ``CheckPointeeInitialization`` (boolean). If set to false, the checker will
not analyze the pointee of pointer/reference fields, and will only check
whether the object itself is initialized. *Defaults to false*.
* ``IgnoreRecordsWithField`` (string). If supplied, the checker will not analyze
structures that have a field with a name or type name that matches the given
pattern. *Defaults to ""*.
.. _deadcode-checkers: .. _deadcode-checkers:
deadcode deadcode
^^^^^^^^ ^^^^^^^^
Dead Code Checkers. Dead Code Checkers.
deadcode.DeadStores (C) deadcode.DeadStores (C)
▲ Show 20 LinesShow All 1,114 Lines▼ Show 20 Lines
}; };
void f() { void f() {
A a; A a;
A b = std::move(a); // note: 'a' became 'moved-from' here A b = std::move(a); // note: 'a' became 'moved-from' here
a.foo(); // warn: method call on a 'moved-from' object 'a' a.foo(); // warn: method call on a 'moved-from' object 'a'
} }
alpha.cplusplus.UninitializedObject (C++)
"""""""""""""""""""""""""""""""""""""""""
This checker reports uninitialized fields in objects created after a constructor call.
It doesn't only find direct uninitialized fields, but rather makes a deep inspection
of the object, analyzing all of it's fields subfields.
The checker regards inherited fields as direct fields, so one will
recieve warnings for uninitialized inherited data members as well.
.. code-block:: cpp
// With Pedantic and CheckPointeeInitialization set to true
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
// note: uninitialized field 'this->bptr->x'
int y; // note: uninitialized field 'this->b.y'
// note: uninitialized field 'this->bptr->y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr; // note: uninitialized pointee 'this->cptr'
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 6 uninitialized fields
// after the constructor call
}
// With Pedantic set to false and
// CheckPointeeInitialization set to true
// (every field is uninitialized)
struct A {
struct B {
int x;
int y;
};
int *iptr;
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // no warning
}
// With Pedantic set to true and
// CheckPointeeInitialization set to false
// (pointees are regarded as initialized)
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
int y; // note: uninitialized field 'this->b.y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 3 uninitialized fields
// after the constructor call
}
**Options**
This checker has several options which can be set from command line (e.g. ``-analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true``):
* ``Pedantic`` (boolean). If to false, the checker won't emit warnings for objects that don't have at least one initialized field. Defaults to false.
* ``NotesAsWarnings`` (boolean). If set to true, the checker will emit a warning for each uninitalized field, as opposed to emitting one warning per constructor call, and listing the uninitialized fields that belongs to it in notes. *Defaults to false.*.
* ``CheckPointeeInitialization`` (boolean). If set to false, the checker will not analyze the pointee of pointer/reference fields, and will only check whether the object itself is initialized. *Defaults to false.*.
* ``IgnoreRecordsWithField`` (string). If supplied, the checker will not analyze structures that have a field with a name or type name that matches the given pattern. *Defaults to ""*. Can be set with ``-analyzer-config alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"``.
alpha.deadcode alpha.deadcode
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
alpha.deadcode.UnreachableCode (C, C++) alpha.deadcode.UnreachableCode (C, C++)
""""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""""
Check unreachable code. Check unreachable code.
.. code-block:: cpp .. code-block:: cpp
▲ Show 20 LinesShow All 526 LinesShow Last 20 Lines

