Skip to content

ValueFlow: Improve the starting point for uninitialized variables to find more uninitialized usages after many conditionals #4930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
firewave merged 3 commits into from
Apr 4, 2023
+75 −12
Merged

ValueFlow: Improve the starting point for uninitialized variables to find more uninitialized usages after many conditionals #4930

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cc30d13
ValueFlow: Improve the starting point for uninitialized variables
pfultz2 Apr 3, 2023
e10ce73
Move condition
pfultz2 Apr 3, 2023
86bdc79
Format
pfultz2 Apr 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 50 additions & 2 deletions lib/valueflow.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7692,6 +7692,52 @@ static void addToErrorPath(ValueFlow::Value& value, const ValueFlow::Value& from
});
}

static std::vector<Token*> findAllUsages(const Variable* var, Token* start)
{
std::vector<Token*> result;
const Scope* scope = var->scope();
if (!scope)
return result;
Token* tok2 = Token::findmatch(start, "%varid%", scope->bodyEnd, var->declarationId());
while (tok2) {
result.push_back(tok2);
tok2 = Token::findmatch(tok2->next(), "%varid%", scope->bodyEnd, var->declarationId());
}
return result;
}

static Token* findStartToken(const Variable* var, Token* start)
{
std::vector<Token*> uses = findAllUsages(var, start);
if (uses.empty())
return start;
Token* first = uses.front();
if (Token::findmatch(start, "goto|asm|setjmp|longjmp", first))
return start;
const Scope* scope = first->scope();
// If there is only one usage or the first usage is in the same scope
if (uses.size() == 1 || scope == var->scope())
return first->previous();
// If all uses are in the same scope
if (std::all_of(uses.begin() + 1, uses.end(), [&](const Token* tok) {
return tok->scope() == scope;
}))
return first->previous();
// Compute the outer scope
while (scope && scope->nestedIn != var->scope())
scope = scope->nestedIn;
if (!scope)
return start;
Token* tok = const_cast<Token*>(scope->bodyStart);
if (!tok)
return start;
if (Token::simpleMatch(tok->tokAt(-2), "} else {"))
tok = tok->linkAt(-2);
if (Token::simpleMatch(tok->previous(), ") {"))
return tok->linkAt(-1)->previous();
return tok;
}

static void valueFlowUninit(TokenList* tokenlist, SymbolDatabase* /*symbolDatabase*/, const Settings* settings)
{
for (Token *tok = tokenlist->front(); tok; tok = tok->next()) {
Expand All @@ -7718,6 +7764,8 @@ static void valueFlowUninit(TokenList* tokenlist, SymbolDatabase* /*symbolDataba

bool partial = false;

Token* start = findStartToken(var, tok->next());

std::map<Token*, ValueFlow::Value> partialReads;
if (const Scope* scope = var->typeScope()) {
if (Token::findsimplematch(scope->bodyStart, "union", scope->bodyEnd))
Expand All @@ -7733,7 +7781,7 @@ static void valueFlowUninit(TokenList* tokenlist, SymbolDatabase* /*symbolDataba
continue;
}
MemberExpressionAnalyzer analyzer(memVar.nameToken()->str(), tok, uninitValue, tokenlist, settings);
valueFlowGenericForward(tok->next(), tok->scope()->bodyEnd, analyzer, *settings);
valueFlowGenericForward(start, tok->scope()->bodyEnd, analyzer, *settings);

for (auto&& p : *analyzer.partialReads) {
Token* tok2 = p.first;
Expand Down Expand Up @@ -7763,7 +7811,7 @@ static void valueFlowUninit(TokenList* tokenlist, SymbolDatabase* /*symbolDataba
if (partial)
continue;

valueFlowForward(tok->next(), tok->scope()->bodyEnd, var->nameToken(), uninitValue, tokenlist, settings);
valueFlowForward(start, tok->scope()->bodyEnd, var->nameToken(), uninitValue, tokenlist, settings);
}
}