include/clang/StaticAnalyzer/Checkers/Checkers.td

Show First 20 LinesShow All 442 Lines▼ Show 20 Lines
def CXXSelfAssignmentChecker : Checker<"SelfAssignment">, def CXXSelfAssignmentChecker : Checker<"SelfAssignment">,
HelpText<"Checks C++ copy and move assignment operators for self assignment">, HelpText<"Checks C++ copy and move assignment operators for self assignment">,
Documentation<NotDocumented>; Documentation<NotDocumented>;
def MoveChecker: Checker<"Move">, def MoveChecker: Checker<"Move">,
HelpText<"Find use-after-move bugs in C++">, HelpText<"Find use-after-move bugs in C++">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def UninitializedObjectChecker: Checker<"UninitializedObject">,
HelpText<"Reports uninitialized fields after object construction">,
Documentation<HasAlphaDocumentation>;
} // end: "cplusplus" } // end: "cplusplus"
let ParentPackage = CplusplusOptIn in { let ParentPackage = CplusplusOptIn in {
def VirtualCallChecker : Checker<"VirtualCall">, def VirtualCallChecker : Checker<"VirtualCall">,
HelpText<"Check virtual function calls during construction or destruction">, HelpText<"Check virtual function calls during construction or destruction">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
Show All 25 Linesdef IteratorRangeChecker : Checker<"IteratorRange">,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def MismatchedIteratorChecker : Checker<"MismatchedIterator">, def MismatchedIteratorChecker : Checker<"MismatchedIterator">,
HelpText<"Check for use of iterators of different containers where iterators " HelpText<"Check for use of iterators of different containers where iterators "
"of the same container are expected">, "of the same container are expected">,
Dependencies<[IteratorModeling]>, Dependencies<[IteratorModeling]>,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def UninitializedObjectChecker: Checker<"UninitializedObject">,
HelpText<"Reports uninitialized fields after object construction">,
Documentation<HasAlphaDocumentation>;
} // end: "alpha.cplusplus" } // end: "alpha.cplusplus"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Valist checkers. // Valist checkers.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
let ParentPackage = Valist in { let ParentPackage = Valist in {
▲ Show 20 LinesShow All 521 LinesShow Last 20 Lines

lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedObject.h

Show All 11 Lines
// The checker reports uninitialized fields in objects created after a // The checker reports uninitialized fields in objects created after a
// constructor call. // constructor call.
// //
// This checker has several options: // This checker has several options:
// - "Pedantic" (boolean). If its not set or is set to false, the checker // - "Pedantic" (boolean). If its not set or is set to false, the checker
// won't emit warnings for objects that don't have at least one initialized // won't emit warnings for objects that don't have at least one initialized
// field. This may be set with // field. This may be set with
// //
// `-analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true`. // `-analyzer-config cplusplus.UninitializedObject:Pedantic=true`.
// //
// - "NotesAsWarnings" (boolean). If set to true, the checker will emit a // - "NotesAsWarnings" (boolean). If set to true, the checker will emit a
// warning for each uninitialized field, as opposed to emitting one warning // warning for each uninitialized field, as opposed to emitting one warning
// per constructor call, and listing the uninitialized fields that belongs // per constructor call, and listing the uninitialized fields that belongs
// to it in notes. Defaults to false. // to it in notes. Defaults to false.
// //
// `-analyzer-config \ // `-analyzer-config \
// alpha.cplusplus.UninitializedObject:NotesAsWarnings=true`. // cplusplus.UninitializedObject:NotesAsWarnings=true`.
// //
// - "CheckPointeeInitialization" (boolean). If set to false, the checker will // - "CheckPointeeInitialization" (boolean). If set to false, the checker will
// not analyze the pointee of pointer/reference fields, and will only check // not analyze the pointee of pointer/reference fields, and will only check
// whether the object itself is initialized. Defaults to false. // whether the object itself is initialized. Defaults to false.
// //
// `-analyzer-config \ // `-analyzer-config \
// alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true`. // cplusplus.UninitializedObject:CheckPointeeInitialization=true`.
// //
// TODO: With some clever heuristics, some pointers should be dereferenced // TODO: With some clever heuristics, some pointers should be dereferenced
// by default. For example, if the pointee is constructed within the // by default. For example, if the pointee is constructed within the
// constructor call, it's reasonable to say that no external object // constructor call, it's reasonable to say that no external object
// references it, and we wouldn't generate multiple report on the same // references it, and we wouldn't generate multiple report on the same
// pointee. // pointee.
// //
// - "IgnoreRecordsWithField" (string). If supplied, the checker will not // - "IgnoreRecordsWithField" (string). If supplied, the checker will not
// analyze structures that have a field with a name or type name that // analyze structures that have a field with a name or type name that
// matches the given pattern. Defaults to "". // matches the given pattern. Defaults to "".
// //
// `-analyzer-config \ // `-analyzer-config \
// alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"`. // cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"`.
// //
// - "IgnoreGuardedFields" (boolean). If set to true, the checker will analyze // - "IgnoreGuardedFields" (boolean). If set to true, the checker will analyze
// _syntactically_ whether the found uninitialized object is used without a // _syntactically_ whether the found uninitialized object is used without a
// preceding assert call. Defaults to false. // preceding assert call. Defaults to false.
// //
// `-analyzer-config \ // `-analyzer-config \
// alpha.cplusplus.UninitializedObject:IgnoreGuardedFields=true`. // cplusplus.UninitializedObject:IgnoreGuardedFields=true`.
// //
// Most of the following methods as well as the checker itself is defined in // Most of the following methods as well as the checker itself is defined in
// UninitializedObjectChecker.cpp. // UninitializedObjectChecker.cpp.
// //
// Some methods are implemented in UninitializedPointee.cpp, to reduce the // Some methods are implemented in UninitializedPointee.cpp, to reduce the
// complexity of the main checker file. // complexity of the main checker file.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
▲ Show 20 LinesShow All 293 LinesShow Last 20 Lines

test/Analysis/cxx-uninitialized-object-inheritance.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \ // RUN: -analyzer-config cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true \
// RUN: -std=c++11 -verify %s // RUN: -std=c++11 -verify %s
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Non-polymorphic inheritance tests // Non-polymorphic inheritance tests
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
class NonPolymorphicLeft1 { class NonPolymorphicLeft1 {
int x; int x;
▲ Show 20 LinesShow All 822 LinesShow Last 20 Lines

test/Analysis/cxx-uninitialized-object-no-dereference.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -std=c++11 -DPEDANTIC -verify %s // RUN: -std=c++11 -DPEDANTIC -verify %s
class UninitPointerTest { class UninitPointerTest {
int *ptr; // expected-note{{uninitialized pointer 'this->ptr'}} int *ptr; // expected-note{{uninitialized pointer 'this->ptr'}}
int dontGetFilteredByNonPedanticMode = 0; int dontGetFilteredByNonPedanticMode = 0;
public: public:
UninitPointerTest() {} // expected-warning{{1 uninitialized field}} UninitPointerTest() {} // expected-warning{{1 uninitialized field}}
Show All 18 Lines

test/Analysis/cxx-uninitialized-object-notes-as-warnings.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:NotesAsWarnings=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:NotesAsWarnings=true \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true \
// RUN: -std=c++11 -verify %s // RUN: -std=c++11 -verify %s
class NotesAsWarningsTest { class NotesAsWarningsTest {
int a; int a;
int b; int b;
int dontGetFilteredByNonPedanticMode = 0; int dontGetFilteredByNonPedanticMode = 0;
public: public:
NotesAsWarningsTest() {} // expected-warning{{uninitialized field 'this->a'}} NotesAsWarningsTest() {} // expected-warning{{uninitialized field 'this->a'}}
// expected-warning@-1{{uninitialized field 'this->b'}} // expected-warning@-1{{uninitialized field 'this->b'}}
}; };
void fNotesAsWarningsTest() { void fNotesAsWarningsTest() {
NotesAsWarningsTest(); NotesAsWarningsTest();
} }

test/Analysis/cxx-uninitialized-object-ptr-ref.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \ // RUN: -analyzer-config cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true \
// RUN: -std=c++11 -verify %s // RUN: -std=c++11 -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true \
// RUN: -std=c++11 -verify %s // RUN: -std=c++11 -verify %s
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Concrete location tests. // Concrete location tests.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
struct ConcreteIntLocTest { struct ConcreteIntLocTest {
int *ptr; int *ptr;
▲ Show 20 LinesShow All 893 LinesShow Last 20 Lines

test/Analysis/cxx-uninitialized-object-unguarded-access.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \ // RUN: -analyzer-config cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:IgnoreGuardedFields=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:IgnoreGuardedFields=true \
// RUN: -std=c++11 -verify %s // RUN: -std=c++11 -verify %s
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Helper functions for tests. // Helper functions for tests.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
[[noreturn]] void halt(); [[noreturn]] void halt();
▲ Show 20 LinesShow All 429 LinesShow Last 20 Lines

test/Analysis/cxx-uninitialized-object-unionlike-constructs.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \ // RUN: -analyzer-config cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind" \ // RUN: -analyzer-config cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind" \
// RUN: -std=c++11 -verify %s // RUN: -std=c++11 -verify %s
// expected-no-diagnostics // expected-no-diagnostics
// Both type and name contains "kind". // Both type and name contains "kind".
struct UnionLikeStruct1 { struct UnionLikeStruct1 {
enum Kind { enum Kind {
volume, volume,
▲ Show 20 LinesShow All 125 LinesShow Last 20 Lines