Expand Down
12 changes: 6 additions & 6 deletions test/testuninitvar.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3499,7 +3499,7 @@ class TestUninitVar : public TestFixture {
" }\n"
"}",
"test.cpp");
ASSERT_EQUALS("", errout.str());
TODO_ASSERT_EQUALS("", "[test.cpp:6]: (error) Uninitialized variable: i\n", errout.str());

valueFlowUninit("void f() {\n"
" int i, y;\n"
Expand All @@ -3510,7 +3510,7 @@ class TestUninitVar : public TestFixture {
" }\n"
"}",
"test.cpp");
ASSERT_EQUALS("", errout.str());
TODO_ASSERT_EQUALS("", "[test.cpp:6]: (error) Uninitialized variable: i\n", errout.str());

valueFlowUninit("void f() {\n"
" int i, y;\n"
Expand Down Expand Up @@ -3838,7 +3838,7 @@ class TestUninitVar : public TestFixture {
" if (y == 1) { return; }\n"
" return x;\n"
"}");
ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Uninitialized variable: x\n", errout.str());
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: x\n", errout.str());

valueFlowUninit("int f(int x) {\n"
" int ret;\n"
Expand Down Expand Up @@ -3871,15 +3871,15 @@ class TestUninitVar : public TestFixture {
" if (foo) break;\n"
" return x;\n"
"}");
ASSERT_EQUALS("[test.cpp:4] -> [test.cpp:5]: (error) Uninitialized variable: x\n", errout.str());
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: x\n", errout.str());

valueFlowUninit("int f() {\n"
" int x;\n"
" while (foo)\n"
" if (bar) break;\n"
" return x;\n"
"}");
ASSERT_EQUALS("[test.cpp:4] -> [test.cpp:5]: (error) Uninitialized variable: x\n", errout.str());
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: x\n", errout.str());

// try/catch : don't warn about exception variable
valueFlowUninit("void f() {\n"
Expand Down Expand Up @@ -6666,7 +6666,7 @@ class TestUninitVar : public TestFixture {
" struct AB ab;\n"
" while (x) { ab.a = ab.a + 1; }\n"
"}");
TODO_ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: ab.a\n", "", errout.str());
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: ab.a\n", errout.str());

valueFlowUninit("struct AB { int a; };\n"
"void f() {\n"
Expand Down
23 changes: 19 additions & 4 deletions test/testvalueflow.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ class TestValueFlow : public TestFixture {
TEST_CASE(valueFlowSymbolicStrlen);
TEST_CASE(valueFlowSmartPointer);
TEST_CASE(valueFlowImpossibleMinMax);
TEST_CASE(valueFlowImpossibleUnknownConstant);
}

static bool isNotTokValue(const ValueFlow::Value &val) {
Expand Down Expand Up @@ -5433,18 +5434,19 @@ class TestValueFlow : public TestFixture {
" return x;\n"
"}\n";
values = tokenValues(code, "x ; }", ValueFlow::Value::ValueType::UNINIT);
ASSERT_EQUALS(0, values.size());
ASSERT_EQUALS(1, values.size());
ASSERT_EQUALS(true, values.front().isUninitValue());

code = "void f() {\n"
code = "void f(int x) {\n"
" int i;\n"
" if (x) {\n"
" if (x > 0) {\n"
" int y = -ENOMEM;\n" // assume constant ENOMEM is nonzero since it's negated
" if (y != 0) return;\n"
" i++;\n"
" }\n"
"}\n";
values = tokenValues(code, "i ++", ValueFlow::Value::ValueType::UNINIT);
ASSERT_EQUALS(0, values.size());
TODO_ASSERT_EQUALS(0, 1, values.size());
}

void valueFlowConditionExpressions() {
Expand Down Expand Up @@ -7865,6 +7867,19 @@ class TestValueFlow : public TestFixture {
ASSERT_EQUALS(true, testValueOfXImpossible(code, 3U, "a", -1));
ASSERT_EQUALS(true, testValueOfXImpossible(code, 3U, -1));
}

void valueFlowImpossibleUnknownConstant()
{
const char* code;

code = "void f(bool b) {\n"
" if (b) {\n"
" int x = -ENOMEM;\n" // assume constant ENOMEM is nonzero since it's negated
" if (x != 0) return;\n"
" }\n"
"}\n";
ASSERT_EQUALS(true, testValueOfXImpossible(code, 4U, 0));
}
};

REGISTER_TEST(TestValueFlow)