test/Analysis/cxx-uninitialized-object.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \ // RUN: -analyzer-config cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true \
// RUN: -std=c++14 -verify %s // RUN: -std=c++14 -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject \
// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \ // RUN: -analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true \
// RUN: -std=c++14 -verify %s // RUN: -std=c++14 -verify %s
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Default constructor test. // Default constructor test.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
class CompilerGeneratedConstructorTest { class CompilerGeneratedConstructorTest {
int a, b, c, d, e, f, g, h, i, j; int a, b, c, d, e, f, g, h, i, j;
▲ Show 20 LinesShow All 1,116 LinesShow Last 20 Lines

test/Analysis/objcpp-uninitialized-object.mm

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject -std=c++11 -fblocks -verify %s // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.UninitializedObject -std=c++11 -fblocks -verify %s
typedef void (^myBlock) (); typedef void (^myBlock) ();
struct StructWithBlock { struct StructWithBlock {
int a; int a;
myBlock z; // expected-note{{uninitialized field 'this->z'}} myBlock z; // expected-note{{uninitialized field 'this->z'}}
StructWithBlock() : a(0), z(^{}) {} StructWithBlock() : a(0), z(^{}) {}
Show All 23 Lines

www/analyzer/alpha_checks.html

Show First 20 LinesShow All 438 Lines▼ Show 20 Lines
void f() { void f() {
A a; A a;
A b = std::move(a); // note: 'a' became 'moved-from' here A b = std::move(a); // note: 'a' became 'moved-from' here
a.foo(); // warn: method call on a 'moved-from' object 'a' a.foo(); // warn: method call on a 'moved-from' object 'a'
} }
</pre></div></div></td></tr> </pre></div></div></td></tr>
<tr><td><a id="alpha.cplusplus.UninitializedObject"><div class="namedescr expandable"><span class="name">
alpha.cplusplus.UninitializedObject</span><span class="lang">
(C++)</span><div class="descr">
This checker reports uninitialized fields in objects created after a constructor
call. It doesn't only find direct uninitialized fields, but rather makes a deep
inspection of the object, analyzing all of it's fields subfields. <br>
The checker regards inherited fields as direct fields, so one will recieve
warnings for uninitialized inherited data members as well. <br>
<br>
It has several options:
<ul>
<li>
"<code>Pedantic</code>" (boolean). If its not set or is set to false, the
checker won't emit warnings for objects that don't have at least one
initialized field. This may be set with <br>
<code>-analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true</code>.
</li>
<li>
"<code>NotesAsWarnings</code>" (boolean). If set to true, the checker will
emit a warning for each uninitalized field, as opposed to emitting one
warning per constructor call, and listing the uninitialized fields that
belongs to it in notes. Defaults to false. <br>
<code>-analyzer-config alpha.cplusplus.UninitializedObject:NotesAsWarnings=true</code>.
</li>
<li>
"<code>CheckPointeeInitialization</code>" (boolean). If set to false, the
checker will not analyze the pointee of pointer/reference fields, and will
only check whether the object itself is initialized. Defaults to false. <br>
<code>-analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true</code>.
</li>
<li>
"<code>IgnoreRecordsWithField</code>" (string). If supplied, the checker
will not analyze structures that have a field with a name or type name that
matches the given pattern. Defaults to <code>""</code>.
<code>-analyzer-config alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"</code>.
</li>
</ul></div></div></a></td>
<td><div class="exampleContainer expandable">
<div class="example"><pre>
// With Pedantic and CheckPointeeInitialization set to true
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
// note: uninitialized field 'this->bptr->x'
int y; // note: uninitialized field 'this->b.y'
// note: uninitialized field 'this->bptr->y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr; // note: uninitialized pointee 'this->cptr'
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 6 uninitialized fields
// after the constructor call
}
</pre></div><div class="separator"></div>
<div class="example"><pre>
// With Pedantic set to false and
// CheckPointeeInitialization set to true
// (every field is uninitialized)
struct A {
struct B {
int x;
int y;
};
int *iptr;
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // no warning
}
</pre></div><div class="separator"></div>
<div class="example"><pre>
// With Pedantic and CheckPointeeInitialization set to false
// (pointees are regarded as initialized)
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
int y; // note: uninitialized field 'this->b.y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 3 uninitialized fields
// after the constructor call
}
</pre></div></div></td></tr>
</tbody></table> </tbody></table>
<!-- =========================== dead code alpha =========================== --> <!-- =========================== dead code alpha =========================== -->
<h3 id="deadcode_alpha_checkers">Dead Code Alpha Checkers</h3> <h3 id="deadcode_alpha_checkers">Dead Code Alpha Checkers</h3>
<table class="checkers"> <table class="checkers">
<colgroup><col class="namedescr"><col class="example"></colgroup> <colgroup><col class="namedescr"><col class="example"></colgroup>
<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
▲ Show 20 LinesShow All 612 LinesShow Last 20 Lines

www/analyzer/available_checks.html

Show First 20 LinesShow All 429 Lines▼ Show 20 Lines
delete</code>.</div></div></a></td> delete</code>.</div></div></a></td>
<td><div class="exampleContainer expandable"> <td><div class="exampleContainer expandable">
<div class="example"><pre> <div class="example"><pre>
void test() { void test() {
int *p = new int; int *p = new int;
} // warn } // warn
</pre></div></div></td></tr> </pre></div></div></td></tr>
<tr><td><a id="cplusplus.UninitializedObject"><div class="namedescr expandable"><span class="name">
cplusplus.UninitializedObject</span><span class="lang">
(C++)</span><div class="descr">
This checker reports uninitialized fields in objects created after a constructor
call. It doesn't only find direct uninitialized fields, but rather makes a deep
inspection of the object, analyzing all of it's fields subfields. <br>
The checker regards inherited fields as direct fields, so one will recieve
warnings for uninitialized inherited data members as well. <br>
<br>
It has several options:
<ul>
<li>
"<code>Pedantic</code>" (boolean). If its not set or is set to false, the
checker won't emit warnings for objects that don't have at least one
initialized field. This may be set with <br>
<code>-analyzer-config cplusplus.UninitializedObject:Pedantic=true</code>.
</li>
<li>
"<code>NotesAsWarnings</code>" (boolean). If set to true, the checker will
emit a warning for each uninitalized field, as opposed to emitting one
warning per constructor call, and listing the uninitialized fields that
belongs to it in notes. Defaults to false. <br>
<code>-analyzer-config cplusplus.UninitializedObject:NotesAsWarnings=true</code>.
</li>
<li>
"<code>CheckPointeeInitialization</code>" (boolean). If set to false, the
checker will not analyze the pointee of pointer/reference fields, and will
only check whether the object itself is initialized. Defaults to false. <br>
<code>-analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true</code>.
</li>
<li>
"<code>IgnoreRecordsWithField</code>" (string). If supplied, the checker
will not analyze structures that have a field with a name or type name that
matches the given pattern. Defaults to <code>""</code>.
<code>-analyzer-config cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"</code>.
</li>
</ul></div></div></a></td>
<td><div class="exampleContainer expandable">
<div class="example"><pre>
// With Pedantic and CheckPointeeInitialization set to true
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
// note: uninitialized field 'this->bptr->x'
int y; // note: uninitialized field 'this->b.y'
// note: uninitialized field 'this->bptr->y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr; // note: uninitialized pointee 'this->cptr'
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 6 uninitialized fields
// after the constructor call
}
</pre></div><div class="separator"></div>
<div class="example"><pre>
// With Pedantic set to false and
// CheckPointeeInitialization set to true
// (every field is uninitialized)
struct A {
struct B {
int x;
int y;
};
int *iptr;
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // no warning
}
</pre></div><div class="separator"></div>
<div class="example"><pre>
// With Pedantic and CheckPointeeInitialization set to false
// (pointees are regarded as initialized)
struct A {
struct B {
int x; // note: uninitialized field 'this->b.x'
int y; // note: uninitialized field 'this->b.y'
};
int *iptr; // note: uninitialized pointer 'this->iptr'
B b;
B *bptr;
char *cptr;
A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {}
};
void f() {
A::B b;
char c;
A a(&b, &c); // warning: 3 uninitialized fields
// after the constructor call
}
</pre></div></div></td></tr>
</tbody></table> </tbody></table>
<!-- =========================== dead code =========================== --> <!-- =========================== dead code =========================== -->
<h3 id="deadcode_checkers">Dead Code Checkers</h3> <h3 id="deadcode_checkers">Dead Code Checkers</h3>
<table class="checkers"> <table class="checkers">
<colgroup><col class="namedescr"><col class="example"></colgroup> <colgroup><col class="namedescr"><col class="example"></colgroup>
<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
▲ Show 20 LinesShow All 1,159 LinesShow Last 20 Lines